Global Threats

Severity Medium Detail Cybersecurity researchers have identified a large-scale software supply chain attack targeting multiple Laravel-Lang PHP packages, enabling threat actors to distribute a sophisticated credential-stealing framework across Windows, Linux, and macOS environments. The compromise impacts several widely used Laravel ecosystem packages, including laravel-lang/lang, laravel-lang/http-statuses, laravel-lang/attributes, and laravel-lang/actions. Security researchers reported that attackers compromised the […]

Severity High Detail Threat actors are actively targeting unsupported F5 BIG-IP appliances to establish unauthorized SSH access into enterprise environments, using compromised edge infrastructure as an entry point for multi-stage intrusion campaigns. Microsoft Threat Intelligence disclosed an incident demonstrating how attackers leveraged a single vulnerable F5 BIG-IP device to compromise Linux systems, access internal applications, […]

Severity Medium Detail Russian state-sponsored and aligned threat groups are increasingly combining multiple intrusion techniques, including Remote Desktop Protocol (RDP), Virtual Private Networks (VPNs), supply chain compromise, and advanced social engineering methods to gain initial access into government, critical infrastructure, and commercial networks. This multi-vector approach enables attackers to evade traditional security controls, blend malicious […]

SeverityMedium Detail Cybersecurity researchers disclosed a Linux malware named Showboat, described as a modular post-exploitation framework. It is designed for compromised Linux systems and can perform remote shell access, file transfer, and SOCKS5 proxying. The campaign reportedly targeted a telecommunications provider in the Middle East, with activity traced back to at least mid-2022. The malware […]

SeverityMedium Detail GitHub has confirmed a security incident involving the compromise of a GitHub employee’s device through a malicious Visual Studio Code (VS Code) extension. The incident is believed to be linked to the threat actor group TeamPCP, which is associated with an ongoing supply chain campaign commonly referred to as “Mini Shai-Hulud.” As a […]

SeverityMedium Detail Cybersecurity researchers have identified new activity from a China-aligned threat actor known as Webworm, which has expanded its toolkit with two custom backdoors called EchoCreep and GraphWorm. These tools are designed to use legitimate cloud and collaboration platforms, Discord and Microsoft Graph API for command-and-control (C2) communication, helping the attackers blend into normal […]

SeverityMedium Detail Security researchers have identified a new information-stealing malware called VoidStealer, which is capable of bypassing Google Chrome’s App-Bound Encryption (ABE) protection to extract sensitive browser data such as session cookies and saved credentials. According to findings shared by security researchers at Kaspersky, VoidStealer targets Chromium-based browsers including Google Chrome, Microsoft Edge, Brave, Opera, […]

SeverityMedium Detail Security researchers have disclosed multiple critical vulnerabilities in the SEPPMail Secure E-Mail Gateway, an enterprise email security and encryption solution, that could allow attackers to achieve remote code execution (RCE) and access sensitive email traffic stored on the appliance. The flaws were identified by researchers from InfoGuard Labs, including Dario Weiss, Manuel Feifel, […]

SeverityMedium Detail Cybersecurity researchers have identified four newly discovered malicious npm packages that were used to distribute information-stealing malware, with one of them appearing to be a direct copy of the Shai-Hulud worm source code that had been shared by TeamPCP. The affected packages include: – According to analysis, the chalk-tempalte package contains a near-verbatim […]

SeverityMedium Detail A new Windows zero-day vulnerability named MiniPlasma has been disclosed, affecting the Windows Cloud Files Mini Filter Driver (cldflt.sys). The flaw exists within the HsmOsBlockPlaceholderAccess routine and allows attackers to escalate privileges from a normal user account to full SYSTEM-level access on fully patched Windows systems. The vulnerability was originally reported to Microsoft […]

Severity Medium Detail The phishing-as-a-service platform Tycoon2FA has evolved its tactics by adding support for device-code phishing attacks aimed at hijacking Microsoft 365 accounts. Despite a major law enforcement disruption earlier this year, the operation quickly rebuilt its infrastructure and resumed activity, now incorporating stronger obfuscation and anti-analysis protections. Researchers observed the phishing kit abusing […]

Severity Medium Detail The official website of JDownloader was reported compromised between May 6 and May 7, 2026, resulting in the distribution of malicious installers targeting Windows and Linux users. During the incident, threat actors gained unauthorized access to the project’s web infrastructure and modified download links hosted on the official website. The compromise specifically […]

Severity Medium Detail The Russia-linked threat group Turla has significantly upgraded its long-running Kazuar malware, transforming it from a traditional backdoor into a stealthy modular peer-to-peer (P2P) botnet designed for long-term espionage and persistence. Also tracked under names such as Secret Blizzard, Snake, and Venomous Bear, the group is associated with Russia’s Federal Security Service […]

Severity Medium Detail Threat actors are increasingly abusing the OAuth device authorization flow to compromise Microsoft 365 accounts through device code phishing attacks. The technique leverages legitimate Microsoft authentication workflows to trick users into authorizing attacker-controlled applications instead of directly stealing credentials. Once authorization is granted, attackers obtain authentication tokens that can be used to […]

Severity Medium Detail Security researchers uncovered a stealthy cyberattack where threat actors abused a legitimate enterprise management tool to stay hidden inside a company’s network for more than 100 days. Instead of deploying obvious malware, the attackers relied on trusted administrative software already approved within the environment, allowing them to move quietly across critical systems […]

Severity Critical Detail Security researchers have identified increased activity from The Gentlemen, a ransomware-as-a-service (RaaS) group that emerged in mid-2025 and quickly became one of the most active ransomware operations globally. The group reportedly published around 332 victims during the first five months of 2026. The Gentlemen operates through an affiliate-based model where partners carry […]

Severity Critical Detail Security researchers have identified a new evolution of the ClickFix attack technique where threat actors are combining social engineering with an old open-source Python SOCKS5 proxy tool called PySoxy. The attackers use this method to maintain long-term access to compromised systems while avoiding detection. ClickFix attacks typically trick users into manually running […]

Severity Medium Detail Researchers have identified a highly evasive malware campaign distributing the Vidar Infostealer, a credential-stealing malware family known for targeting passwords, browser cookies, cryptocurrency wallets, and system information. Originally derived from the Arkei stealer source code, Vidar continues to evolve through the use of multi-stage infection techniques, anti-analysis mechanisms, and legitimate platforms to […]

Severity Medium Detail Researchers have identified a new Brazilian banking trojan named TCLBANKER, tracked by Elastic Security Labs as REF3076. The malware targets 59 banking, fintech, and cryptocurrency platforms and is believed to be a major evolution of the Maverick malware family linked to the Water Saci threat cluster. TCLBANKER combines advanced anti-analysis techniques, credential […]

Severity Medium Detail Cybersecurity researchers have discovered a sophisticated Linux malware implant called Quasar Linux RAT (QLNX) that targets developers and DevOps environments. The malware is designed to steal sensitive credentials, maintain long-term persistence, and compromise software supply chains by accessing cloud services, package repositories, and CI/CD pipelines. How? QLNX focuses on harvesting credentials from […]

Severity High Detail A newly discovered malware framework called “PCPJack” is actively targeting cloud environments by scanning for exposed Docker, Kubernetes, Redis, MongoDB, and RayML services. Researchers identified the malware as a credential theft framework with worm-like propagation capabilities designed to spread across cloud infrastructure and steal sensitive credentials at scale. Unlike many cloud-focused malware […]

Severity Critical Detail A newly discovered Linux zero-day vulnerability called “Dirty Frag” allows local attackers to gain full root privileges on many major Linux distributions using a single command. The vulnerability was disclosed by Hyunwoo Kim, who also released a proof-of-concept (PoC) exploit demonstrating the attack. The flaw exists in the Linux kernel’s algif_aead cryptographic […]

Severity High Detail A fresh wave of malicious packages has been discovered targeting the NuGet ecosystem, one of the most widely used package registries in the .NET developer community. Five rogue packages were identified impersonating legitimate Chinese software libraries commonly used in enterprise environments. The malicious packages secretly deploy malware designed to steal browser credentials, […]

Severity High Detail Iranian state-sponsored threat actors linked to MuddyWater (also known as Seedworm) have been observed exploiting Microsoft Teams to conduct targeted credential theft and MFA bypass attacks while disguising their activity as a Chaos ransomware operation. Researchers discovered that the attackers used the Chaos ransomware brand as a false flag to hide espionage-focused […]

Severity High Detail A new attack technique has been identified that allows threat actors to bypass Microsoft Entra ID (Azure AD) Conditional Access policies, undermining one of the core security controls used to protect cloud environments. The technique leverages weaknesses in device registration and token validation processes to gain unauthorized access without requiring malware or […]

Severity Medium Detail Cerberus Anti-theft, an Android application available on Google Play, has been identified as stalkerware capable of enabling extensive surveillance and remote control of infected devices. Originally marketed as a security tool, the application provides near-total control over victim devices by abusing Android accessibility features and leveraging cloud-based infrastructure. This activity poses significant […]

Severity Medium Detail Threat actors are increasingly leveraging legitimate cloud infrastructure by utilizing Amazon Simple Email Service (Amazon SES) to distribute highly convincing phishing emails that evade traditional security controls. Unlike conventional phishing attacks, emails sent via Amazon SES include valid SPF, DKIM, and DMARC authentication headers, allowing them to pass standard email security checks […]

Severity Medium Detail A targeted social engineering attack against DigiCert’s support channel resulted in the compromise of internal systems and the unauthorized issuance of Extended Validation (EV) code signing certificates. The attacker delivered a malicious file disguised as a customer screenshot, allowing initial access to internal support systems. This enabled the misuse of legitimate certificate […]

SeverityMedium Detail A malicious npm package named “tanstack” has been discovered targeting developers by impersonating the legitimate TanStack ecosystem. By exploiting naming confusion with the official scoped packages (e.g., @tanstack), the attacker tricked users into installing a fake package disguised as a legitimate SDK. The package appeared professionally crafted, complete with realistic branding and documentation, […]

SeverityMedium Detail The China-linked threat group Silver Fox has been observed targeting organizations in India and Russia using a new malware strain called ABCDoor. The campaign primarily relies on tax-themed phishing emails impersonating official communications, particularly from India’s Income Tax Department. The attacks, which began in late 2025, impacted sectors such as industrial, consulting, retail, […]

SeverityMedium Detail The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Linux vulnerability, CVE-2026-31431, to its Known Exploited Vulnerabilities (KEV) catalog following evidence of active exploitation in the wild. The flaw, also known as Copy Fail, is a local privilege escalation (LPE) vulnerability affecting multiple Linux distributions. With a CVSS score of 7.8, […]

SeverityMedium Detail Cybersecurity researchers have identified two cybercrime groups, Cordial Spider and Snarky Spider, conducting rapid and high-impact extortion campaigns by operating almost entirely within SaaS environments. Active since at least October 2025, both groups focus on speed, stealth, and efficiency, leaving minimal forensic traces. Their operations rely heavily on social engineering and abuse of […]

SeverityMedium Detail Cybersecurity company Trellix confirmed that attackers gained unauthorized access to parts of its internal source code repositories. The exposure was limited to product development code and did not involve customer data, customer environments, or deployed software systems. The company stated that there is no evidence of source code modification, tampering, or exploitation, and […]

SeverityMedium Detail Cybersecurity researchers have disclosed a stealthy Python-based backdoor framework known as DEEP#DOOR, which is designed to establish persistent access and collect sensitive information from compromised systems. How? The intrusion begins with the execution of a malicious batch script (install_obf.bat), which is believed to be distributed through traditional methods such as phishing. Once executed, […]

SeverityMedium Detail A new software supply chain attack has been identified involving malicious Ruby gems and Go modules designed to compromise developers, CI/CD pipelines, and build environments. The campaign has been linked to a GitHub account named BufferZoneCorp, which distributed trojanized packages disguised as legitimate and widely used libraries. According to researchers from Socket, the […]

Severity Medium Detail Qilin ransomware group continues to rank among the most aggressive ransomware threats, with hundreds of attacks targeting critical sectors worldwide. Operating under a Ransomware-as-a-Service model, the group has steadily refined its tactics—most recently adopting a stealthy method of enumerating Remote Desktop Protocol activity to map networks and identify high-value targets without triggering […]

Severity Medium Detail A dangerous new phishing platform known as Phoenix phishing platform is rapidly expanding across the global threat landscape. Built on a Phishing-as-a-Service model, it enables even low-skilled attackers to launch large-scale SMS phishing (smishing) campaigns that impersonate trusted brands like banks, telecom providers, and delivery companies. How? The Phoenix platform operates as […]

Severity Medium Detail A newly identified ransomware strain, VECT 2.0, is raising serious concern across the cybersecurity community due to a critical design flaw that makes it far more destructive than typical ransomware. Instead of reliably encrypting files for ransom, it permanently corrupts any file larger than 128 KB, effectively turning the attack into irreversible […]

Severity Medium Detail A new Android banking malware known as KYCShadow has been identified targeting bank customers in India through a deceptive Know Your Customer (KYC) verification process. Distributed via WhatsApp, the campaign abuses users’ familiarity with mandatory banking compliance procedures to trick them into installing a malicious application that silently harvests sensitive financial data. […]

Severity Medium Detail A growing wave of phishing campaigns powered by Phishing-as-a-Service is targeting users worldwide through everyday messaging platforms. These operations, largely backed by Chinese-language services, enable cybercriminals to launch large-scale credential theft attacks using ready-made phishing kits. By leveraging trusted communication channels like iMessage and RCS, attackers are significantly increasing their success rates […]

Severity Medium Detail A newly identified spear-phishing campaign is targeting government personnel in Pakistan, specifically employees linked to the Punjab Safe Cities Authority (PSCA) and PPIC3. The attackers impersonate a trusted internal consultant and reference official initiatives like the “Safe Jail Project” to build credibility. This operation reflects a targeted and highly tailored approach, using […]

Severity Medium Detail A credential-stealing malware known as Vidar has emerged as one of the most active threats targeting corporate employees in early 2026. The campaign leverages fake software promoted through platforms like YouTube to trick users into installing malicious files, leading to widespread theft of credentials, browser data, and cryptocurrency wallet information. Its rapid […]

SeverityMedium Detail Home security company ADT has confirmed a data breach after the extortion group ShinyHunters threatened to leak stolen data. The breach was detected on April 20, 2026, when unauthorized access to customer and prospective customer data was identified. The company responded by terminating the intrusion and launching an internal investigation, which confirmed that […]

SeverityMedium Detail Cybersecurity researchers have identified a large-scale campaign involving 26 malicious applications, collectively named FakeWallet, distributed through the Apple App Store. These apps impersonate well-known cryptocurrency wallets to steal sensitive data such as recovery phrases and private keys. The campaign, uncovered by Kaspersky, has been active since at least late 2025 and primarily targets […]

SeverityMedium Detail Cybersecurity researchers have uncovered a previously unknown malware framework named fast16, believed to have been developed as early as 2005 years before the emergence of the infamous Stuxnet. The malware, discovered by SentinelOne, was designed to sabotage high-precision engineering and scientific software by subtly altering calculation results. Unlike traditional malware focused on data […]

SeverityMedium Detail A newly identified threat cluster known as UNC6692 is conducting sophisticated social engineering attacks by impersonating IT help desk staff through Microsoft Teams to compromise corporate systems. According to Mandiant, the attackers initiate campaigns by flooding a target’s inbox with spam emails, creating urgency and confusion. They then contact the victim via Teams, […]

SeverityMedium Detail Cybersecurity researchers have uncovered a new targeted campaign attributed to the China-linked threat group Tropic Trooper (APT23). The attack leverages a trojanized version of the legitimate SumatraPDF reader to deploy the AdaptixC2 Beacon, enabling persistent access and post-exploitation activities. The campaign primarily targets Chinese-speaking users, particularly in Taiwan, as well as individuals in […]

SeverityMedium Detail Cybersecurity researchers have uncovered a major supply chain attack targeting developer tools from Checkmarx, involving compromised Docker images and malicious Visual Studio Code extensions. Threat actors successfully tampered with the official “checkmarx/kics” Docker Hub repository by overwriting legitimate image tags such as v2.1.20 and alpine, and introducing a fake version (v2.1.21). These poisoned […]

SeverityMedium Detail Cybersecurity researchers have identified a previously unknown advanced persistent threat (APT) group named GopherWhisper, believed to be aligned with China, targeting Mongolian government institutions. According to findings by ESET, the group relies heavily on malware written in Go (Golang) and has infected at least 12 systems within a Mongolian government environment. The attackers […]

Severity Medium Detail A new variant of NGate malware has been identified targeting Android users through a trojanized NFC payment application. The campaign highlights a growing trend where attackers modify legitimate apps and potentially use AI-assisted techniques to enhance malware development, increasing the effectiveness and stealth of financial fraud operations. How? The attack begins with […]