Microsoft Attributes Mastra AI Supply Chain Attack to North Korea
North Korean threat actor Sapphire Sleet has been linked to a supply chain attack targeting Mastra, according to Microsoft security researchers
20 articles
North Korean threat actor Sapphire Sleet has been linked to a supply chain attack targeting Mastra, according to Microsoft security researchers
A suspicious file named “GST Debit Note Apr_26.com,” which triggered a deeper investigation and revealed a polished, multi-stage steganographic loader delive...
FortiBleed targeted 430,000+ FortiGate devices, harvesting 110M credentials and enabling breaches through large-scale credential theft.
A Kaspersky researcher analyzes a global malicious campaign that distributes VBS scripts via WhatsApp delivering a UEMS RMM agent through a multi-stage infec...
A database of over 86,000 confirmed working credentials was created during the credential-harvesting campaign. The post Fortinet Responds to FortiBleed Campa...
The NCSC has released guidance for Fortinet customers impacted by the FortiBleed threat campaign
Chinese state-linked cyber activity has moved decisively away from the neat, single-actor narratives that dominated early attribution toward an ecosystem mod...
A widespread npm supply‑chain compromise to Sapphire Sleet, a North Korean state actor, after the takeover of an npm maintainer account enabled the mass publ...
A previously undocumented Windows loader, tracked as OXLOADER, that combines sophisticated obfuscation and unconventional staging to evade static detection a...
A large-scale malware distribution campaign utilizing GitHub repositories has been uncovered. This coordinated effort weaponized over 10,000 repositories to ...
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Opti...
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
FortiBleed exposed a massive campaign that made billions of login attempts against Fortinet VPNs, compromising organizations worldwide. FortiBleed wasn’t a t...
Dutch law enforcement authorities, along with counterparts from Canada , Germany, and the U.S.
New York, USA, June 19th, 2026, CyberNewswire eFAQ has published a documented investigation into a coordinated reputation attack campaign aimed at influencin...
The U.S.
Operation EndGame disrupted SocGholish, taking down 106 servers and cleaning 14,971 WordPress sites used to spread fake-update malware.
An international operation targeted the SocGholish botnet, which has been linked to the Russia-based cybercrime group Evil Corp.
A cryptocurrency-stealing malware campaign used inflated GitHub activity, software reviews, YouTube tutorials and favorable VirusTotal comments to make malic...
The large-scale credential theft campaign hit roughly half of the internet-accessible Fortinet firewalls and VPNs. The post FortiBleed: 86,000 Fortinet Devic...