Axios Attack Shows How Complex Social Engineering Is Industrialized
The attack on the popular NPM package Axios is just one of many targeting maintainers and has shone a light on how threat actors can scale sophisticated social engineering campaigns.
AI-Assisted Supply Chain Attack Targets GitHub
PRT-scan is the second campaign in recent months where a threat actor appears to have leveraged AI for automated targeting of a widespread GitHub misconfiguration.
Threat Actors Get Crafty With Emojis to Escape Detection
When đ¤ means "bot available," 𧰠signifies "toolkit," or đ°đ°đ° translates to "big ransom," bad actors can evade filters and keep it all on the down-low.
Russia's 'Fancy Bear' APT Continues Its Global Onslaught
Victims don't need to match the cyber espionage group's technical sophistication, experts say. But patching and some form of zero trust are now non-negotiable.
Industrial Controllers Still Vulnerable As Conflicts Move to Cyber
The US government warns programmable logic controllers are being targeted, and research turns up 179 vulnerable operational technology (OT) devices.
APT41 Delivers 'Zero-Detection' Backdoor to Harvest Cloud Credentials
The prolific China-backed threat group is targeting AWS, Google, Azure, and Alibaba cloud environments and using typosquatting to obscure C2 communication.
War Game Exercise Demonstrates How Social Media Manipulation Works
In an educational game called "Capture the Narrative," students created bots to sway a fictional election, simulating influence in real-world political scenarios.
Two-Factor Authentication Breaks Free from the Desktop
Threat actors know how to bypass security systems outside of traditional IT environments. Implementing 2FA could provide a needed extra security barrier in the physical world.
Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign
The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn them into malicious infrastructure under their control as part of a cyber espionage
N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust
The North Korea-linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, Rust, and PHP ecosystems. "The threat actor's packages were designed to impersonate legitimate developer tooling [...], while quiet
Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region
An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa (MENA), according to findings from Access Now, Lookout, and SMEX
Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025
Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December 2025. The finding, detailed by EXPMON's Haifei Li, has been described as a highly-sophisticated PDF exploit. The artifact