Threat

Over 3,000 YouTube Videos Used as Malware Traps in Massive Ghost Network Operation

A large, persistent malicious operation has been abusing YouTube to distribute malware, publishing more than 3,000 deceptive videos since 2021. Check Point researchers call it the YouTube Ghost Network, and the volume of these videos has tripled this year. Google has removed a majority of the offending videos, but the campaign highlights how attackers weaponize […]

Over 3,000 YouTube Videos Used as Malware Traps in Massive Ghost Network Operation Read More »

Self-Spreading GlassWorm Infects VS Code Extensions, Triggers Widespread Supply-Chain Attack

A fast-moving supply-chain worm, dubbed GlassWorm by Koi Security, has been found hiding inside multiple Visual Studio Code extensions on the Open VSX Registry and the Microsoft Extension Marketplace. The campaign highlights how developers, and their tooling, are now prime targets for large scale compromise, because extensions can auto-update and run code on developer machines.

Self-Spreading GlassWorm Infects VS Code Extensions, Triggers Widespread Supply-Chain Attack Read More »

North Korean Hackers Use Fake Job Offers to Lure Defense Engineers and Steal Drone Secrets

A persistent North Korean cyber campaign, known as Operation Dream Job, has resurfaced with a focused wave of attacks against European companies in the defense and aerospace sectors. ESET researchers Peter Kálnai and Alexis Rapin report the activity appears aimed at harvesting proprietary data and manufacturing know-how, especially tied to unmanned aerial vehicle, UAV, development.

North Korean Hackers Use Fake Job Offers to Lure Defense Engineers and Steal Drone Secrets Read More »

Jingle Thief Gang Exploits Cloud Infrastructure to Steal Millions in Gift Cards

Cybersecurity researchers have exposed a cybercriminal group, known as Jingle Thief, that targets cloud systems used by retailers and consumer service companies, to carry out large scale gift card fraud. The group focuses on stealing credentials through phishing and smishing, then uses those credentials to access cloud-based gift card issuance workflows, issue high value cards,

Jingle Thief Gang Exploits Cloud Infrastructure to Steal Millions in Gift Cards Read More »

CISA Confirms Active Exploitation of Critical Lanscope Endpoint Manager Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting Motex Lanscope Endpoint Manager to its Known Exploited Vulnerabilities (KEV) catalog. According to the agency, the flaw has been actively exploited in the wild, posing a significant risk to organizations using unpatched versions. Identified as CVE-2025-61932 and rated 9.3 (CVSS

CISA Confirms Active Exploitation of Critical Lanscope Endpoint Manager Vulnerability Read More »

Homoglyph Attack in Fake Nethereum NuGet Package Steals Crypto Wallet Keys

Cybersecurity researchers have revealed a new supply chain attack that targets the NuGet package manager using a malicious typosquat of Nethereum, a well-known Ethereum .NET integration library. The main goal of this attack is to steal crypto wallet keys from unsuspecting developers and users. Malicious Package Discovered The harmful package, named Netherеum.All, was discovered to

Homoglyph Attack in Fake Nethereum NuGet Package Steals Crypto Wallet Keys Read More »

Ukraine Aid Organizations Targeted via Fake Zoom Meetings and Malicious PDF Files

A recent spear-phishing operation, named PhantomCaptcha, has targeted organizations involved in Ukraine’s humanitarian and war relief efforts. Cybersecurity researchers reported that the campaign delivers a remote access trojan (RAT) using WebSocket connections for command-and-control (C2), posing a serious threat to international relief organizations. Scope of the Attack On October 8, 2025, individual members of the

Ukraine Aid Organizations Targeted via Fake Zoom Meetings and Malicious PDF Files Read More »

Iran-Linked MuddyWater Targets Over 100 Organizations in Global Espionage Campaign

Iranian-affiliated cyber group MuddyWater has launched a large-scale espionage campaign targeting more than 100 organizations, mainly across the Middle East and North Africa (MENA) region. The group has reportedly used a compromised email account to distribute a backdoor malware called Phoenix, aiming to infiltrate high-value targets and gather intelligence, according to a technical report by

Iran-Linked MuddyWater Targets Over 100 Organizations in Global Espionage Campaign Read More »

Chinese Threat Actors Exploit ToolShell SharePoint Flaw Shortly After Microsoft’s July Patch

Chinese-linked threat actors have quickly exploited the ToolShell security vulnerability in Microsoft SharePoint, targeting multiple organizations across the globe shortly after Microsoft patched the flaw in July 2025. This series of attacks highlights the speed and sophistication of threat actors in leveraging newly disclosed vulnerabilities for espionage and cybercrime. The initial breach affected a telecommunications

Chinese Threat Actors Exploit ToolShell SharePoint Flaw Shortly After Microsoft’s July Patch Read More »

Monolock Ransomware Reportedly Being Sold by Threat Actors on Dark Web Forums

Monolock ransomware has appeared for sale on underground forums, with operators advertising version 1.0 and offering stolen corporate credentials alongside the malware. First observed in late September, the campaign spreads through phishing messages that deliver malicious Microsoft Word documents, which, when opened, trigger an embedded macro to download the ransomware binary from a compromised host.

Monolock Ransomware Reportedly Being Sold by Threat Actors on Dark Web Forums Read More »