Tag: threat
-
Attackers accessed, downloaded code from Grafana Labs’ GitHub
A threat actor has managed to access Grafana Labs’ GitHub environment and download the company’s codebase, the open-source observability and data visualization … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/18/attackers-accessed-downloaded-code-from-grafana-labs-github/
-
Hackers Hide PureLogs Infostealer in PawsRunner Loader
Threat actors are increasingly hiding malware inside seemingly harmless files, and a new campaign shows just how effective this tactic has become. The attack begins with a phishing email carrying a TXZ archive attachment. Disguised as an urgent invoice, the file pressures victims into opening it quickly. Once extracted, the archive reveals a JavaScript file…
-
OtterCookie Malware Steals Dev Secrets, SSH Keys, Cloud Credentials, and Tokens
A newly analyzed malware strain, OtterCookie, is emerging as a serious threat to developers, quietly harvesting sensitive data from active workstations in real time. Unlike earlier assumptions, OtterCookie is not a variant of BeaverTail but a separate Node. js-based remote access trojan (RAT) with a different command-and-control design and a stronger focus on continuous surveillance.…
-
When ransomware hits, confidence doesn’t restore endpoints
Ransomware, supply chain vulnerabilities, insider threats, compliance failures, and software disruptions remain major concerns for security leaders, according to The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/18/absolute-security-cisos-ransomware-pressure-report/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 97
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter JDownloader site hacked to replace installers with Python RAT malware New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps Threat Actor Mr_Rot13 Actively Exploits CVE-2026-41940 for Backdoor Deployment Operation…
-
U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, threat, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-42897 (CVSS score of 8.1), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Microsoft warned that threat actors are…
-
SecurityScorecard Buys Driftnet for More Internet Visibility
Driftnet Acquisition Adds Real-Time Visibility Into Exposed Assets and AI Risks. SecurityScorecard acquired internet reconnaissance startup Driftnet to expand real-time visibility into hidden infrastructure, exposed assets and AI-driven third-party risks while strengthening threat hunting, attribution and internet-scale intelligence capabilities. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/securityscorecard-buys-driftnet-for-more-internet-visibility-a-31707
-
ISMG Editors: Should We Trust Ransomware Gangs?
Ransomware Payouts, AI-Driven Threats and Reshaping Payment Fraud. In this week’s panel, four ISMG editors discussed a ransomware case that once again raises questions about paying extortionists, why security leaders fear AI is accelerating attacks faster than humans can respond and how the rise of instant payments is reshaping fraud programs at banks. First seen…
-
Cisco zero-day under ongoing attack by persistent threat group
The threat group behind the attacks is also linked to a series of recently disclosed vulnerabilities in the vendor’s firewalls and SD-WAN systems. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisco-sd-wan-zero-day-exploited/
-
CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day
Microsoft warned that attackers are exploiting a new Exchange Server zero-day vulnerability, tracked as CVE-2026-42897, in the wild. Microsoft warned that threat actors are actively exploiting a new Exchange Server zero-day vulnerability tracked as CVE-2026-42897 (CVSS score 8.1). The vulnerability is an improper neutralization of input during web page generation (‘cross-site scripting’) in Microsoft Exchange…
-
Gremlin Stealer Evolves into Modular Threat with Advanced Evasion Capabilities
A new Gremlin stealer variant has evolved into a modular toolkit with advanced evasion and data theft capabilities, according to new Unit 42 research First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/gremlin-stealer-evolves-into/
-
Cybersecurity Insider Survey: AI Is Fueling a New Generation of Threat Actors
A recent survey shows cybersecurity professionals increasingly believe AI is making cybercriminals more capable and attacks more scalable. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/artificial-intelligence/cybersecurity-insider-survey-ai-is-fueling-a-new-generation-of-threat-actors/
-
Shai-Hulud Worm Steals Dev Secrets Across npm, GitHub, AWS Kubernetes
Tags: credentials, cyber, cybersecurity, github, intelligence, kubernetes, open-source, software, threat, wormShai-Hulud is a major cybersecurity threat targeting the open-source software supply chain. Security researchers are raising alarms over “Shai-Hulud,” a self-propagating npm worm designed to steal sensitive developer credentials from GitHub, AWS, Kubernetes, and local environments. The campaign, tracked by SlowMist’s MistEye threat intelligence platform, is already being described as one of the largest npm…
-
Hackers Exploit OAuth Device Flow to Steal Microsoft 365 Tokens
Hackers are rapidly weaponizing a little-known Microsoft authentication feature to hijack enterprise accounts, as device code phishing surges across the threat landscape. The spike in activity is closely tied to the public release of criminal toolkits and phishing-as-a-service (PhaaS) platforms, making the once obscure technique widely accessible. New kits are appearing almost weekly, many seemingly…
-
OrBit Rootkit Targets Linux to Steal SSH and Sudo Credentials
Hackers are continuing to abuse a stealthy Linux rootkit known as OrBit to harvest SSH and sudo credentials, with new research showing the threat has quietly evolved over four years while remaining active in the wild. First analyzed in 2022, OrBit was initially believed to be a custom-built Linux userland rootkit. It operates by hijacking…
-
What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface
In Your Biggest Security Risk Isn’t Malware, It’s What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild, the same trusted utilities your IT team uses every day are also the preferred toolkit of…
-
Ghostwriter group resumes attacks on Ukrainian Government targets
ESET uncovered new Ghostwriter (aka FrostyNeighbor) activity targeting Ukrainian government organizations in a campaign active since March 2026. ESET researchers published a new report documenting fresh activity attributed to the APT group FrostyNeighbor, aka Ghostwriter, active since at least March 2026, targeting Ukrainian governmental organizations. The campaign is similar to previous FrostyNeighbor’s campaigns. The threat…
-
Microsoft warns of Exchange zero-day flaw exploited in attacks
On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-exchange-zero-day-flaw-exploited-in-attacks/
-
Microsoft Warns HPE Operations Agent Abused in Malware-Free Attacks
Tags: attack, cyber, cyberattack, exploit, malware, microsoft, software, threat, tool, vulnerabilityMicrosoft has revealed a stealthy intrusion campaign where attackers bypassed traditional malware and exploits, instead abusing trusted enterprise tools to silently infiltrate networks. The technique highlights a growing shift in cyberattacks where adversaries rely on legitimate software and existing trust relationships to evade detection. Notably, no vulnerability in HPE OA was exploited. Instead, threat actors…
-
Google AI Threat Tracker: KI entwickelt erstmals Zero-Day-Exploit und skaliert Cyberangriffe weltweit
Laut GTIG ist dies der erste bekannte Fall, in dem Angreifer KI erfolgreich zur Entwicklung einer Zero-Day-Schwachstelle eingesetzt haben. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/google-ai-threat-tracker-ki-entwickelt-erstmals-zero-day-exploit-und-skaliert-cyberangriffe-weltweit/a45150/
-
Tycoon 2FA Operators Use OAuth Device Code Phishing to Bypass MFA
A new phishing campaign uncovered in late April 2026 shows how threat actors behind the Tycoon 2FA Phishing-as-a-Service (PhaaS) kit are evolving beyond traditional credential theft. This development comes just weeks after a global takedown effort led by Microsoft and Europol disrupted Tycoon 2FA infrastructure. Despite that operation, the actors have quickly adapted, reusing their…
-
China-Linked Hackers Deploy New TencShell Malware Against Global Manufacturer
A suspected China-linked threat actor targeted the Indian branch of a global manufacturer leveraging an open source offensive toolkit First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/china-hackers-tencshell-malware/
-
TeamPCP Hackers Exploit CI/CD Pipelines to Steal Cloud Credentials
A financially motivated threat group known as TeamPCP is aggressively targeting modern software supply chains, abusing trusted CI/CD pipelines to steal sensitive developer and cloud credentials at scale. TeamPCP’s core strategy is simple but highly effective: compromise trusted build and release workflows instead of end-user systems. By injecting malicious code into CI/CD pipelines, attackers leverage…
-
Mustang Panda Linked to New Modular FDMTP Backdoor
Researchers Say Nation-State Actors Are Evolving Persistence Techniques. An apparent Chinese nation-state hacking group gussied up its tooling with new modular functionality, say security researchers who observed a cyberespionage campaign affecting Asia-Pacific governments. The activity resembles attack patterns of the threat actor tracked as Mustang Panda First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/mustang-panda-linked-to-new-modular-fdmtp-backdoor-a-31696
-
SecurityScorecard Snags Driftnet to Level Up Threat Intelligence
The new acquisition looks to boost visibility into third-party ecosystems that are becoming a bigger concern as vectors for supply-chain attacks. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/securityscorecard-snags-driftnet-to-level-up-threat-intelligence

