Stryker back online after cyberattack
BleepingComputer reports that major U.S.
Campaigns
20 articles
Malicious LNK files, GitHub leveraged in South Korea-targeted malware campaign
Infosecurity Magazine reports that Windows users across South Korea have been subjected to attacks involving illicit LNK files that trigger multi-stage compr...
Bogus installers facilitate RAT, cryptominer spread in long-running operation
Threat operation REF1695 has been harnessing counterfeit installers to facilitate multiple attack campaigns delivering remote access trojans and cryptocurren...
Threat actors impersonate CERT-UA, distribute AGEWHEEZE malware
The campaign targeted approximately 1 million users across various sectors, including government, healthcare, education, and finance.
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal ta...
North Korean Hackers Abuse GitHub to Spy on South Korean Firms
Researchers from FortiGuard Labs have uncovered a high-severity spying campaign targeting South Korean companies.
CrystalX RAT: new MaaS malware combines spyware, stealer, and remote access
CrystalX RAT, a new sophisticated MaaS malware, combines spyware, data theft, and remote access, allowing attackers to monitor victims. In March 2026, Kasper...
Highly evasive spear-phishing campaign targeting senior execs ‘neutralizes’ MFA
The campaign leverages a newly-discovered phishing kit called VENOM.
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orches...
Kimsuky Uses Malicious LNK Files to Drop Python Backdoor
Kimsuky is using multi-stage malicious LNK files to deploy a Python-based backdoor, adding new intermediate scripts while keeping the final payload logic lar...
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
Using automated scanning and the Nexus Listener collection framework, the hackers compromised over 750 systems. The post React2Shell Exploited in Large-Scale...
Trusted Platforms Exploited to Steal Philippine Banking Credentials
Hackers are increasingly exploiting trusted online platforms to launch sophisticated phishing campaigns targeting bank users in the Philippines. Despite ongo...
New Phishing Platform Used in Credential Theft Campaigns Against C-Suite Execs
A large-scale credential theft campaign targeting senior executives has been linked to a previously unknown automated phishing platform called Venom
APERION releases SmartFlow SDK for secure, on-prem AI governance without cloud reliance
APERION launched SmartFlow SDK, providing a secure, on-premises path for enterprises migrating away from compromised cloud-based AI gateways. The launch coin...
New Chinese cyberespionage campaigns strike Europe
Chinese state-sponsored threat operation TA416 has reemerged from a two-year hiatus to compromise European governments in a series of cyberespionage campaign...
Drift loses $280 million as hackers seize Security Council powers
The Drift Protocol lost at least $280 million after a threat actor took control of its Security Council administrative powers in a planned, sophisticated ope...
Drift loses $280 million North Korean hackers seize Security Council powers
The Drift Protocol lost at least $280 million after a threat actor took control of its Security Council administrative powers in a planned, sophisticated ope...
Threat actor abuse of AI accelerates from tool to cyberattack surface
Generative AI is upgrading cyberattacks, from 450% higher phishing click‑through rates to industrialized MFA bypass. The post Threat actor abuse of AI accele...
Threat actor UAC-0255 impersonate CERT-UA to spread AGEWHEEZE malware via phishing
Threat actors impersonated CERT-UA to send phishing emails with AGEWHEEZE malware, tricking victims into installing a fake “security tool.” A threat actor, t...
EvilTokens abuses Microsoft device code flow for account takeovers
A new phishing-as-a-service (PhaaS) campaign is abusing Microsoft’s device code authentication flow to gain unauthorized access to user accounts. Sekoia rese...