The Socket Threat Research Team has uncovered four malicious packages: three on the npm registry and one on the Python Package Index (PyPI), all designed as delivery mechanisms for surveillance mal...
Introduction PDFs are ubiquitous in today’s digital world. We trust them for important documents, contracts, and records. But what if the seemingly official PDF wasn’t what it appeared to be? The ...
A new policy brief from NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) warns that critical port infrastructure, responsible for 80 percent of global trade, is increasingly under att...
Introduction SEQRITE Labs APT-Team has recently found a campaign targeting the Russian Aerospace Industry. The campaign aims at employees of Voronezh Aircraft Production Association (VASO), a sign...
A long-running investigation led by the French Police and Paris Prosecutor, in close cooperation with their Ukrainian counterpart and Europol, has led to the arrest of the suspected administrator o...
Key Takeaways ThreatLabz observed targeted malware intrusions that employed social engineering tactics, leveraging the Dalai Lama’s 90th birthday through strategic web compromises to lure Tibetan c...
On July 3, 2025, at Milan Malpensa Airport, Italian police arrested Xu Zewei (徐泽伟), whom U.S. authorities allege to be a hacker contracted by the Chinese state. Following the news about Xu’s arrest...
During the first half of 2025, many ransomware groups have been actively opening new Dedicated Leak Sites (DLS). The following graph shows new ransomware DLS sites identified by AhnLab from Februar...
Source: Arctic Wolf Executive Summary The Arctic Wolf® Labs team has identified a new campaign by cyber-espionage group Dropping Elephant targeting Turkish defense contractors, specifically a manu...
Tridium’s Niagara Framework® is a leading software framework designed to connect, manage, and control diverse devices in building management, industrial automation, and smart infrastructure environ...
The security vulnerability in versions 3.2.0 and below of the Post SMTP plugin is associated with multiple Broken Access Control vulnerabilities in its REST API endpoints. These endpoints only val...
On June 13, 2025, Israel launched a sweeping pre-emptive operation targeting Iran’s military leadership, conventional military sites, air defenses, and nuclear infrastructure. The campaign was dubb...
NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2012-10020 WebMovementLLC - FoxyP...
Acreed, a new malware-as-a-service (MaaS) platform, appears to have taken the top spot in the infostealer ecosystem. We suspect this is due to the takedown of Lumma Stealer (LummaC2) in May 2025. I...
A threat actor claiming to have launched a new ransomware-as-a-service (RaaS) venture is leveraging AI chatbots in its negotiation panel to automate communication and apply psychological pressure o...
It seems that vulnerability research is becoming increasingly challenging every year, as frameworks and languages become more secure by default and vendors are more aware of the security risks that...
If you haven’t yet listened to RunSafe Security’s excellent podcast, EXPLOITED: THE CYBER TRUTH, here’s a great place to start. In this episode, Hiding Vulns Sinks All Ships, special guest Duncan ...
Executive summary Akamai researchers previously outlined the potential for malicious use of UI automation (UIA). Now, Akamai researchers have analyzed a new variant of the Coyote malware that is t...
Key Takeaways Clickfix abuses trust: The campaign bypasses malware downloads by using fake security prompts to trick users into running terminal commands. AppleScript payloads steal user data: The ...
Key takeaways Not long after its takedown in May, Lumma Stealer is back. From June to July, the number of targeted accounts began resurging. Now, the malware is distributed with more discreet chan...