Solana FakeFix Campaign Plants Malicious npm, PyPI Packages to Steal Dev Secrets
Recent disclosure of the “Solana FakeFix” campaign exposes a coordinated supply-chain attack that abused package registries to steal developer secrets.
20 articles
Recent disclosure of the “Solana FakeFix” campaign exposes a coordinated supply-chain attack that abused package registries to steal developer secrets.
Vietnam-aligned threat actor OceanLotus has been linked to two distinct campaigns targeting domestic entities and stock investors with a backdoor known as SP...
Federal prosecutors have charged a Russian national, Denis Nikolayevich Obrezko, with conspiracy to commit unauthorized computer access in connection with a ...
Denis Obrezko accused of orchestrating cyberattacks that compromised at least 11 U.S.
Group-IB, INTERPOL and Algerian Police dismantle decade-old SniperDZ phishing network used to steal credentials, with its alleged developer arrested.
Denis Obrezko, 36, made his initial appearance in federal court in Boston on Tuesday after being transferred to U.S.
Cybercriminals are using TikTok and Instagram Reels videos to spread Vidar, an infostealer malware, through fake downloads for popular paid software, accordi...
OceanLotus APT has executed a precision supply‑chain operation that implanted its SPECTRALVIPER backdoor into FireAnt MetaKit, a popular Vietnamese market‑da...
FortiGuard Labs analyzes a multi-stage malware campaign that uses fake AI-themed documents, hidden PowerShell scripts, AutoHotkey loaders, and process inject...
The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a...
A shift in operational pattern of the infamous Vietnam-aligned APT group
Making companies that store personal data in cloud key-value databases handle deletion requests by running the operation and confirming the job is complete. ...
The company says there’s little evidence it influenced any real policy discussion. The post OpenAI: ‘Likely’ Chinese influence operation tried to use ChatGPT...
A new Browser-in-the-Browser (BitB) phishing campaign is targeting Microsoft 365 users with fake login popups designed to closely mimic legitimate browser au...
An active cryptojacking campaign in which malicious download sites are surfaced not only through traditional search engine poisoning, but also through AI cha...
Britain has weakened proposed cybersecurity protections for its telecoms networks that were developed in response to the Salt Typhoon espionage campaign, aft...
A new Browser-in-the-Browser (BitB) phishing campaign is abusing fake OAuth login windows to steal Microsoft 365 credentials, and its design is polished enou...
A sustained phishing campaign that leverages developer recruitment and code-review lures to deliver cross‑platform malware via attacker-controlled GitHub rep...
The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Pyt...
WhatsApp has disrupted a new spyware campaign linked to the NSO Group, the controversial surveillance vendor behind Pegasus, while simultaneously seeking leg...