According to JFrog, the packages “rollup-packages-polyfill-core” and “rollup-runtime-polyfill-core” mimic the legitimate “rollup-plugin-polyfill-node” project, down to the description, repository metadata, and
Category Added in a WPeMatico Campaign
Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer
“Armored Likho blends financially motivated campaigns targeting private individuals with targeted cyber espionage aimed at organizations,” Kaspersky said in a technical analysis published today. “
European Parliament Member Investigating Spyware Was Hacked With Pegasus
“Through forensic analysis of his device, we found that the attackers could have had
PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords
The stealer, discovered by Jamf Threat Labs, is distributed as a compiled AppleScript (.scpt) file impersonating Maccy, a legitimate open-source clipboard manager. It has been codenamed PamStealer owing to its ability to
Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices
Working with the FBI, Lumen, and others, Google’s Threat Intelligence Group (GTIG) said this week it had reduced the network’s pool of usable devices by millions.
Google identifies NetNut, also tracked as Popa, as a network spread across home
Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
“Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and Monitoring (RMM) tooling, credential access, and hands-on-keyboard procedures used for lateral
ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories
Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through.
This is not one big break. It is small permissions, weak checks, open systems, and normal tools doing things they were allowed to do. That same pattern runs
ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API
“In this campaign, the attackers focused their attention on corporate email communications hosted on Gmail, targeting access compromise via APIs,” Kaspersky said in a detailed report published this week. “
Identity Lifecycle Management Wasn’t Built for AI Agents
AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack
Its Threat Research Team calls the operator JADEPUFFER and says a large language model handled the whole job: breaking in, stealing credentials, moving deeper into the network, then encrypting and wiping a company’s production database.
Ransomware has always
