TeamPCP supply chain attack hits LiteLLM PyPI package
Widely used open-source Python package LiteLLM has been targeted by the TeamPCP threat operation to facilitate extensive data compromise as part of its Trivy...
Campaigns
20 articles
Widespread cloud environment compromise facilitated by Trivy supply chain hack
More than 1,000 software-as-a-service environments were reported by Mandiant Consulting Chief Technology Officer Charles Carmakal to have already been compro...
Illicit npm packages leverage bogus install logs for covert malware infections
Infosecurity Magazine reports that multiple malicious npm packages with downloader capability have shown bogus installation logs to stealthily inject cryptoc...
Trojanized ConnectWise ScreenConnect installers deployed in tax-themed malvertising campaign
Intrusions weaponizing searches for illicit tax-related documents to spread trojanized ConnectWise ScreenConnect installers that facilitate a bring your own ...
Student arrested over ClayRat subscription scheme
An Android spyware operation known as ClayRat that briefly gained traction in Russia has imploded within months of its launch, undone by security blunders an...
GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data
Cybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft an...
Obfuscated VBS and PNG Loaders Power New Open Directory Malware Campaign with RAT Payloads
A sophisticated, multi-stage delivery framework leveraging obfuscated Visual Basic Script (VBS) files, fileless PowerShell loaders, and payloads hidden withi...
TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise
Python package LiteLLM compromised with credential-stealing malware linked to TeamPCP threat group
Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse
Cybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than 340 org...
SmartApeSG ClickFix Campaign Spreads Remcos, NetSupport RAT, StealC, Sectop RAT
A recent SmartApeSG campaign observed on March 24, 2026, highlights the growing sophistication of ClickFix-based attack chains, which deliver multiple remote...
TeamPCP Hits Trivy, Checkmarx, and LiteLLM in Credential Theft Campaign
Hackers compromised Trivy, Checkmarx, and LiteLLM in a supply chain attack, stealing cloud credentials, tokens, and crypto wallet data from developers.
Operation Henhouse Nets Over 500 Arrests in UK Fraud Crackdown
UK police trumpet success of Operation Henhouse as they seize and freeze over £27m in suspected fraud proceeds
AI-Driven ‘OpenClaw Trap’ Campaign Targets Developers and Gamers via Trojanized GitHub Repos
A large-scale malware operation abusing GitHub to deliver a custom LuaJIT-based trojan to developers, gamers, and everyday users through convincing but troja...
SmartApeSG campaign pushes Remcos RAT, NetSupport RAT, StealC, and Sectop RAT (ArechClient2), (Wed, Mar 25th)
Introduction
Threat Brief: Recruiting Scheme Impersonating Palo Alto Networks Talent Acquisition Team
Unit 42 identifies a recruitment phishing campaign targeting senior professionals via impersonation and fraudulent resume fees. The post Threat Brief: Recrui...
Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR
A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.
Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and i...
New Npm 'Ghost Campaign' Uses Fake Install Logs to Hide Malware
Ghost npm campaign fakes install logs to steal sudo passwords and drop RATs that loot crypto and data
Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials
Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activi...
New ‘StoatWaffle’ malware auto‑executes attacks on developers
A newly disclosed malware strain dubbed “StoatWaffle” is giving fresh teeth to the notorious, developer-targeting “Contagious Interview” threat campaign. Acc...