Fake AI tool websites used to steal developer data
The attack campaign employs SEO poisoning to elevate fake installation pages in search engine results, leading developers searching for AI tools like Google ...
Campaigns
20 articles
From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities
Microsoft exposes a cryptojacking campaign using SEO poisoning and ScreenConnect to target high-performance PCs, with malicious sites also surfaced through A...
MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries
The Iranian hacking group known as MuddyWater has been linked to a new campaign affecting at least nine organizations across nine countries on four continent...
GitHub Actions abused by Megalodon attack to slip malicious commits into 5,500 repos
A large-scale automated GitHub backdooring campaign was caught pushing thousands of malicious commits into public repositories while posing as routine CI/CD ...
Iranian APT Targets Aviation, Software Companies With Updated Tools
Nimbus Manticore has continued its operations during and after the US military campaign against Iran. The post Iranian APT Targets Aviation, Software Compani...
Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data
FortiGuard Labs analyzed a new phishing campaign that uses obfuscated JavaScript, PowerShell, process hollowing, and PureLogs to steal sensitive data
TrapDoor malware campaign puts developer workstations in CISO spotlight
A malicious package campaign across npm, PyPI, and Crates.io has put developer workstations back under scrutiny, after researchers said it targeted developer...
China-Linked Hackers Hit SEA Edge Routers With Custom Linux Implant
China-linked hackers are conducting a stealthy infrastructure-centric espionage campaign across Southeast Asia by compromising Linux-based edge routers with ...
Iran-Linked Hackers Target US Aviation with Phishing and SEO Poisoning Campaign
Iran's Nimbus Manticore pushes AI-built MiniFast backdoor via phishing and SEO poisoning
Nimbus Manticore Expanded Attacks With AI-Assisted Malware and Fake Zoom Installers
Nimbus Manticore accelerated cyberattacks during wartime, using AI-assisted malware, fake Zoom installers, and SEO poisoning. When the United States launched...
BTMOB: A stealthy RAT burrowing deep into Android devices
The malware pairs remote access capabilities with ready-made campaign tools, lowering the barrier for full device compromise
Lazarus APT unveils fileless remote access Trojan designed to evade detection
North Korea-linked Lazarus APT Group is using a stealthy memory-only RAT that leaves almost no forensic traces behind.
Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning
The Iranian state-sponsored threat actor known as Nimbus Manticore (aka Screening Serpens and UNC1549) has been attributed to a fresh campaign using lures im...
Malicious PDF LNK Files Deploy Cobalt Strike in Operation Dragon Whistle
A newly uncovered cyber campaign dubbed “Operation Dragon Whistle” is targeting China’s education sector with highly tailored spear-phishing attacks that dep...
Jailbroken Gemini AI Abused in Credential Theft and Crypto Wallet Heist
Jailbroken Gemini AI has been weaponised in a long-running campaign that combined political influence, credential theft, and a cryptocurrency wallet heist, a...
TeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)
TeamPCP now operates across three package ecosystems in parallel, it reached GitHub&#;x26;#;39;s own internal codebase, it trojanized an officially Microsoft...
TeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)
TeamPCP now operates across three package ecosystems in parallel, it reached GitHub&#;x26;#;39;s own internal codebase, it trojanized an officially Microsoft...
APT Group Patches termsrv.dll to Enable Multiple RDP Sessions
A sustained cyber espionage campaign attributed to the Cloud Atlas advanced persistent threat (APT) group has introduced a stealthy technique that modifies t...
Italian Authorities Dismantle CINEMAGOAL App Enabling Unauthorised Access to Streaming Platforms
Italian law enforcement agencies have dismantled a sophisticated piracy operation centered around the CINEMAGOAL application, which enabled unauthorized acce...
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware.