Latest Cybersecurity Threats

Real-time threat intelligence from trusted sources

Researchers have uncovered seven malicious npm packages that are part of an attack targeting the Vite frontend framework. This operation, named ViteVenom by Checkmarx, is associated with a broader campaign known as ChainVeil, which employs a complex blockchain-based command-and-control system. The packages are designed to deliver a Remote Access Trojan (RAT), posing significant risks to developers using Vite. This type of supply chain attack can lead to unauthorized access to systems and sensitive data. Developers and organizations relying on Vite need to be vigilant and remove any affected packages to protect their environments.

Read Original

A newly discovered vulnerability known as HollowByte poses a significant risk to OpenSSL servers by allowing unauthenticated attackers to create a denial-of-service (DoS) condition with a payload as small as 11 bytes. This flaw can lead to excessive memory consumption on affected servers, potentially causing them to crash or become unresponsive. The issue affects various OpenSSL implementations, which are widely used for secure communications on the internet. As the vulnerability is easy to exploit, it raises concerns for organizations relying on OpenSSL for their security infrastructure. Companies using OpenSSL should prioritize patching and implementing security measures to mitigate the risks associated with this vulnerability.

Read Original

The article discusses the risks associated with AI models that are allowed to interpret and execute commands without adequate oversight. This blind trust in AI can lead to significant cybersecurity vulnerabilities, as there is a lack of human intervention to catch errors or malicious actions. The implications are serious, as organizations may unknowingly allow AI to make decisions that compromise their security. As AI systems become more integrated into business operations, the need for effective monitoring and control mechanisms becomes crucial to prevent potential exploitation. This situation raises concerns about how companies are managing AI technologies and ensuring they do not become a liability.

Read Original
Critical
The Good, the Bad and the Ugly in Cybersecurity – Week 29

Cybersecurity Blog | SentinelOne

Actively Exploited

This week, authorities have taken action against Russian-based cybercriminals, marking a significant step in international cybersecurity efforts. Meanwhile, attackers have been deploying a new malware known as Starland, which poses a serious risk to users by potentially compromising their systems. Additionally, researchers have discovered around 300 fake GitHub repositories that are designed to distribute BoryptGrab, an infostealer that can harvest sensitive information from infected devices. These incidents highlight the ongoing challenges in cybersecurity, as attackers continue to evolve their tactics and target unsuspecting users. It is crucial for individuals and organizations to stay vigilant and implement robust security practices to defend against these threats.

Read Original

In April 2026, cybersecurity researchers identified a breach involving DigiCert, a prominent certificate authority, linked to a threat group known as CylindricalCanine, which is a subgroup of the Chinese cybercrime organization GoldenEyeDog. This group is particularly notorious for attacking the gambling and gaming industries. The breach resulted in the theft of code-signing certificates, which can be used to sign malicious software, making it harder for users to detect the threats. The incident raises serious concerns for companies relying on DigiCert for security, as compromised certificates could lead to widespread malware distribution. Organizations need to assess their certificate management practices and ensure they have robust monitoring in place to detect any misuse of their digital signatures.

Read Original

Thalha Jubair and Owen Flowers, key members of the hacker group known as Scattered Spider, have been sentenced to 66 months in prison in the UK. U.S. authorities previously accused Jubair of being involved in at least 120 cyberattacks, demonstrating a significant level of criminal activity. These attacks are part of a broader trend of cybercrime that affects individuals and organizations alike, raising concerns about online security. The sentencing underscores the legal consequences faced by cybercriminals and serves as a warning to others in the hacking community. As law enforcement continues to crack down on such groups, it highlights the ongoing battle against cyber threats in today's digital landscape.

Read Original
Actively Exploited

Cybercriminals are shifting their focus to 'clean' residential proxies as part of their carding efforts, which involves using stolen credit card information to make unauthorized purchases. Researchers from Flare highlight that these proxies, combined with browser fingerprints and device profiles, help attackers bypass modern fraud detection systems that have become more sophisticated. As residential proxies lose their effectiveness, this trend poses a significant challenge for online retailers and financial institutions, as it allows fraudsters to operate with increased anonymity. This development not only complicates the fight against online fraud but also underscores the need for businesses to enhance their security measures to detect and prevent such tactics. Understanding how these proxies work is crucial for organizations trying to safeguard their systems and customer data.

Read Original

North Korean hackers associated with the Contagious Interview campaign have been using steganography to hide malware in SVG image files. This tactic is part of a broader scheme where fake job postings and coding tests lure victims into downloading malicious code. When users execute these projects, they unknowingly install a multi-stage payload designed to steal browser credentials and cryptocurrency wallets, as well as access files on their systems. This method not only exploits individuals seeking employment but also raises concerns about the effectiveness of cybersecurity measures against such sophisticated attacks. Users need to be vigilant about job offers and coding challenges, especially if they involve downloading files from untrusted sources.

Read Original

The PhantomEnigma campaign has shifted its focus from targeting banking systems in 2025 to exploiting compromised Brazilian government websites in 2026. Attackers are using these .gov.br sites along with authenticated emails to deliver malware. This change in tactics raises concerns about the security of government infrastructures and the potential for widespread malware distribution. The use of official government domains adds a layer of credibility to the malicious communications, making it easier for attackers to deceive users. As this campaign continues to evolve, it poses a significant risk not only to government operations but also to the general public who may interact with these compromised sites.

Read Original

Recent declassified documents reveal that Chinese intelligence has been gathering data on U.S. voters, sparking discussions within the U.S. intelligence community about how to interpret Beijing's actions related to elections. The records provide insight into the methods used by Chinese operatives to collect and analyze voter information, which raises concerns about potential interference in the American electoral process. This situation emphasizes the ongoing risks posed by foreign actors attempting to influence domestic politics. As the U.S. heads into future elections, the implications of these findings could affect public trust in the electoral system and prompt calls for stronger cybersecurity measures to protect voter data.

Read Original

The Pentagon has temporarily suspended Phase 2 of the Cybersecurity Maturity Model Certification (CMMC), which means that third-party audits required for defense contractors will not take place for now. This suspension does not eliminate the legal requirement for companies to protect Controlled Unclassified Information (CUI). Industry experts have expressed their concern that while the audits are paused, the obligation to secure sensitive information remains critical. This situation affects defense contractors and their ability to demonstrate compliance with cybersecurity standards, potentially impacting their contracts and operations. With the growing emphasis on cybersecurity in defense, the continued protection of CUI is essential for national security.

Read Original

The article discusses the release of declassified documents related to the integrity of U.S. elections, which cybersecurity professionals are encouraged to review. These documents shed light on various aspects of election security, particularly in the context of hacking concerns that have been prevalent over the last decade. Researchers at DEF CON have been instrumental in examining vulnerabilities in voting systems, and the declassified records provide crucial insights into how past elections could have been compromised. Understanding these details is vital for improving future election security and ensuring public confidence in the electoral process. The implications of these findings extend beyond cybersecurity professionals, as they affect the integrity of democratic processes in the U.S.

Read Original
Actively Exploited

Apple has issued a warning to iPhone and iPad users about a new scam that utilizes FaceTime calls to deceive people into giving away their financial information. Scammers impersonate trusted organizations, such as banks or Apple itself, using a technique called caller ID spoofing, which makes the call appear to come from a legitimate source. This manipulation aims to extract sensitive details like account credentials and security codes. Users need to be vigilant and verify any unexpected calls requesting personal information, as this scam can lead to significant financial loss. This situation is particularly concerning as it exploits a widely used communication tool, making it crucial for users to remain cautious and informed.

Read Original

Researchers at Cisco Talos have identified a new campaign by a Russian-speaking group known as UAT-11795, which is distributing fake installers for popular applications like Zoom, Webex, and MobaXterm. These malicious installers are designed to deliver the Starland Remote Access Trojan (RAT) and a memory-only implant called WLDR. The campaign has been targeting users primarily in the United States and Europe. This is concerning as it highlights the ongoing threat posed by financially motivated cybercriminals who exploit trusted software to gain access to sensitive systems. Users should be wary of downloading software from unofficial sources and ensure they are using legitimate installation files to protect against such attacks.

Read Original

Nichirei, a major Japanese frozen food company, faced a cyberattack on July 13, which forced the company to disconnect its systems. As a result, operations were significantly disrupted, impacting their ability to process and distribute their products. The company is now in the process of gradually restoring its systems, but the incident raises concerns about the security of supply chains in the food industry. Cyberattacks on food companies can disrupt not only business operations but also affect food availability and consumer trust. Nichirei's experience serves as a reminder for companies in all sectors to prioritize cybersecurity to protect against similar threats.

Read Original
Page 1 of 273Next