Low-profile droppers, long considered auxiliary tools in the arsenals of Android banking trojans and RATs, are undergoing a rapid and troubling transformation. According to ThreatFabric researchers, these once secondary instruments are now being actively...
Researchers at Socket have uncovered a malicious npm package named nodejs-smtp, masquerading as the widely used nodemailer library (which averages 3.9 million weekly downloads). In reality, the package serves as a tool for covert...
A large-scale theft of authentication tokens from Salesloft, developer of the corporate chatbot platform, has triggered a chain reaction of threats across digital infrastructure worldwide. According to a warning from Google, the breach affects...
A security researcher uncovered critical vulnerabilities in the admin panel of Pudu Robotics, China’s largest supplier of commercial service robots. The flaw allowed attackers to redirect robots and issue arbitrary commands. Pudu manufactures over...
Experts at Truesec have reported a large-scale malicious campaign in which attackers promoted a fake PDF-editing application, AppSuite PDF Editor, through Google Ads. Beneath its veneer of legitimacy lurked the TamperedChef infostealer, capable of...
Researchers at Stripe OLT’s SOC have uncovered a large-scale, targeted phishing campaign aimed at senior executives and top managers across multiple industries. The attackers distribute emails disguised as internal correspondence from HR departments, inviting...
Researchers at Kaspersky Lab have reported the resurgence of ransomware operations by the group OldGremlin, which has once again begun targeting Russian companies. In the first half of 2025, eight major enterprises were compromised,...
The North Korean threat group APT37 (also known as ScarCruft, InkySquid, Reaper, and Ricochet Chollima) has launched a sweeping espionage campaign under the codename Operation HanKook Phantom, targeting government and research organizations in South...
Between June and July 2025, researchers recorded hundreds of thousands of password brute-force attempts targeting SSL VPN and RDP services. The source of the attacks was traced to the Ukrainian autonomous system FDN3 (AS211736),...
Austria’s Federal Ministry of the Interior (BMI) has fallen victim to a targeted cyberattack, details of which emerged only several weeks after the incident. According to the ministry itself, hackers gained unauthorized access to...
On July 24, 2025, the cryptocurrency platform WOO X suffered a sophisticated targeted attack in which $14 million was siphoned from nine user accounts. All evidence points to the operation being orchestrated by the...
Taiwanese prosecutors have filed charges against three individuals in a case involving the theft of TSMC trade secrets. Among the accused is a former TSMC employee, identified as Chen, who, after joining Japan’s Tokyo...
