Researchers have uncovered a previously undocumented Russian group that makes extensive use of large language models (LLMs) in its attacks against private, government, and military organizations in Ukraine. It uses a variety of attack vectors along with custom malware, with the goal of intelligence gathering for the ongoing war. Dubbed Greyvibe by researchers from WithSecure,…
Tag: uncovered
AI, Global Security News
Thousands of Fake FIFA Domains Target World Cup Fans
Group-IB uncovered Ghost Stadium phishing and 4300 fake FIFA World Cup domains targeting fans
AI, APAC, Cybersecurity, Exploits, Global Security News, Government & Policy
Anthropic: Mythos finds more than 10,000 software flaws in first month
Anthropic said its month-old Project Glasswing initiative has uncovered more than 10,000 high- or critical-severity software vulnerabilities across systemically important code, a finding the company says has shifted the central problem in cybersecurity from discovering flaws to verifying and patching them. The findings, drawn from partner reports and independent evaluations, mark one of the first…
AI, APAC, Cybersecurity, Exploits, Global Security News, Risk Management
Project Glasswing has uncovered 10,000 vulnerabilities: Anthropic
Anthropic says it and upwards of 50 partners involved in Project Glasswing have uncovered an estimated 10,000 critical or high-severity vulnerabilities in their software offerings. The company launched the cybersecurity initiative, which is built around Claude Mythos Preview, in April, stating that its launch partners would use it as part of their defensive security work.…
Global Security News
5,561 GitHub Repositories Hit by Megalodon Supply Chain Attack in Six Hours
SafeDep uncovered the Megalodon attack targeting 5,561 GitHub repositories with malicious CI workflows and cloud credential theft.
Global Security News
Thieves unlock stolen iPhones using cheap tools sold on Telegram
Helping a friend recover a stolen phone, Infoblox researchers uncovered a thriving Telegram-based underground marketplace selling unlocking tools and phishing infrastructure used to monetize stolen iPhones. Activation Lock can remotely disable a stolen iPhone and prevent normal resale, with owners also able to lock individual components. Even with those protections, more than 7.35 million iPhones…
AI, china, Europe, Global Security News, Government & Policy, malware, Network Security, Russia
Ghostwriter group resumes attacks on Ukrainian Government targets
ESET uncovered new Ghostwriter (aka FrostyNeighbor) activity targeting Ukrainian government organizations in a campaign active since March 2026. ESET researchers published a new report documenting fresh activity attributed to the APT group FrostyNeighbor, aka Ghostwriter, active since at least March 2026, targeting Ukrainian governmental organizations. The campaign is similar to previous FrostyNeighbor’s campaigns. The threat…
AI, Global Security News
FrostyNeighbor: Fresh mischief and digital shenanigans
ESET researchers uncovered new activities attributed to FrostyNeighbor, updating its compromise chain to support the group’s continual cyberespionage operations
AI, Global Security News, malware, Network Security, Risk Management
Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence
Researchers uncovered QLNX, a Linux RAT targeting developers to steal credentials, log keystrokes, monitor systems, and enable remote access. Security researchers discovered a previously undocumented Linux malware called Quasar Linux RAT (QLNX) that targets developers and DevOps environments. The malicious code can steal credentials, log keystrokes, manipulate files, monitor clipboard activity, and create network tunnels…
AI, Global Security News
Fake call logs, real payments: How CallPhantom tricks Android users
ESET researchers uncovered fraudulent apps on Google Play that claim to provide the call history “for any number” and had been downloaded more than seven million times before being taken down
Global Security News
Yet Another Way to Bypass Google Chrome’s Encryption Protection
Authors of the VoidStealer Trojan uncovered a way to get around Google’s App-Bound Encryption (ABE), opening the door to infostealers.
AI, Global Security News
Attackers compromised Daemon Tools software to deliver backdoors
Kaspersky researchers uncovered another supply chain compromise involving a popular Windows tool: Daemon Tools, an app for mounting disk image files as virtual drives that is widely used by gamers, developers, and IT professionals. Since April 8, 2026, the official Daemon Tools download site (at Deamon-tools[.]cc) was serving signed, trojanized Windows installers. Once installed, these…
Global Security News
Massive “Low and Slow” DDoS Attack Hits Platform With 2.45 Billion in 5 Hours
DataDome researchers uncovered a massive low and slow DDoS attack that delivered 2.45 billion requests using 1.2 million IP addresses.
Cybersecurity, Global Security News, malware
Telegram Mini Apps abused for crypto scams, Android malware delivery
Cybersecurity researchers have uncovered a large-scale fraud operation that uses Telegram’s Mini App feature to run crypto scams, impersonate well-known brands, and distribute Android malware. […]
Global Security News
45,000 Attacks, 5,300+ Backdoors Tied to China-Linked Cybercrime Operation
SOCRadar researchers have uncovered a massive Chinese cybercrime operation using the OpenClaw and Paperclip systems to automate global attacks.
AI, Cloud Security, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
Supply Chain Attacks, AI Security, and Major Breaches Define This Week in Cybersecurity in May 2026
Major Threats & Vulnerabilities Software Supply Chain and CI/CD Exploits Researchers uncovered a malicious campaign targeting SAP npm packages that secretly stole developer and CI/CD credentials through preinstall scripts and GitHub-based command and control. SAP has yet to comment on the incident, which highlights the growing risk of dependency poisoning in enterprise ecosystems. Another critical…
AI, Global Security News
Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks
In February 2026, researchers uncovered a shift that completely changed the game: threat actors are now using custom AI setups to automate attacks directly into the kill chain. We aren’t just talking about AI writing better phishing emails anymore. We’re talking about autonomous agents mapping Active Directory and seizing Domain Admin credentials in minutes. The…
AI, Global Security News, Government & Policy, malware, Network Security
New Android spyware Morpheus linked to Italian surveillance firm
Osservatorio Nessuno uncovered Morpheus spyware spreading via fake Android apps to steal data, highlighting rising covert surveillance tools. The non-partisan, non-religious, nonprofit organization Osservatorio Nessuno exposed a new spyware called Morpheus, distributed through fake Android apps posing as updates. Once installed, it can steal extensive data from the infected devices. The report shows strong demand…
Global Security News, malware
20-Year-Old Malware Rewrites History of Cyber Sabotage
Researchers have uncovered a malware framework dubbed “fast16” that predates Stuxnet by 5 years.
AI, Global Security News, malware, Risk Management
Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories
Our research on Void Dokkaebi’s operations uncovered a campaign that turns infected developer repositories into malware delivery channels. By spreading through trusted workflows, organizational codebases, and open-source projects, the threat can scale from a single compromise to a broader supply chain risk.
AI, Global Security News, malware
ClickFix campaign delivers Mac malware via fake Apple page
Security researchers at Jamf have uncovered a new ClickFix-style attack targeting Mac users via a fake Apple-themed webpage offering instructions on how to “reclaim disk space on your Mac”. The malicious page (Source: Jamf) ClickFix for everybody ClickFix is a social engineering technique that cons victims into running malicious commands on their own machine, usually…
AI, Endpoint, Exploits, Global Security News, malware, Network Security
Datto RMM Exploited in Phishing Attack, Researchers Warn
Security researchers have uncovered an active phishing campaign that abuses Datto’s remote monitoring and management platform, CentraStage, as a command-and-control channel, giving attackers full interactive control over compromised systems while flying under the radar of traditional security defenses. Phishing campaign delivers remote access trojan via fake files The campaign, tracked by the Fortra Intelligence and…
AI, Exploits, Global Security News
Storm-1175 Deploys Medusa Ransomware Within 24 Hours of Flaw Disclosure
Microsoft researchers have uncovered a fast-moving group, Storm-1175, launching high-speed Medusa ransomware attacks against healthcare and education sectors in the UK, US, and Australia by exploiting security flaws in as little as 24 hours.
AI, Global Security News
North Korean Hackers Abuse GitHub to Spy on South Korean Firms
Researchers from FortiGuard Labs have uncovered a high-severity spying campaign targeting South Korean companies. Discover how North Korean…
AI, Global Security News
New Wave of AiTM Phishing Targets TikTok for Business
Push Security has uncovered a new AiTM phishing campaign targeting TikTok for Business accounts using Google and TikTok themed login pages
AI, Exploits, Global Security News
Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass Attacks
The kernel exploit for two security vulnerabilities used in the recently uncovered Apple iOS exploit kit known as Coruna is an updated version of the same exploit that was used in the Operation Triangulation campaign back in 2023, according to new findings from Kaspersky. “When Coruna was first reported, the public evidence wasn’t sufficient to…
AI, Cybersecurity, Global Security News
Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials
Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all published by a user named mikilanjillo, is below – react-performance-suite react-state-optimizer-core react-fast-utilsa ai-fast-auto-trader
AI, Cybersecurity, Global Security News
Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments. The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4, 0.69.5, and 0.69.6 have since been removed from the container image library. “New image tags…
AI, Global Security News
China-Nexus Hackers Skulk in Southeast Asian Military Orgs for Years
Researchers uncovered an extensive cyberespionage campaign that used novel backdoors and familiar evasion techniques to maintain persistent access to regional targets.
AI, Global Security News
Fake scandal clips on Facebook bait victims into investment scams
Bitdefender researchers uncovered hundreds of scam campaigns promoted through Facebook ads that use fake news stories, celebrity impersonation, and redirect chains to funnel victims into investment fraud schemes. The activity ran through 310 malvertising campaigns distributed on Meta platforms from February 9 to March 5, 2026. The campaigns generated more than 26,000 ad sightings with…
AI, Global Security News, malware
Bitdefender Uncovers “Vibeware”: A New AI-Driven APT Attack Strategy Flooding South Asia with Polyglot Implants
Bitdefender have uncovered a new AI-assisted malware development model dubbed “vibeware”, revealing how a Pakistan-aligned threat actor is industrialising cyberattacks across South Asia by rapidly generating large volumes of disposable malware variants.
Global Security News
“LeakyLooker” Discovery Reveals Nine Vulnerabilities in Google Looker Studio, Exposing Sensitive Cloud Data
GUEST RESEARCH: Tenable Research has uncovered a series of security vulnerabilities in Google Looker Studio, dubbed “LeakyLooker,” that allowed attackers to run arbitrary SQL queries on victims’ databases and exfiltrate sensitive data within organisations’ Google Cloud environments.
AI, Global Security News, Government & Policy, malware, Russia
Russian APT targets Ukraine with BadPaw and MeowMeow malware
Researchers uncovered a Russian campaign targeting Ukrainian entities with new malware families BadPaw and MeowMeow delivered through phishing emails. Researchers reported a phishing campaign linked to Russia that targets Ukrainian organizations using two new malware families, BadPaw and MeowMeow. The attack chain begins with a phishing email carrying a link to a ZIP archive. When…
AI, Global Security News
APT37 hackers use new malware to breach air-gapped networks
North Korean hackers are deploying newly uncovered tools to move data between internet-connected and air-gapped systems, spread via removable drives, and conduct covert surveillance. […]
AI, Global Security News, malware
Fake Zoom meeting leads to silent install of surveillance software
Malwarebytes researchers have uncovered a fake (but convincing) Zoom meeting page that downloads surveillance software on Windows computers and tricks users into running it. According to Microsoft MVP Steven Lim, the page has claimed nearly 1,500 victims in 12 days. The trick Potential victims likely visit the page (at uswebzoomus[.]com/zoom/) after getting a meeting invite/link…
AI, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
Microsoft warns of job‑themed repo lures targeting developers with multi‑stage backdoors
Microsoft says it has uncovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessments. The campaign employs carefully crafted lures to blend into routine workflows, such as cloning repositories, opening projects, and running builds, thereby allowing the malicious code to execute undetected. Telemetry collected during an incident…
AI, Global Security News, malware
Self-spreading npm malware targets developers in new supply chain attack
Security researchers have uncovered another supply chain attack targeting developers: 19 typosquatting npm packages published on npmjs.com that steal credentials, infect projects, and propagate themselves across developer environments. The operation, dubbed “SANDWORM_MODE,” represents a (still) rare example of worm-like malware designed to spread through software supply chains rather than traditional end-user systems. New npm worm…
Global Security News, malware
Fraud Investigation Reveals Sophisticated Python Malware
Sophisticated Python malware uncovered in fraud probe shows obfuscation, disposable infrastructure
AI, Apps, Endpoint, Exploits, Global Security News, malware, Network Security
New Arkanix stealer blends rapid Python harvesting with stealthier C++ payloads
A newly uncovered infostealer, suspected to be built with the help of a large language model, is targeting victims with Python and C++ variants, each tailored for a different stage of data theft. Kaspersky researchers discovered a stealer dubbed “Arkanix,” which is capable of harvesting credentials, browser data, cryptocurrency, and banking assets from infected machines.…
AI, Apps, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Six flaws found hiding in OpenClaw’s plumbing
Security researchers have uncovered six high-to-critical flaws affecting the open-source AI agent framework OpenClaw, popularly known as a “social media for AI agents.” The flaws were discovered by Endor Labs as its researchers ran the platform through an AI-driven static application security testing (SAST) engine designed to follow how data actually moves through the agentic…
AI, Global Security News, malware, Russia
Keenadu backdoor found preinstalled on Android devices, powers Ad fraud campaign
Kaspersky uncovered Keenadu, an Android backdoor used for ad fraud that can even take full control of devices. Kaspersky has identified a new Android malware called Keenadu. It can be preinstalled in device firmware, hidden inside system apps, or even distributed via official stores like Google Play. Currently used for ad fraud by turning infected…
AI, APAC, Apps, china, Cybersecurity, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security
Chinese hackers exploited a Dell zero-day for 18 months before anyone noticed
Researchers uncovered more worrying details about a long-running cyber espionage campaign suspected to be backed by the Chinese government, exemplifying how such attacks often go undetected until they’ve already caused significant damage. Google Threat Intelligence Group and Mandiant said the Chinese threat group UNC6201 has been exploiting a zero-day vulnerability in Dell RecoverPoint for Virtual…
AI, Global Security News, malware
Helpful Skills or Hidden Payloads? Bitdefender Labs Dives Deep into the OpenClaw Malicious Skill Trap
New research from Bitdefender Labs has uncovered extensive and active abuse within the rapidly growing OpenClaw AI skills ecosystem, revealing how seemingly helpful automation tools are being weaponised to deliver malware, steal credentials, and compromise both consumer and corporate environments.
AI, Global Security News, malware
Helpful Skills or Hidden Payloads? Bitdefender Labs Dives Deep into the OpenClaw Malicious Skill Trap
New research from Bitdefender Labs has uncovered extensive and active abuse within the rapidly growing OpenClaw AI skills ecosystem, revealing how seemingly helpful automation tools are being weaponised to deliver malware, steal credentials, and compromise both consumer and corporate environments.
AI, Global Security News, malware
Helpful Skills or Hidden Payloads? Bitdefender Labs Dives Deep into the OpenClaw Malicious Skill Trap
New research from Bitdefender Labs has uncovered extensive and active abuse within the rapidly growing OpenClaw AI skills ecosystem, revealing how seemingly helpful automation tools are being weaponised to deliver malware, steal credentials, and compromise both consumer and corporate environments.
AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, International, malware, Network Security, News, Risk Management, Threats
Fake Dating App Delivers Android Spyware in Targeted Campaign
ESET researchers have uncovered a targeted Android spyware campaign using a fake dating app to lure victims into installing mobile surveillance malware. The campaign, focused on users in Pakistan, disguises spyware as a chat platform that promises access to exclusive profiles but instead quietly exfiltrates sensitive data from infected devices. “Once installed, the app silently…
AI, API security, Cybersecurity, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
When your AI Assistant Becomes the Attacker’s Command-and-Control
Earlier this month, Microsoft uncovered SesameOp, a new backdoor malware that abuses the OpenAI Assistants API as a covert command-and-control (C2) channel. The discovery has drawn significant attention within the cybersecurity community. Security teams can no longer focus solely on endpoint malware. Attackers are weaponizing public and legitimate AI assistant APIs and defenders must adjust.…
AI, Compliance, Cybersecurity, Data Breaches, Global Security News, privacy, Risk Management
Salesforce’s trusted domain of doom
Researchers uncovered a security flaw in Salesforce’s shiny new Agentforce. The vulnerability, dubbed “ForcedLeak”, let them smuggle AI-read instructions in via humble Web-to-Lead form… and ended up spilling data for the low, low price of five dollars. And we discuss why data breach communications still default to “we take security seriously” while quietly implying “assume no…