Cofense adds AI-powered campaign detection to stop phishing attacks
Cofense has announced new advancements to its Phishing Defense Platform aimed at improving detection and response to AI-powered phishing attacks. The updates...
Campaigns
20 articles
FamousSparrow targets Azerbaijani energy sector in multi-wave espionage campaign
Chinese-linked FamousSparrow repeatedly targeted an Azerbaijani oil and gas company, reusing the same entry point in three intrusions from Dec 2025 to Feb 2026.
Seedworm APT Abuses Signed Binaries for DLL Sideloading
Seedworm also known as MuddyWater, Temp Zagros, and Static Kitten is widely attributed to Iran’s Ministry of Intelligence and Security (MOIS). An Iran-linked...
Iranian hackers targeted major South Korean electronics maker
The Iran-linked hacking group MuddyWater (a.k.
Operation SilentCanvas: Attackers use .jpeg files to deliver malware
Attackers are weaponizing .jpeg files to deliver PowerShell payloads, trojanize ScreenConnect, and establish persistence on target systems.
Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late Decem...
ClickFix Evolves Using Decade-Old Open-Source Python SOCKS5 Proxy
A newly observed ClickFix campaign is pushing beyond simple user-triggered infections, introducing a more persistent and stealthy intrusion chain using PySox...
GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data
Cybersecurity researchers are calling attention to a new campaign dubbed GemStuffer that has targeted the RubyGems repository with more than 150 gems that us...
Fake FinalShell and Xshell Sites Push Kong RAT Malware
Hackers are abusing fake download sites for popular tools like FinalShell and Xshell to deliver a new remote access trojan known as Kong RAT, in a highly sta...
‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack
The campaign hit major registries and hid behind legitimate-looking release signatures, showing how attackers can weaponize the software update process itsel...
Fake Claude Code Installer Targets Developers With Browser Credential Stealer
Researchers at Ontinue have discovered an undocumented malware campaign targeting developers with fake Claude Code installers to steal browser passwords and ...
Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware
CRPx0 is a complex, stealthy malware campaign that targets macOS and Windows systems, and appears to have Linux capabilities in development. The post Free On...
Operation HumanitarianBait Uses Fake Aid Documents to Deploy Python Spyware
Operation HumanitarianBait uses fake aid documents, GitHub-hosted payloads, and Python spyware to target Russian-speaking victims.
TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack
Over 400 malicious versions of 170 packages were published as part of the new Mini Shai-Hulud campaign. The post TanStack, Mistral AI, UiPath Hit in Fresh Su...
Fake TronLink Chrome Extension Steals Crypto Wallet Credentials
A newly uncovered phishing campaign is targeting TRON wallet users through a deceptive Chrome extension that mimics the popular TronLink wallet. The campaign...
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, ...
Checkmarx Jenkins AST Plugin Compromised in KICS Supply Chain Attack
Supply chain campaign has now extended to Checkmarx’s Jenkins ecosystem, with attackers pushing a malicious Checkmarx Jenkins AST plugin to the official Jenk...
Google removes 28 fraudulent apps from Play Store
Security researchers at ESET uncovered the malicious campaign, dubbed CallPhantom, which primarily targeted users in India, indicated by the preselected +91 ...
Python Infostealer Hides in GitHub Releases to Bypass Detection
A stealthy Python-based infostealer campaign that abuses GitHub Releases to host payloads and maintain long-term, low‑visibility access to victim systems. Th...
Fake Claude Campaign Uses PlugX-Style DLL Sideloading Chain
Hackers are abusing a fake Claude AI download site to deliver a PlugX‑style DLL sideloading chain that ultimately deploys a new Windows backdoor dubbed “Beag...