Telesquare TLR-2005KSH - Remote Command Execution

Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from South Korea's Telesquare company.Telesquare TLR-2005Ksh versions 1.0.0 and 1.1.4 have an unauthorized remote command execution vulnerability. An attacker can exploit this vulnerability to execute system commands without authorization through...

Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware

Void Dokkaebi, a North Korea-aligned intrusion set, has updated its information-stealing malware, InvisibleFerret, shifting its delivery format to evade script-based detections...

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCall to likely target ethnic Koreans residing in China. While prior versions of the backdoor hav...

Malicious code in graphicctx (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8867133b18f35132bf0096bdbd5d1891e87f8a07bbba09f6dffe21c8b048596e Packages in this campaign are used to exfiltrate data from users installing code from prepared Github repositories. Packages contain code to exfiltrate files...

MAL-2026-3222 Malicious code in graphicsctxs (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4786ca298bffb09916e622e06411ae44cb51c842a6eb9bf7bcf445c051463888 Packages in this campaign are used to exfiltrate data from users installing code from prepared Github repositories. Packages contain code to exfiltrate files...

Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2

Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimately facilitate the abuse of Microsoft Visual Studio Code VS Code tunnels for remote access. Zscaler ThreatLabz, which...

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes. The supply chain is messy. Packages you did not check are stealing data, adding backdoors, and spreading. Attacking the...

[Podcast] It's not you, it's your printer: State-sponsored and phishing threats in 2025

!\Podcast\ It's not you, it's your printer: State-sponsored and phishing threats in 2025https://storage.ghost.io/c/af/a0/afa04ee3-414f-4481-8d23-7e7c146f192e/content/images/2026/04/YiR2025cover2x1-2-1.jpg In this episode, we unpack state-sponsored and phishing trends from the 2025 Talos Year in...

Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise

In this article 1. Sapphire Sleet’s campaign lifecycle 2. Defending against Sapphire Sleet intrusion activity 3. Microsoft Defender detection and hunting guidance 4. Indicators of compromise Executive summary Microsoft Threat Intelligence uncovered a macOS‑focused cyber campaign by the North Kore...

ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories

You know that feeling when you open your feed on a Thursday morning and it's just... a lot? Yeah. This week delivered. We've got hackers getting creative in ways that are almost impressive if you ignore the whole "crime" part, ancient vulnerabilities somehow still ruining people's days, and enoug...

State-sponsored threats: Different objectives, similar access paths

Across the Talos 2025 Year in Review, state-sponsored threat activity from China, Russia, North Korea, and Iran all had varying motivations, such as espionage, disruption, financial gain, and geopolitical influence. But when you look at how these operations actually unfold, similar tactics,...

CVE-2026-39667

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jongmyoung Kim Korea SNS korea-sns allows DOM-Based XSS.This issue affects Korea SNS: from n/a through = 1.7.0...

Malicious code in kraken-trader (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4bf5ec6e8a6020de1e122cf07f2dde0f02fa1a484ff984586db379729da75523 The package is a loader of malicious code disguised as remote "credits" code. The remote location, built from the parts in the code, delivers highly obfuscated...

EUVD-2026-20341

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jongmyoung Kim Korea SNS korea-sns allows DOM-Based XSS.This issue affects Korea SNS: from n/a through = 1.7.0...

CVE-2026-39667

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jongmyoung Kim Korea SNS korea-sns allows DOM-Based XSS.This issue affects Korea SNS: from n/a through = 1.7.0...

CVE-2026-39667 WordPress Korea SNS plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jongmyoung Kim Korea SNS korea-sns allows DOM-Based XSS.This issue affects Korea SNS: from n/a through = 1.7.0...

CVE-2026-39667

CVE-2026-39667 describes a DOM-based XSS in the WordPress Korea SNS plugin (korea-sns) for WordPress, affected versions up to and including 1.7.0. The root cause is improper neutralization of input during web page generation, enabling cross-site scripting. The vulnerability impacts Korea SNS user...

CVE-2026-39667

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jongmyoung Kim Korea SNS korea-sns allows DOM-Based XSS.This issue affects Korea SNS: from n/a through = 1.7.0...

CVE-2026-39667 WordPress Korea SNS plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jongmyoung Kim Korea SNS korea-sns allows DOM-Based XSS.This issue affects Korea SNS: from n/a through = 1.7.0...

PT-2026-31229

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jongmyoung Kim Korea SNS korea-sns allows DOM-Based XSS.This issue affects Korea SNS: from n/a through = 1.7.0...