Lucene search
K

345 matches found

Trend Micro Simply Security
Trend Micro Simply Security
added 2026/05/22 12:0 a.m.8 views

Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware

Void Dokkaebi, a North Korea-aligned intrusion set, has updated its information-stealing malware, InvisibleFerret, shifting its delivery format to evade script-based detections...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/05 9:7 a.m.11 views

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCall to likely target ethnic Koreans residing in China. While prior versions of the backdoor hav...

5.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/01 10:46 p.m.18 views

Malicious code in graphicctx (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8867133b18f35132bf0096bdbd5d1891e87f8a07bbba09f6dffe21c8b048596e Packages in this campaign are used to exfiltrate data from users installing code from prepared Github repositories. Packages contain code to exfiltrate files...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/05/01 9:44 p.m.6 views

MAL-2026-3222 Malicious code in graphicsctxs (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4786ca298bffb09916e622e06411ae44cb51c842a6eb9bf7bcf445c051463888 Packages in this campaign are used to exfiltrate data from users installing code from prepared Github repositories. Packages contain code to exfiltrate files...

5.8AI score
Exploits0References4
The Hacker News
The Hacker News
added 2026/04/23 1:17 p.m.8 views

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes. The supply chain is messy. Packages you did not check are stealing data, adding backdoors, and spreading. Attacking the...

9.8CVSS8.2AI score0.06996EPSS
Exploits6
Talos Blog
Talos Blog
added 2026/04/21 12:29 p.m.6 views

[Podcast] It's not you, it's your printer: State-sponsored and phishing threats in 2025

!\Podcast\ It's not you, it's your printer: State-sponsored and phishing threats in 2025https://storage.ghost.io/c/af/a0/afa04ee3-414f-4481-8d23-7e7c146f192e/content/images/2026/04/YiR2025cover2x1-2-1.jpg In this episode, we unpack state-sponsored and phishing trends from the 2025 Talos Year in...

5.7AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/04/16 3:0 p.m.79 views

Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise

In this article 1. Sapphire Sleet’s campaign lifecycle 2. Defending against Sapphire Sleet intrusion activity 3. Microsoft Defender detection and hunting guidance 4. Indicators of compromise Executive summary Microsoft Threat Intelligence uncovered a macOS‑focused cyber campaign by the North Kore...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/16 1:5 p.m.11 views

ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories

You know that feeling when you open your feed on a Thursday morning and it's just... a lot? Yeah. This week delivered. We've got hackers getting creative in ways that are almost impressive if you ignore the whole "crime" part, ancient vulnerabilities somehow still ruining people's days, and enoug...

9.3CVSS7.2AI score0.43063EPSS
Exploits7
Talos Blog
Talos Blog
added 2026/04/14 1:49 p.m.11 views

State-sponsored threats: Different objectives, similar access paths

Across the Talos 2025 Year in Review, state-sponsored threat activity from China, Russia, North Korea, and Iran all had varying motivations, such as espionage, disruption, financial gain, and geopolitical influence. But when you look at how these operations actually unfold, similar tactics,...

6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/08 8:22 p.m.6 views

Malicious code in kraken-trader (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4bf5ec6e8a6020de1e122cf07f2dde0f02fa1a484ff984586db379729da75523 The package is a loader of malicious code disguised as remote "credits" code. The remote location, built from the parts in the code, delivers highly obfuscated...

6AI score
Exploits0References2
The Hacker News
The Hacker News
added 2026/04/06 4:24 p.m.7 views

DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea

Threat actors likely associated with the Democratic People's Republic of Korea DPRK have been observed using GitHub as command-and-control C2 infrastructure in multi-stage attacks targeting organizations in South Korea. The attack chain, per Fortinet FortiGuard Labs, involves obfuscated Windows...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/06 12:46 p.m.16 views

⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More

This week had real hits. The key software got tampered with. Active bugs showed up in the tools people use every day. Some attacks didn’t even need much effort because the path was already there. One weak spot now spreads wider than before. What starts small can reach a lot of systems fast. New...

10CVSS6.1AI score0.99562EPSS
Exploits400
The Hacker News
The Hacker News
added 2026/04/05 6:25 p.m.6 views

$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation

Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted and meticulously planned social engineering operation undertaken by the Democratic People's Republic of Korea DPRK that began in the fall of 2025. The Solana-based...

6.1AI score
Exploits0
HackRead
HackRead
added 2026/04/04 4:13 p.m.3 views

UNC1069 Targets Node.js Maintainers via Fake LinkedIn, Slack Profiles

North Korean group UNC1069 targets Node.js maintainers using fake LinkedIn and Slack profiles to spread malware and compromise open source packages...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/03 11:4 a.m.8 views

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069. Maintainer Jason Saayman said the attackers tailored their social engineering effor...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/03 8:35 a.m.7 views

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026. "Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable...

6AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/04/01 9:0 p.m.13 views

Mitigating the Axios npm supply chain compromise

In this article 1. Analysis of the attack 2. Mitigation and protection guidance 3. Microsoft Defender detections 4. Indicators of compromise 5. Hunting queries On March 31, 2026, two new npm packages for updated versions of Axios, a popular HTTP client for JavaScript that simplifies making HTTP...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/01 7:44 a.m.6 views

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069. "We have attributed the attack to a suspected North Korean threat actor we track as UNC1069," John Hultquist, chief analy...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/18 5:26 p.m.8 views

OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs

The U.S. Department of the Treasury's Office of Foreign Assets Control OFAC has sanctioned six individuals and two entities for their involvement in the Democratic People's Republic of Korea DPRK information technology IT worker scheme with an aim to defraud U.S. businesses and generate illicit...

6.1AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/03/06 5:0 p.m.24 views

AI as tradecraft: How threat actors operationalize AI

In this article 1. AI as an enabler for cyberattacks 2. Post-compromise misuse of AI 3. Emerging trends 4. Mitigation guidance for AI-enabled threats 5. Microsoft Defender detections Threat actors are operationalizing AI along the cyberattack lifecycle to accelerate tradecraft, abusing both...

9.3CVSS7.1AI score0.99374EPSS
Exploits62
Rows per page
Query Builder