Microsoft attributes Mastra AI npm supply chain attack to North Korean hacking group Sapphire Sleet
A large npm supply chain compromise affecting over 140 Mastra AI packages has been linked to the North Korean threat group Sapphire Sleet, which deployed malware to steal credentials and cryptocurrency assets.
The Latest
Prinz Eugen ransomware targets fresh files first and skips ransom notes in stealthy new campaign
A new ransomware strain dubbed Prinz Eugen is prioritizing recently modified files for encryption while avoiding ransom notes entirely, signaling…
Gravity SMTP WordPress flaw actively exploited to leak API keys and site data
Attackers are exploiting a medium-severity Gravity SMTP plugin vulnerability to extract sensitive configuration data, including API keys and OAuth tokens,…
INTERPOL reports sharp surge in cybercrime across Asia-Pacific driven by AI scams and ransomware
The world's largest international police organization warns of a dramatic rise in phishing, ransomware, and AI-enabled scams across Asia and…
Microsoft patches AutoGen Studio flaw that could allow arbitrary code execution
A vulnerability chain dubbed “AutoJack” in Microsoft’s AutoGen Studio AI agent prototyping interface could allow attackers to trick an agent…
Fake Node.js Ads Push New OXLOADER Malware to Deploy CastleStealer
A new malvertising campaign uses fake Google ads and a stealthy loader called OXLOADER to quietly deliver CastleStealer through heavily…
4,300 Legacy Routers Ensnared by AryStinger Malware in Expanding Proxy Network
AryStinger malware has infected more than 4,300 legacy routers, transforming outdated networking devices into a stealthy reconnaissance and proxy network…
Canada’s spy agency uses novel warrant authority to remotely remove botnet infections from compromised devices
Canada’s spy agency obtained a rare court warrant to remotely disable foreign-run botnets by cleaning infected routers, servers, and IoT…
Google sets Sept. 30 deadline for Android developer verification rollout in four countries
Google will begin enforcing Android developer identity verification on September 30, 2026 in four countries, blocking installation of unverified apps…
`Squidbleed` 29-year-old Squid Proxy bug can leak cleartext HTTP requests
A nearly 30-year-old vulnerability in the Squid web proxy, dubbed “Squidbleed” (CVE-2026-47729), can leak fragments of other users’ cleartext HTTP…
Researchers uncover DifyTap vulnerabilities in Dify that could expose cross-tenant AI chat data
Researchers disclosed “DifyTap,” a set of Dify vulnerabilities that could let attackers bypass tenant isolation and secretly access private AI chat data, files, and model outputs across different user environments.
Supply Chain Attack Backdoors ShapedPlugin WordPress Pro Plugins
A supply chain attack on ShapedPlugin’s WordPress Pro plugins injected backdoors into official updates, enabling credential theft, persistence, and full…
FortiBleed campaign leveraged custom FortiGate sniffing tool to harvest credentials
A large-scale FortiGate attack campaign used a custom sniffer to abuse built-in firewall diagnostics and harvest credentials and authentication data…
FFmpeg patches PixelSmash vulnerability in widely used video decoder
A high-severity FFmpeg vulnerability in the MagicYUV decoder (CVE-2026-8461) can be triggered via crafted video files to cause denial of…
Spotlight
MEV Bot ‘JaredFromSubway’ Targeted in $15 Million Crypto Heist
An attacker tricked an Ethereum MEV bot into approving malicious contracts by spoofing profitable trading opportunities, ultimately draining about $15 million in crypto assets through accumulated token allowances.
Fake Business Documents in WhatsApp Attack Lead to PC Infections
A global WhatsApp phishing campaign is using fake business documents and compromised accounts to trick users into installing remote-access malware on Windows PCs.
State Surveillance Expands Through AI and Biometric Tracking Across 31 High Risk Nations
A new analysis of 193 countries finds that government digital surveillance poses high risk in 31 nations, with commercial spyware and AI tools accelerating the threat globally.
Gentlemen RaaS Deploys Suite of EDR Evasion Tools to Sidestep Security Defenses
ESET researchers found that the Gentlemen ransomware gang uses a custom tool called GentleKiller with eight variants to disable over 400 security processes across 48 vendors.
Features
AI Generated Nudes Used in Cyberstalking Campaign Against College Student
Federal prosecutors charged a New York man with cyberstalking for allegedly using AI generated nudes and fake social media profiles…
HazyBeacon Exploits AWS Lambda URLs for Covert Command and Control Operations
The HazyBeacon campaign uses AWS Lambda Function URLs as stealthy relays for command and control, targeting Southeast Asian government networks.
FortiBleed Campaign Exploits 73,000 Fortinet Firewalls Across 194 Countries
A vast automated campaign attributed to Russian speaking actors has compromised Fortinet firewalls globally by leveraging stolen credentials harvested by…
International Crackdown Cleans Thousands of Sites Infected by SocGholish
Law enforcement agencies cleaned nearly 15,000 compromised WordPress sites by removing backdoors and malware that had been redirecting visitors to…
Apple Patches Beats Studio Buds Bug Enabling Remote Audio Eavesdropping
Apple's firmware update addresses a Bluetooth vulnerability that could let nearby attackers hijack Beats Studio Buds to secretly listen through…
usbliter8 exploit exposes unpatchable SecureROM flaw in Apple A12 and A13 chips via USB attack chain
Researchers have demonstrated “usbliter8,” a physical-access exploit that achieves code execution in Apple SecureROM on A12 and A13 devices, bypassing…
