Tag: compromise

Obsidian publishes PoC for a 1-click Flowise RCE that can fully compromise self-hosted servers

Canvas attack aftermath: What risks come next?

May 27, 2026

The compromise of student data turned a cyber mom into a cyber mama bear Categories: Sophos Insights Tags: cyberattack, ShinyHunters, GOLD CRYSTAL, Canvas

GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension

GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code (VS Code) extension. The development comes as the Nx team revealed that the extension, nrwl.angular-console, was breached after one of its…

Microsoft Exchange Zero-Day Under Attack, No Patch Available

May 18, 2026

CVE-2026-42897 stems from a cross-site scripting (XSS) vulnerability and can allow an attacker to compromise Outlook Web Access (OWA) mailboxes.

Device Code Phishing Targets Microsoft 365 Users

May 18, 2026

Cybercriminals are adopting device code phishing as a new way to bypass traditional phishing defenses and compromise enterprise Microsoft 365 accounts. According to Proofpoint, threat actors are abusing legitimate Microsoft authentication workflows to steal authentication tokens without using traditional phishing pages. “The spike in device code phishing coincides with publicly released criminal toolkits, and the…

FrostyNeighbor: Fresh mischief and digital shenanigans

May 14, 2026

ESET researchers uncovered new activities attributed to FrostyNeighbor, updating its compromise chain to support the group’s continual cyberespionage operations

73 Seconds to Breach, 24 Hours to Patch: The Case for Autonomous Validation

May 13, 2026

Attackers can compromise systems in minutes while patching and response still take hours or days. Picus Security breaks down why autonomous validation is becoming critical for modern defense strategies. […]

Webinar: Why modern attacks require both security and recovery

May 7, 2026

Modern attacks don’t stop at initial compromise. This webinar explores why security and recovery must work together to reduce downtime and improve resilience. […]

Attackers compromised Daemon Tools software to deliver backdoors

May 6, 2026

Kaspersky researchers uncovered another supply chain compromise involving a popular Windows tool: Daemon Tools, an app for mounting disk image files as virtual drives that is widely used by gamers, developers, and IT professionals. Since April 8, 2026, the official Daemon Tools download site (at Deamon-tools[.]cc) was serving signed, trojanized Windows installers. Once installed, these…

DigiCert breached via malicious screensaver file

May 4, 2026

A targeted social engineering attack against DigiCert’s support channel led to the compromise of internal systems and the unauthorized issuance of EV Code Signing certificates. DigiCert is a global Certificate Authority (CA) providing digital trust services, specializing in TLS/SSL certificates, PKI management, and IoT security. According to DigiCert’s incident report, a threat actor contacted the…

Human-centric failures: Why BEC continues to work despite MFA

May 1, 2026

Business email compromise (BEC) is still thriving even in organizations that have implemented multi-factor authentication (MFA). As security professionals, we often assume that MFA is the silver bullet for email security, but real-world incidents suggest otherwise. Attackers exploit human behaviors, process gaps and operational blind spots that MFA alone cannot address. In many modern BEC…

PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials

April 30, 2026

In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. According to Aikido Security, Socket, and StepSecurity, the two malicious versions are versions 2.6.2 and 2.6.3, both of which were published on April 30, 2026. The campaign is…

New Cisco firewall malware can only be killed by pulling the plug

April 24, 2026

Suspected state-sponsored attackers are using a custom backdoor to persistently compromise Cisco security devices (firewalls), the US CISA and the UK National Cyber Security Centre warned on Thusday. “The [Firestarter] malware (…) is relevant for both Cisco Firepower and Secure Firewall devices; however, CISA has only observed a successful implant of the malware in the…

Vercel’s security breach started with malware disguised as Roblox cheats

April 20, 2026

Vercel customers are at risk of compromise after an attacker hopped through multiple internal systems to steal credentials and other sensitive data, the company said in a security bulletin Sunday. The attack, which didn’t originate at Vercel, showcases the pitfalls of interconnected cloud applications and SaaS integrations with overly privileged permissions. An attacker traversed third-party…

5 ways to strengthen identity security and improve attack resilience

April 7, 2026

Identity compromise has become one of the most effective ways for attackers to infiltrate business systems. Firewalls, endpoint protection, and monitoring tools mean little once an attacker logs in using valid credentials. For MSPs and corporate IT teams, strengthening identity security and enforcing least privilege access are two of the most powerful ways to reduce…

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

April 3, 2026

The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069. Maintainer Jason Saayman said the attackers tailored their social engineering efforts “specifically to me” by first approaching him under the guise of the founder of…

North Korean hackers linked to Axios npm supply chain compromise

April 1, 2026

The software supply chain attack that resulted in the compromise of npm packages of Axios, an extremely popular HTTP client library, is believed to be the work of financially-motivated North Korean attackers. Links to UNC1069 On March 31, 2026, unknown attackers managed to publish two backdoored Axios npm packages after gaining access to a maintainer’s…

Security awareness is not a control: Rethinking human risk in enterprise security

April 1, 2026

Organizations have been responding to phishing, business email compromise, and credential theft in essentially the same manner for over ten years. They essentially follow a playbook that involves investing in awareness training, running phishing simulations, and requiring employees to complete annual security modules. The reason behind this is simple and the reasoning behind these efforts…

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

April 1, 2026

Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069. “We have attributed the attack to a suspected North Korean threat actor we track as UNC1069,” John Hultquist, chief analyst at Google Threat Intelligence Group (GTIG), told The Hacker…

Axios npm Attack Deploys Cross-Platform RAT

March 31, 2026

A brief compromise of the popular Axios npm package shows how quickly a trusted dependency can become a widespread threat. Attackers hijacked a maintainer account and published malicious versions that silently installed a remote access trojan (RAT) during routine package installs, putting developer environments and CI/CD pipelines at risk. “While traditional risks like manual dependency…

Russia-linked APT TA446 uses DarkSword exploit to target iPhone users in phishing wave

March 30, 2026

Russia-linked TA446 is using the DarkSword iOS exploit kit in targeted phishing campaigns to compromise iPhone users. Russia-linked APT group TA446 (aka SEABORGIUM, ColdRiver, Callisto, and Star Blizzard) is using the DarkSword exploit kit in targeted spear-phishing campaigns against iOS devices. The attacks rely on malicious emails to compromise iPhones, highlighting a growing threat from…

TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware

March 27, 2026

TeamPCP continues is supply chain compromise rampage, with telnyx on PyPI being the latest maliciously modified package. What happened? Telnyx is a widely used software development kit (SDK) for the Telnyx AI Voice Agent service. According to Endor Labs researchers, attackers backdoored the legitimate SDK code and published versions 4.87.1 and 4.87.2 of the package…

Experts warn of a ‘loud and aggressive’ extortion wave following Trivy hack

March 24, 2026

SAN FRANCISCO — Mandiant is responding to a major, ongoing supply-chain attack involving the compromise of Trivy, a widely used open-source tool from Aqua Security that’s designed to find vulnerabilities and misconfigurations in code repositories. The fallout from the attack spree, which was first detected March 19, is extensive and poses substantial risk for follow-on…

Lumu enhances Defender to detect compromise across network, cloud, endpoint, and identity

March 24, 2026

Lumu has upgraded its Lumu Defender NDR solution, extending Continuous Compromise Assessment beyond the network to include endpoints, cloud environments, and user behavior for unified visibility. The past year marks a strategic shift in attack methods, with threat actors pivoting from high-profile malware to increasingly sophisticated, stealth-based tactics. The increase of AI-driven security attacks, attackers…

Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware

March 17, 2026

North Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim’s KakaoTalk desktop application to distribute malicious payloads to certain contacts. The activity has been attributed by South Korean threat intelligence firm Genians to a hacking group referred to as Konni. “Initial access was achieved through a spear-phishing…

Ericsson Breach Exposes Data of 15k Employees and Customers

March 10, 2026

Ericsson data breach affects 15k employees/customers after third-party service provider compromise

Backup strategies are working, and ransomware gangs are responding with data theft

March 6, 2026

Business email compromise (BEC) and funds transfer fraud combined for 58% of all cyber insurance claims filed in 2025, according to data from Coalition covering more than 100,000 policyholders across the United States, Canada, the United Kingdom, Australia, and Germany. BEC was the single most common claim type at 31%, with frequency rising 15% year…

Surge in Attacks on Surveillance Cameras Linked to Iranian Hackers

March 4, 2026

Increased attempts to compromise surveillance cameras linked to Iran during Middle East conflict

Expanding Phishing Detection at Scale with Automatic SSL Decryption

March 3, 2026

90% of modern cyberattacks start with phishing and it’s getting worse. The volume of compromise attempts keeps surging, leaving companies more exposed to credential theft and heavy financial hits. As phishing evolves, we focus on countering the core tactics that make it effective. That’s why ANY.RUN is upgrading the threat detection capabilities of the Interactive Sandbox across all subscription tiers with the new SSL decryption technology. By extracting encryption keys directly from process memory, it increases the detection rate of phishing inside the sandbox, helping every user and SOC team…

What does business email compromise look like?

February 24, 2026

Business email compromise (BEC) is the digital con dressed to impress. It’s clean, calculated, and ready to fool even the sharpest eyes. These scammers don’t tell on themselves with sloppy hacks. They whisper in familiar voices, posing as your CEO, HR, or a trusted vendor. And, unlike phishing, they’re a precision strike built on inside…

How to prevent business email compromise

February 24, 2026

Business email compromise (BEC) is the cyber equivalent of an expertly forged handwritten note—no malware fireworks, no flashing warnings, just a convincing request that tricks someone into wiring money or handing over sensitive data. Knowing how to prevent BEC should sit at the top of every security to‑do list because even one fraudulent email can…

Know the red flags: Business email compromise signs to look out for

February 24, 2026

When it comes to cyber threats, business email compromise (BEC) is one of the sneakiest, most costly scams out there. These digital predators don’t rely on brute force, but are patient, tactical, and they exploit one weakness above all: human trust. If you’re in the cybersecurity game, spotting a BEC attack can mean the difference…

AWS Threat Intel Finds 600+ FortiGate Devices Hit

February 23, 2026

A financially motivated cybercriminal has used commercial generative AI tools to compromise more than 600 FortiGate devices across 55 countries — without exploiting specific software vulnerabilities. This “… campaign succeeded by exploiting exposed management ports and weak credentials with single-factor authentication, fundamental security gaps that AI helped an unsophisticated actor exploit at scale,” said CJ…

Remcos RAT Expands Real-Time Surveillance Capabilities

February 19, 2026

New Remcos RAT variant enhances real-time surveillance and evasion techniques to compromise Windows

Cyber attacks enabled by basic failings, Palo Alto analysis finds

February 17, 2026

Cyberattacks are moving faster, shrinking the gap between initial compromise and bad consequences, and the advent of AI is accelerating their timelines in a way that human defenders can no longer keep up with. That’s the broad and perhaps unsurprising finding of Palo Alto Networks’ 2026 Global Incident Response Report, which analyzed 750 incidents in…