Cyber Attacks
An attacker purchased a portfolio of 31 trusted WordPress plugins on a public marketplace, embedded a PHP backdoor in a routine-looking update, and left it dormant for eight months before activating it to distribute hidden SEO spam to thousands of websites — with the malware resolving its command-and-control
Threat Intelligence
BlueNoroff compromised a North American Web3 company using a fake Zoom meeting interface populated with AI-generated deepfakes, deploying a fileless PowerShell implant that maintained persistent access for 66 days while stealing cryptocurrency wallet credentials, browser data, and live webcam footage repurposed to lure future victims. GLOBAL — Arctic Wolf Labs
Vulnerabilities
Microsoft's February patch for a Windows zero-day actively exploited by Russia's APT28 blocked the remote code execution path — but left behind a zero-click authentication coercion flaw. Akamai researchers found it while testing the fix. That flaw is now CVE-2026-32202, confirmed exploited in
Data Breaches
A hardcoded third-party API key embedded in ClickUp's publicly accessible website JavaScript exposed hundreds of corporate and government email addresses — along with thousands of internal product development flags — for more than a year with no authentication required to access the data. ClickUp has not issued a public
Threat Intelligence
Poland is experiencing a sharp rise in state-linked cyberattacks primarily sourced from Russia, with officials warning that the spread of advanced AI tools will intensify the threat — following a December 2025 power grid attack that came within hours of a nationwide blackout. WARSAW, POLAND — Poland is facing a documented
Threat Intelligence
North Korean threat actors have escalated their developer-targeting campaign by using an AI large language model to insert malicious npm dependencies into legitimate projects — operating through fake U.S.-registered companies and deploying full-featured remote access trojans targeting cryptocurrency wallets and developer infrastructure. GLOBAL — Cybersecurity researchers at ReversingLabs
Cyber Attacks
China-linked Mustang Panda (TA416 / RedDelta) has broadened its targeting from predominantly government and policy entities in the West to India’s banking sector and Korean peninsula policy actors. Using an updated LOTUSLITE backdoor delivered via CHM files and DLL sideloading of legitimate Microsoft-signed executables, the campaign marks a
Threat Intelligence
An update on the macOS ClickFix threat: North Korean actors Sapphire Sleet and UNC1069 are now deploying AppleScript-based delivery chains and "Terminal-paste" lures to steal crypto-wallets and credentials from enterprise targets. SEOUL, SOUTH KOREA — The "ClickFix" social engineering phenomenon has officially evolved into
Ransomware
The Trigona ransomware-as-a-service (RaaS) group, linked to the Rhantus cybercrime umbrella, has begun using a privately-built exfiltration tool instead of common utilities like Rclone and MegaSync. The new “uploader_client.exe” client helps Trigona move data quickly, rotate connections to hide from network monitoring, and maintain
Data Breaches
Itron Inc. (NASDAQ: ITRI), a leading smart-meter and utility-technology provider, has disclosed a limited-scope cyberattack on its internal systems, confirming unauthorized access but saying operations and customer systems show no material disruption. LIBERTY LAKE, WASHINGTON — Itron Inc., a global heavyweight in the smart-metering and grid-management
Microsoft Ecosystem
A newly-tracked threat cluster, UNC6692, is using social-engineering-driven Teams-chats to pose as IT support, tricking employees into installing a custom modular malware toolkit called SNOW. The attack signals a shift from pure-email-phishing to "chat-based intrusion." MOUNTAIN VIEW, CALIFORNIA — A sophisticated new
phishing
Germany’s Bundestag President Julia Klöckner has reportedly become the latest victim of a Signal-based phishing campaign, in which attackers used social-engineering tactics to compromise her encrypted-messaging account and access sensitive group chats. BERLIN, GERMANY — The Federal Office for Information Security (BSI) and the Federal Office for