A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible… Read More »UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware
The North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a… Read More »Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks
Most identity programs still prioritize work the way they prioritize IT tickets: by volume, loudness, or “what failed a control check.” That approach breaks the moment your environment stops being… Read More »Identity Prioritization isn’t a Backlog Problem – It’s a Risk Math Problem
The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi Arabian entities. The attacks… Read More »UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors
Anthropic on Monday said it identified “industrial-scale campaigns” mounted by three artificial intelligence (AI) companies, DeepSeek, Moonshot AI, and MiniMax, to illegally extract Claude’s capabilities to improve their own models.… Read More »Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model
The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe. The activity, per S2 Grupo’s LAB52 threat… Read More »APT28 Targeted European Entities Using Webhook-Based Macro Malware
Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts. “Analysis of the… Read More »Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb
Security news rarely moves in a straight line. This week, it feels more like a series of sharp turns, some happening quietly in the background, others playing out in public… Read More »⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More
As more organizations run their own Large Language Models (LLMs), they are also deploying more internal services and Application Programming Interfaces (APIs) to support those models. Modern security risks are… Read More »How Exposed Endpoints Increase Risk Across LLM Infrastructure
Cybersecurity researchers have disclosed what they say is an active “Shai-Hulud-like” supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential… Read More »Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens