A large-scale password spraying campaign against Microsoft 365 (M365) tenants has been observed amid escalating tensions in the Middle East. According to Check Point, the activity is linked to Iranian cyber operators and primarily targets organizations in Israel and the United Arab Emirates (UAE), with additional victims reported in Europe, the United States, the United … Read more
Chinese-aligned threat actor TA416 has restarted large-scale cyber-espionage operations against European governmental and diplomatic entities and is now extending its focus to the Middle East. According to research attributed to Proofpoint, after nearly a two‑year lull in Europe, TA416 has, since mid‑2025, again been systematically targeting diplomatic missions to the European Union (EU) and NATO … Read more
The Axios JavaScript library, one of the most downloaded packages in the npm ecosystem with around 100 million weekly installs, has been at the center of a carefully orchestrated software supply chain attack. The incident was not caused by a coding flaw, but by a highly targeted social engineering operation that compromised the maintainer’s credentials … Read more
A campaign involving 36 malicious npm packages disguised as plugins for the Strapi CMS has exposed how easily attackers can weaponize the open source software supply chain. The packages were designed to exploit Redis and PostgreSQL, deploy reverse shells, steal credentials, and install persistent implants on compromised systems. Malicious npm packages masquerading as Strapi plugins … Read more
North Korean state-linked threat actors are increasingly abusing legitimate cloud services such as GitHub and Dropbox as covert command-and-control (C2) channels, making their operations harder to detect and block. Recent investigations by Fortinet FortiGuard Labs, AhnLab and S2W highlight a series of campaigns targeting South Korean organizations that rely on LNK phishing, PowerShell scripts, Python … Read more
Linux web servers are facing a rise in attacks where adversaries use HTTP cookies as a covert control channel for PHP web shells. According to the Microsoft Defender Security Research Team, this method enables attackers to maintain remote access and execute commands on compromised hosts while blending almost seamlessly into normal web traffic. How cookie-controlled … Read more
The decentralized derivatives exchange Drift Protocol, built on the Solana blockchain, has confirmed a major security incident: on 1 April 2026, an attacker siphoned approximately $285 million from the platform. The case is already being viewed as a landmark DeFi attack because it did not rely on a smart contract bug, but instead exploited governance … Read more
Enterprise attack surfaces are no longer defined by a single operating system. Corporate environments typically combine Windows workstations, macOS laptops for executives and developers, Linux servers and mobile devices into one interconnected digital ecosystem. Threat actors move laterally across this mix with ease, while many Security Operations Centers (SOC) still investigate incidents separately by platform, … Read more
Apple has taken the unusual step of broadening access to the iOS 18.7.7 and iPadOS 18.7.7 security update for a significantly larger range of devices. The move is a direct response to the DarkSword exploit kit, a powerful tool used in targeted cyber‑espionage campaigns that can silently compromise iPhones and iPads via normal web browsing. … Read more
The Ukrainian Computer Emergency Response Team (CERT-UA) has disclosed a new targeted phishing campaign in which attackers masqueraded as the national cybersecurity agency to distribute the AGEWHEEZE remote access trojan (RAT). The incident illustrates how threat actors increasingly combine brand impersonation, social engineering and artificial intelligence (AI) to make phishing attacks more convincing and harder … Read more
