Category: Uncategorized

  • BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks

    BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks

    Germany’s Federal Criminal Police Office (aka BKA or the Bundeskriminalamt) has unmasked the real identity of the main threat actors associated with the now-defunct REvil (aka Sodinokibi) ransomware-as-a-service (RaaS) operation.
    The threat actor, who went by the alias UNKN, functioned as a representative of the group, advertising the ransomware in June 2019 on the XSS cybercrime forum. He 
  • $285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation

    $285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation

    Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted and meticulously planned social engineering operation undertaken by the Democratic People’s Republic of Korea (DPRK) that began in the fall of 2025.
    The Solana-based decentralized exchange described it as “an attack six months in the
  • 36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

    36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

    Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent implant.
    “Every package contains three files (package.json, index.js, postinstall.js), has no description, repository,
  • China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

    China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

    A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region.
    The campaign has been attributed to TA416, a cluster of activity that overlaps with DarkPeony, RedDelta, Red Lich, SmugX, UNC6384, and Vertigo Panda.
    “This TA416 activity included multiple
  • UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

    UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

    The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069.
    Maintainer Jason Saayman said the attackers tailored their social engineering efforts “specifically to me” by first approaching him under the guise of the founder of a
  • New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

    New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

    Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating systems.
    The malware has been found to conceal itself within seemingly benign apps, such as enterprise messengers and food delivery services, while
  • Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

    Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

    A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale.
    Cisco Talos has attributed the operation to a threat cluster it tracks as
  • Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

    Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

    Cisco has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated privileges.
    The vulnerability, tracked as CVE-2026-20093, carries a CVSS score of 9.8 out of a maximum of 10.0.
    “This
  • ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

    ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

    The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just a quick and honest look at the messy reality of keeping systems safe this week.
    Things are moving fast. The list includes researchers chaining small bugs together to create massive backdoors, old software flaws
  • Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

    Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

    A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November 2023.
    “Beyond cryptomining, the threat actor monetizes infections through CPA (Cost Per Action) fraud, directing victims to content locker pages under the guise of software registration,” Elastic