Collecting Cyber-News from over 60 sources

Tag: attack

Npm Supply Chain Malware Attack Targets Developers With Worm-Like Propagation

Apr 24, 2026 10:38 AM

Tags: attack, credentials, malicious, malware, supply-chain, worm

Malicious npm packages spread via worm-like propagation and steal developer credentials First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/npm-supply-chain-worm-canister/
Ransomware Gang Unveils Custom Data-Theft Tool

Apr 24, 2026 7:38 AM

Tags: attack, cyber, data, group, ransomware, theft, tool

Ransomware operators introduced a custom-built data exfiltration tool, signaling a notable evolution in attack techniques. Unlike most ransomware groups that rely on publicly available utilities such as Rclone or MegaSync, Trigona affiliates are now using a proprietary tool to steal sensitive data with greater precision and stealth. Trigona, active since late 2022, operates as a…
Hackers Impersonate IT Helpdesk Staff to Breach Firms via Microsoft Teams

Apr 24, 2026 7:38 AM

Tags: attack, breach, corporate, cyber, group, hacker, malware, microsoft, social-engineering, threat

A newly identified cyber threat group, UNC6692, is using a clever mix of social engineering and custom malware to infiltrate corporate networks. By impersonating IT helpdesk personnel on Microsoft Teams, these hackers trick employees into downloading a sophisticated malware suite that steals sensitive company data. The Social Engineering Trap The attack begins with an aggressive…
Runtime Analytics Cuts Millions of Alerts to What Matters

Apr 24, 2026 6:39 AM

Tags: attack, business, detection, exploit, software, tool, vulnerability

<div cla TL;DR Research from Contrast Security’s Software Under Siege 2025 report reveals that applications face an average of 81 viable attacks per month that reach actual vulnerabilities, while perimeter-based detection tools generate overwhelming alert volumes with minimal correlation to real-world exploits. Runtime analytics powered by the Contrast Graph detects attacks during code execution and…
Tropic Trooper APT Takes Aim at Home Routers, Japanese Targets

Apr 24, 2026 5:39 AM

Tags: apt, attack, china, cyber, router, threat, tool

The Chinese state-sponsored cyber threat is known for moving fast and trying odd attack vectors; now it’s branching out in tools, victimology, and TTPs. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/tropic-trooper-apt-takes-aim-home-routers-japanese-targets
Bitwarden CLI password manager trojanized in supply chain attack

Apr 24, 2026 1:38 AM

Tags: access, ai, api, attack, automation, cloud, control, credentials, data, github, group, malicious, network, password, software, supply-chain, theft, unauthorized

bw_setup.js that checks if the bun package manager is installed and then uses it to execute bw1.js. If bun doesn’t exist, it is downloaded and installed from GitHub.According to an analysis by security firm JFrog, the malicious payload is designed to detect and collect a board range of credentials and access tokens from the filesystem,…
China-Backed Hackers Are Industrializing Botnets

Apr 24, 2026 1:38 AM

Tags: attack, botnet, china, group, hacker, network, risk

China’s state-backed groups are now using covert networks of compromised devices to execute attacks in a low-cost, low-risk, and deniable way. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/china-hackers-industrializing-botnets
Vercel attack fallout expands to more customers and third-party systems

Apr 24, 2026 12:38 AM

Tags: attack

The company said it found more evidence of compromise across its customer base. Exposure, which has yet to be defined, poses significant downstream risk. First seen on cyberscoop.com Jump to article: cyberscoop.com/vercel-attack-fallout-expands/
Bitwarden CLI Compromise Linked to Ongoing Checkmarx Supply Chain Campaign

Apr 23, 2026 11:38 PM

Tags: attack, malicious, password, supply-chain, tool

A compromise of the popular Bitwarden password manager is linked to the ongoing Checkmarx supply chain campaign, with bad actor injecting malicious code in a version of its CLI. However, while there are some overlaps in such areas a tools that suggest TeamPCP was behind the attack, there are differences in operation that make attribution…
3 practical ways AI threat detection improves enterprise cyber resilience

Apr 23, 2026 11:38 PM

Tags: access, ai, attack, automation, backup, cloud, cyber, data, detection, dns, endpoint, exploit, framework, identity, login, malicious, network, radius, ransomware, resilience, risk, service, threat, tool, update, vpn, vulnerability, vulnerability-management

Legitimate admin activity and malicious behavior often look similar without contextHybrid environments generate fragmented telemetry that rule sets can’t correlateLean teams don’t have time to manually connect the dots across systemsPlatforms like Adlumin MDR apply behavioral models and automated triage to suppress low”‘value alerts and elevate incidents that actually matter. Fewer alerts, better context, and…
3 practical ways AI threat detection improves enterprise cyber resilience

Apr 23, 2026 11:38 PM

Tags: access, ai, attack, automation, backup, cloud, cyber, data, detection, dns, endpoint, exploit, framework, identity, login, malicious, network, radius, ransomware, resilience, risk, service, threat, tool, update, vpn, vulnerability, vulnerability-management

Legitimate admin activity and malicious behavior often look similar without contextHybrid environments generate fragmented telemetry that rule sets can’t correlateLean teams don’t have time to manually connect the dots across systemsPlatforms like Adlumin MDR apply behavioral models and automated triage to suppress low”‘value alerts and elevate incidents that actually matter. Fewer alerts, better context, and…
Chinese attackers are pwning your infrastructure to use in attacks, 10 countries warn

Apr 23, 2026 10:39 PM

Tags: attack, china, infrastructure

All the Typhoons, everywhere, all at once First seen on theregister.com Jump to article: www.theregister.com/2026/04/23/china_covert_networks/
Surveillance campaigns use commercial surveillance tools to exploit long-known telecom vulnerabilities

Apr 23, 2026 10:39 PM

Tags: attack, exploit, mobile, tool, vulnerability

Researchers said it’s the first-ever mapping of attack traffic to mobile operator signalling infrastructure. First seen on cyberscoop.com Jump to article: cyberscoop.com/surveillance-campaigns-use-commercial-surveillance-tools-to-exploit-long-known-telecom-vulnerabilities/
Five steps to become Mythos ready

Apr 23, 2026 9:39 PM

Tags: access, ai, attack, automation, breach, business, cloud, compliance, control, cvss, cyber, cybersecurity, data, defense, detection, exploit, flaw, framework, identity, incident response, infrastructure, LLM, mitre, network, office, open-source, openai, risk, software, threat, tool, training, update, vulnerability, zero-day

AI is uncovering vulnerabilities at a scale that will overwhelm legacy defenses. Here is how to build a security organization that is Mythos ready. Key takeaways While frontier AI models like Claude Mythos boost cyber defenses, they also empower attackers to discover and weaponize vulnerabilities at unprecedented machine speed. To avoid getting buried by an…
Five steps to become Mythos ready

Apr 23, 2026 9:39 PM

Tags: access, ai, attack, automation, breach, business, cloud, compliance, control, cvss, cyber, cybersecurity, data, defense, detection, exploit, flaw, framework, identity, incident response, infrastructure, LLM, mitre, network, office, open-source, openai, risk, software, threat, tool, training, update, vulnerability, zero-day

AI is uncovering vulnerabilities at a scale that will overwhelm legacy defenses. Here is how to build a security organization that is Mythos ready. Key takeaways While frontier AI models like Claude Mythos boost cyber defenses, they also empower attackers to discover and weaponize vulnerabilities at unprecedented machine speed. To avoid getting buried by an…
Checkmarx Supply Chain Attack Exploits Docker Images and CI/CD Pipelines

Apr 23, 2026 9:39 PM

Tags: attack, credentials, docker, exploit, malicious, supply-chain

A Checkmarx supply chain attack used malicious Docker images and extensions to steal credentials and spread through CI/CD pipelines. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/checkmarx-supply-chain-attack-exploits-docker-images-and-ci-cd-pipelines/
Checkmarx Supply Chain Attack Exploits Docker Images and CI/CD Pipelines

Apr 23, 2026 9:39 PM

Tags: attack, credentials, docker, exploit, malicious, supply-chain

A Checkmarx supply chain attack used malicious Docker images and extensions to steal credentials and spread through CI/CD pipelines. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/checkmarx-supply-chain-attack-exploits-docker-images-and-ci-cd-pipelines/
Trigona ransomware attacks use custom exfiltration tool to steal data

Apr 23, 2026 9:39 PM

Tags: attack, data, ransomware, tool

Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised environments faster and more efficiently. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/trigona-ransomware-attacks-use-custom-exfiltration-tool-to-steal-data/
Mythos Is a Wake-Up Call for DDoS Defense

Apr 23, 2026 8:39 PM

Tags: ai, attack, ddos, defense, finance, infrastructure, service, software

Will Anthropic’s Mythos, with its AI-powered identification of software and infrastructure weaknesses, upset the financial services industry by means of new, AI-developed attacks? Major bank leaders were called to an urgent meeting by Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell, over concerns that the latest AI model released by Anthropic (the developer..…
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths

Apr 23, 2026 8:39 PM

Tags: access, api, attack, authentication, automation, breach, control, credentials, crypto, data, data-breach, endpoint, exploit, intelligence, malicious, malware, open-source, pypi, risk, service, software, supply-chain, theft, threat, unauthorized, worm

<div cla TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer machines including tokens, API keys, and more. From there, the malware publishes additional compromised packages under hijacked credentials, abusing developer trust in open source ecosystems to spread. Impacted organizations should remove the malware immediately, examine…
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths

Apr 23, 2026 8:39 PM

Tags: access, api, attack, authentication, automation, breach, control, credentials, crypto, data, data-breach, endpoint, exploit, intelligence, malicious, malware, open-source, pypi, risk, service, software, supply-chain, theft, threat, unauthorized, worm

<div cla TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer machines including tokens, API keys, and more. From there, the malware publishes additional compromised packages under hijacked credentials, abusing developer trust in open source ecosystems to spread. Impacted organizations should remove the malware immediately, examine…
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths

Apr 23, 2026 8:39 PM

Tags: access, api, attack, authentication, automation, breach, control, credentials, crypto, data, data-breach, endpoint, exploit, intelligence, malicious, malware, open-source, pypi, risk, service, software, supply-chain, theft, threat, unauthorized, worm

<div cla TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer machines including tokens, API keys, and more. From there, the malware publishes additional compromised packages under hijacked credentials, abusing developer trust in open source ecosystems to spread. Impacted organizations should remove the malware immediately, examine…
The Guardian view on Anthropic’s Claude Mythos: when AI finds every flaw, who controls the internet? | Editorial

Apr 23, 2026 8:39 PM

Tags: access, ai, attack, business, computer, control, crime, cyber, cybersecurity, email, exploit, finance, flaw, hacker, Internet, risk, threat, vulnerability

Tech can scale cyber-attacks and defences alike, raising questions about private power, public risk and the future of a shared internetAnthropic announced its latest AI model, <a href=”https://www.theguardian.com/technology/2026/apr/08/anthropic-ai-cybersecurity-software”>Claude Mythos, this month but said it would not be released publicly, because it turns computers into crime scenes. The company claimed that it could find previously unknown…
Iran-nexus threat groups refine attacks against critical infrastructure

Apr 23, 2026 7:39 PM

Tags: attack, group, infrastructure, iran, threat

State-sponsored and hacktivist groups have shown greater determination to damage or disable energy, water and other key sectors. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/iran-nexus-threat-groups-refine-attacks-against-critical-infrastructure/818299/
What We Mean by Procedures (And Why Precision Matters)

Apr 23, 2026 5:39 PM

Tags: attack, detection, intelligence, strategy, threat

<div cla Why Terminology Confusion Still Undermines Modern Defense Cybersecurity discussions are filled with familiar language. Security teams talk about the latest threats and threat landscape, attack techniques and behavior, adversary tradecraft, and detection coverage. These terms appear constantly in threat intelligence reports, product documentation, and security strategy conversations. First seen on securityboulevard.com Jump to…
What We Mean by Procedures (And Why Precision Matters)

Apr 23, 2026 5:39 PM

Tags: attack, detection, intelligence, strategy, threat

<div cla Why Terminology Confusion Still Undermines Modern Defense Cybersecurity discussions are filled with familiar language. Security teams talk about the latest threats and threat landscape, attack techniques and behavior, adversary tradecraft, and detection coverage. These terms appear constantly in threat intelligence reports, product documentation, and security strategy conversations. First seen on securityboulevard.com Jump to…
With AI’s help, North Korean hackers stumbled into a near-undetectable attack

Apr 23, 2026 5:39 PM

Tags: ai, attack, exploit, hacker, hacking, malware, north-korea, phishing, social-engineering

For many years, state-sponsored hacking was defined by human expertise in finding security holes, writing malware and exploits, pulling off social engineering and phishing … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/23/hexagonalrodent-north-korean-hackers-targeting-developers/
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Apr 23, 2026 5:39 PM

Tags: application-security, attack, malicious, supply-chain

Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new findings from Socket.”The affected package version appears to be @bitwarden/cli@2026.4.0, and the malicious code was published in ‘bw1.js,’ a file included in the package contents,” the application security company said.”The attack appears to have leveraged…
Threat on the Horizon AI and Cybersecurity

Apr 23, 2026 4:39 PM

Tags: ai, attack, ceo, cybersecurity, threat

AI is changing cybersecurity on both sides of the equation. It is accelerating how attacks are executed while also strengthening how organizations detect and respond. In this month’s blog, SilverSky’s CEO shares how the organization is approaching AI-driven threats and what regulated organizations should be doing now to stay ahead. First seen on securityboulevard.com Jump…
Offer customers passkeys by default, UK’s NCSC tells enterprises

Apr 23, 2026 4:39 PM

Tags: attack, authentication, credentials, cyber, identity, login, mfa, passkey, password, phishing, risk, service, strategy, theft

How passkeys change the attack model: The NCSC added that passkeys reduce risk by removing reliance on shared secrets and binding authentication to the legitimate service.According to the agency, this prevents credential reuse and relay attacks, as authentication cannot be intercepted and reused by an attacker.Passkeys use cryptographic key pairs stored on a user’s device,…