North Korean Hackers Blamed for Mastra NPM Supply Chain Attack
A malicious dependency the attackers added to over 140 Mastra packages fetches a payload targeting cryptocurrency extensions. The post North Korean Hackers B...
20 articles
A malicious dependency the attackers added to over 140 Mastra packages fetches a payload targeting cryptocurrency extensions. The post North Korean Hackers B...
In the ever-evolving landscape of digital commerce, safeguarding cardholder data is paramount. The Payment Card Industry Data Security Standard (PCI DSS) set...
In the fast-paced digital world of 2026, cyberattacks are no longer a matter of if, but when. The increasing sophistication of threats like ransomware, phish...
A customer compromised by a newly observed ransomware family we attribute to the Prinz Eugen group. The encryptor is a purpose-built Go binary that departs f...
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Opti...
The Gentlemen ransomware-as-a-service (RaaS) operation is actively developing and maintaining a suite of endpoint detection and response (EDR) killers that i...
Someone is pretending to be your bank, your government, or your local planning office. And according to the FTC, they're making billions doing it.
Nintendo America employee records were exposed via TinyPulse after Shadowbyt3 claimed theft of HR files, tax forms, bank data, and staff survey responses.
A cryptocurrency-stealing malware campaign used inflated GitHub activity, software reviews, YouTube tutorials and favorable VirusTotal comments to make malic...
Introduction The average enterprise security team has 40 or more security tools, giving a lot of visibility into internal telemetry and asset data. But often...
CryptoBandits uses a local SOCKS5 proxy for traffic routing, blending data theft with remote code execution. The post CryptoBandits Malware Doubles as a Back...
WideField will accelerate Agentic SOC capabilities by expanding the lens on threat investigation to include identity, credentials, sessions, and blast radius...
I detected an interesting phishing email this morning.
A novel Windows-based cryptocurrency clipper that has been active since February 2026 and leverages Windows Script Host (WScript) and ActiveXObject calls to ...
The Shadowbyt3$ threat group claimed responsibility for the incident, alleging the exfiltration of sensitive employee data, including bank statements and W-9...
USB .lnk malware steals crypto via clipboard hijack, replaces wallet addresses, steals seed phrases, and screenshots.
Threat actors targeting cryptocurrency wallets have been distributing clipboard-stealing malware with self-spreading capabilities and using the Tor network t...
A Rust crypto clipper hides behind fake GitHub stars and AI-narrated YouTube videos
Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign that has targeted users since February 2026. "The clipper in this campaign...
An independent PCI assessor tested Reflectiz against the new PCI DSS rules. Here is the verdict: See the full QSA assessment here → When a customer types the...