Nation-State Cyber Threats
ENKI says Kimsuky ran a March-April 2026 wave against South Korean military and corporate targets, delivering an HTTPSpy variant through a fake Webex meeting page wired to a real scheduled event and a new infection-verification technique it calls JSONPing.
Nation-State Cyber Threats
Fox-IT disclosed RemotePE, a RAT the North Korea-linked Lazarus Group runs entirely in memory and never writes to disk. It is the final stage of a multi-stage chain, deployed only after the noisier RATs are deliberately cleaned up.
North Korean Threat Actors
Federal prosecutors sentenced two U.S. nationals — Matthew Isaac Knoot of Nashville and Erick Ntekereze Prince of Naples, Florida — to 18 months each for running "laptop farms" that helped North Korean IT workers fraudulently obtain remote employment at nearly 70 American companies. They are the seventh and eighth
Threat Intelligence
ESET disclosed a North Korea-aligned APT37/ScarCruft supply-chain compromise of sqgame.net, a Yanbian-themed gaming platform serving the ethnic-Korean community on the China-North Korea border. Trojanized Android APKs deploy a new BirdCall backdoor port. The APKs are still live.
Threat Intelligence
North Korean threat actors have escalated their developer-targeting campaign by using an AI large language model to insert malicious npm dependencies into legitimate projects — operating through fake U.S.-registered companies and deploying full-featured remote access trojans targeting cryptocurrency wallets and developer infrastructure. GLOBAL — Cybersecurity researchers at ReversingLabs
Threat Intelligence
An update on the macOS ClickFix threat: North Korean actors Sapphire Sleet and UNC1069 are now deploying AppleScript-based delivery chains and "Terminal-paste" lures to steal crypto-wallets and credentials from enterprise targets. SEOUL, SOUTH KOREA — The "ClickFix" social engineering phenomenon has officially evolved into
Crypto-Crime & Laundering
Blockchain security researchers and protocol developers have identified the North Korean state-sponsored Lazarus Group as the primary suspect in the staggering $290 million theft from Kelp DAO. SEOUL, KOR — The decentralized finance (DeFi) ecosystem is reeling after a sophisticated exploit targeted Kelp DAO, a leading liquid restaking protocol. Early
Artificial Intelligence (AI)
OpenAI has taken the drastic step of rotating its developer signing certificates for macOS, forcing a mandatory update for all desktop users after a critical third-party library was linked to state-sponsored malware. SAN FRANCISCO, CA — OpenAI has confirmed it is rotating the digital certificates used to sign its
Cyber Attacks
Drift Protocol, a prominent decentralized exchange (DEX) operating on the Solana blockchain, has been targeted in a massive exploit resulting in the loss of approximately $285 million. Leading blockchain forensic firms, including Elliptic, TRM Labs, and Chainalysis, have attributed the attack to threat actors associated with the Democratic People’s
Data Breaches
In one of the most consequential supply chain compromises of the year, security researchers have identified a sophisticated campaign to "poison" the widely used Axios software package. The attack, which targeted the npm registry used by millions of web developers, has been attributed by Google’s Threat Analysis