First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure...
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1041 — Exfiltration Over C2 Channel (Exfiltration)
Clear filter74 articles found
Police take down VPN service (this time with a good reason)
European authorities have cracked down on a VPN that has been used for various criminal activities. The operation, led by investigators in France and the Net...
Fast and Furious – Nimbus Manticore Operations During the Iranian Conflict
Key Findings Introduction During the recent geopolitical tensions in the Middle East, we reported on multiple Iran-nexus threat actors advancing Iran’s strat...
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub reposit...
We hardened zizmor's GitHub Actions static analyzer
In March 2026, attackers exploited a pull_request_target misconfiguration in the aquasecurity/trivy-action GitHub Action to exfiltrate organization and repos...
Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack
Hackers accessed Grafana’s GitHub repositories after a token compromised in the TanStack attack was not rotated. The post Grafana Says Codebase and Other Dat...
Hackers Abuse Hugging Face to Deliver npm Malware
A newly uncovered supply chain attack targeting the npm ecosystem has been linked to North Korean (DPRK)-aligned threat actors. The campaign centers around a...
Global law enforcement operation takes First VPN offline
Police seized First VPN in a global crackdown, exposed its cybercrime users, and shut down infrastructure tied to ransomware and data theft. A major internat...
GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise
GitHub CISO Alexis Wales has named the malicious VS Code extension behind the breach they suffered at the hands of the threat group TeamPCP: Nx Console, a po...
Police seize “First VPN” service used in ransomware, data theft attacks
A virtual private network service called 'First VPN,' used in ransomware and data theft attacks, has been taken offline in a joint international law enforcem...
Claude Code Sandbox Flaw May Compromise User Secrets
A newly disclosed security flaw in Anthropic’s Claude Code platform has exposed a critical weakness in its network sandbox, potentially allowing attackers to...
GitHub admits major source code leak after 3,800 internal repositories breached
Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers exfiltrated code from around 3,800 of the...
GitHub says internal repositories were taken in poisoned VS Code extension attack
GitHub said late Tuesday that internal repositories were exfiltrated after an employee device was compromised through a poisoned Visual Studio Code extension...
Anthropic Silently Patches Claude Code Sandbox Bypass
The researcher who found it says the vulnerability could have been chained with a prompt injection to exfiltrate data. The post Anthropic Silently Patches Cl...
Gremlin Stealer Hides C2 and Exfiltration Paths in Encrypted Resources
A newly identified variant of the Gremlin stealer malware is leveraging advanced obfuscation techniques to conceal its command-and-control (C2) infrastructur...
TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension
Following TeamPCP’s claim that they’ve breached GitHub’s own private code repositories, the Microsoft-owned company launched an investigation and confirmed t...
A malicious VS code extension just breached GitHub ‘s internal repositories
One employee installed a trojanized VS Code extension. Result: ~3,800 GitHub internal repositories exfiltrated.
Microsoft Self-Service Password Reset abused in Azure data theft attacks
A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate applications and administration fe...
macOS Malware Abuses Fake Google Update for Persistence
A newly observed variant of the SHub macOS infostealer, dubbed “Reaper,” is expanding its capabilities with stealthier delivery, enhanced data theft, and a p...
Hackers Exploit Entra ID Accounts to Steal Microsoft 365, Azure Data
Hackers Abuse Microsoft Entra ID Accounts to Exfiltrate Microsoft 365 and Azure Data. A highly sophisticated cyberattack campaign carried out by a threat act...