Category Added in a WPeMatico Campaign
Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack
“The latest activity includes malicious npm releases affecting LeoPlatform and RStreams packages, GitHub Actions workflow abuse, and a related Go
Microsoft Warns of Photo ZIP Phishing Campaign Targeting Hotels with Node.js Implant
The company has not attributed the activity to a known threat actor, and the operators’ end goal is still unclear.
The lure plays to how hotels work.
Russia Used Cellebrite on Jailed Activist’s iPhone Months After Sales Cutoff
The finding, published June 25 by the Citizen Lab, rests on two things that rarely line up: traces on the phone itself and an official Russian
Google Details Turla’s New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks
Describing the Windows backdoor as continually developed by the hacking group, Google Threat Intelligence Group (
Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability
According to Island, the extension, named Adblock for YouTube (ID: cmedhionkhpnakcndndgjdbohmhepckk), has more than 10 million installs and carries a Featured badge on the Chrome Web Store.
The extension description states that it allows users to prevent web
ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories
This week has the usual smell of prod on fire and nobody wanting to admit who left the door open — old creds still working, trusted apps doing sketchy crap, browser tricks jumping the fence, and “normal” workflows turning into phishing pipes because apparently email was not enough hell already.
The worst part is how cheap some of it feels. Not elite. Not cinematic.
Surviving the Mythos Era: Richard Bejtlich on the Case for NDR
Answering these questions requires teams to go beyond alerts, the most common basis for initial triage. But investigations (and their outcomes)
New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis
The malware has been codenamed Gaslight owing to this deceptive behavior. It’s been assessed with high confidence that the tool is
New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns
According to Symantec and Carbon Black’s Threat Hunter Team, the backdoor, also tracked as MLTBackdoor, is said to be linked to an initial access broker (IAB) named
