High-value crypto asset theft sought by novel notnullOSX macOS malware
Attacks with the nascent notnullOSX malware for macOS have been targeting cryptocurrency wallets containing over $10,000 in Taiwan, Vietnam, and Spain as par...
Campaigns
20 articles
Global crypto scam disrupted, $12 million recovered in Operation Atlantic
The week-long initiative, named Operation Atlantic, was a joint effort involving the US Secret Service, the UK National Crime Agency, and Canadian police for...
‘It reads like a spy novel’: $280 million theft from Drift involved North Korean fake companies, cutouts
Drift officials said the operation began six months ago, when they were approached at a cryptocurrency conference by members of a company claiming to focus o...
GraphAlgo Scam: Lazarus Hackers Register Real US LLCs to Spread Malware
ReversingLabs has discovered a fresh wave of the graphalgo campaign in which North Korean Lazarus hackers are using fake Florida LLCs, mimicking SWFT Blockch...
Storm-2755 Uses AiTM Hijacking to Divert Employee Salaries
Hackers are abusing adversary-in-the-middle (AiTM) session hijacking to steal employee salaries in a new “payroll pirate” campaign tracked by Microsoft as St...
ClickFix campaign delivers Mac malware via fake Apple page
Security researchers at Jamf have uncovered a new ClickFix-style attack targeting Mac users via a fake Apple-themed webpage offering instructions on how to “...
GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs
Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily...
Linux Foundation leader impersonated in Slack phishing campaign
The campaign targets open-source developers to steal credentials and deploy malware.
Microsoft: Canadian employees targeted in payroll pirate attacks
A financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees' salary payments after hijacking their accounts in payroll pirate a...
Poisoned “Office 365” search results lead to stolen paychecks
A financially motivated hacking group is targeting Canadian employees with a sophisticated campaign designed to covertly redirect their salary payments into ...
Iranian APT alert: 5,219 Rockwell PLCs exposed online
Censys has warned that more than 5,000 Rockwell Automation/Allen-Bradley PLCs are currently exposed to the internet as Iranian-affiliated APT actors actively...
Middle East Espionage Attack Uses Fake Secure Messaging Apps to Deliver ProSpy
Hackers are impersonating popular secure messaging apps to deploy a sophisticated Android spyware tool called ProSpy against journalists, activists, and poli...
GlassWorm Trojan Hits VS Code, Cursor, Windsurf via OpenVSX Extension
A newly discovered supply chain attack is spreading the GlassWorm malware across multiple developer environments by abusing the OpenVSX extension marketplace...
Iranian attacks on US critical infrastructure puts 3,900 devices in crosshairs
Censys researchers warned that thousands of devices are exposed to the Iranian government’s campaign targeting energy, water, and U.S.
Contagious Interview campaign expands further
Over a dozen new malicious packages have been published across the npm, PyPI, Go Modules, crates.io, and Packagist ecosystems to facilitate malware compromis...
Hack-for-hire group targets MENA journalists and officials
Security researchers from Access Now and Lookout have detailed a sophisticated espionage campaign that began in 2023 and continued through 2025.
Inside the FBI’s router takedown that cut off APT28’s ‘tremendous access’
FBI cyber chief Brett Leatherman told CyberScoop the Russian GRU campaign was unique in how it could propagate from routers to beyond. The post Inside the FB...
Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees
Microsoft Incident Response – Detection and Response Team (DART) researchers observed an emerging, financially motivated threat actor, tracked as Storm-2755,...
Attackers Deploy Hidden Magecart Skimmer on Magento Using SVG onload Abuse
Security researchers at Sansec uncovered a large-scale Magecart campaign targeting Magento e-commerce platforms. Nearly 100 online stores were infected with ...
New Phishing Campaign Exploits Google Storage to Deliver Remcos RAT
A recently observed phishing campaign is abusing Google Cloud Storage to deliver the Remcos remote access trojan (RAT), relying on trusted Google infrastruct...