Socket’s Threat Research Team uncovered a supply chain attack on the Python Package Index (PyPI), orchestrated by a threat actor using the alias cappership. The threat actor embedded a covert key‑s...

Netcraft has observed a resurgence of the Chinese-language Haozi Phishing-as-a-Service (PhaaS) group, which markets itself with a cartoon mouse mascot and a heavy emphasis on ease-of-use and suppor...

Scattered Spider, also known as 0ktapus, Starfraud, UNC3944, Scatter Swine, Octo Tempest, and Muddled Libra, is a financially motivated cybercriminal group active since at least mid-2022. They prim...

This analysis is part of an incident investigation led by the FortiGuard Incident Response Team. We discovered malware that had been running on a compromised machine for several weeks. The threat ...

Cisco Talos has discovered new threats, including the ransomware CyberLock, Lucky_Gh0$t, and a newly-discovered malware we call “Numero,” all of which masquerade as legitimate AI tool installers. ...

Zanubis is a banking Trojan for Android that emerged in mid-2022. Since its inception, it has targeted banks and financial entities in Peru, before expanding its objectives to virtual cards and cry...

The Entra Access Flaw Hiding in Plain Sight Inviting external guest users is a common and useful practice for collaboration with external partners. These guest accounts are typically assigned limi...

Executive Summary On May 7, 2025, during the active military escalation between Pakistan and India—specifically in the context of India’s military campaign ‘Operation Sindoor’—, EclecticIQ analyst...

University College London Hospitals NHS Foundation Trust and University Hospital Southampton NHS Foundation Trust have been named as those exposed via a recently discovered exploit. NHS England to...

Google Threat Intelligence Group’s (GTIG) mission is to protect Google’s billions of users and Google’s multitude of products and services. In late October 2024, GTIG discovered an exploited govern...

Introduction Once upon a time, in the land of the CMS honeypot, a curious threat named Mimo crept silently through the digital woods. Unlike your typical fairytale villain, Mimo didn’t leave glass ...

Since November 2024, Mandiant Threat Defense has been investigating an UNC6032 campaign that weaponizes the interest around AI tools, particularly those that generate videos based on user prompts. ...

Microsoft Threat Intelligence Center has discovered a cluster of worldwide cloud abuse activity conducted by a threat actor we track as Void Blizzard (LAUNDRY BEAR), who we assess with high confide...

In March 2025, BI.ZONE Threat Intelligence uncovered two new campaigns by Silent Werewolf. The first one focused on Russian organizations exclusively while the second targeted both Moldovan and, pr...

MathWorks, a leading developer of mathematical computing and simulation software, has revealed that a recent ransomware attack is behind an ongoing service outage.\n\nHeadquartered in Natick, Massa...

Threat hunters have exposed a novel campaign that makes use of search engine optimization (SEO) poisoning techniques to target employee mobile devices and facilitate payroll fraud. The activity, f...

Trend Research has identified Earth Lamia as an APT threat actor that exploits vulnerabilities in web applications to gain access to organizations, using various techniques for data exfiltration.\n...

Sophos MDR recently responded to a targeted attack involving a Managed Service Provider (MSP). In this incident, a threat actor gained access to the MSP’s remote monitoring and management (RMM) too...

In recent months, there has been a significant surge in crypto and investment scams exploiting the Tesla brand, particularly targeting cryptocurrency enthusiasts and investors. Scammers are capita...

Key Takeaways 251 malicious IPs, all hosted by Amazon and geolocated in Japan, launched a coordinated one-day scan on May 8. These IPs triggered 75 distinct behaviors, including CVE exploits, mis...