Microsoft has disclosed details of a new version of the ClickFix social engineering tactic in which the attackers trick unsuspecting users into running commands that carry out a Domain Name… Read More »Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging
Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense industrial base (DIB) sector, according to findings from… Read More »Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations
A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group (GTIG) described the hack group as possibly affiliated… Read More »Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs
A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns targeting the technology and financial services sectors, according to… Read More »UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors
Cybersecurity researchers have discovered a malicious Google Chrome extension that’s designed to steal data associated with Meta Business Suite and Facebook Business Manager. The extension, named CL Suite by @CLMasters… Read More »Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History
In December 2025, in response to the Sha1-Hulud incident, npm completed a major authentication overhaul intended to reduce supply-chain attacks. While the overhaul is a solid step forward, the changes… Read More »npm’s Update to Harden Their Supply Chain, and Points to Consider
Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products, according to watchTowr. “Overnight we observed first… Read More »Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability
Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked… Read More »Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems
Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various… Read More »Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support
Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead of flashy new exploits, many operations are built around quiet misuse of… Read More »ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories