News
Centers Laboratory Data Breach Analysis: 540,000 Patient Records Exposed by Worldleaks in 2025 Cyberattack
1+ hour, 19+ min ago (146+ words) Critical: Implement robust access controls and multi-factor authentication to prevent unauthorized access to sensitive systems and data. Conduct regular audits of user accounts and privileges, and monitor for anomalous access patterns. High: Engage third-party digital forensics specialists immediately upon detection…...
Active Exploitation Alert: 148 Malicious npm Packages Masquerading as Student Proxies Turn Browsers Into DDoS Botnet
1+ hour, 19+ min ago (132+ words) The attack leveraged the npm ecosystem to distribute packages with names such as charlie-kirk, ilovefemboys, miguelphonk, changiairportpromax, and many others. These packages were not intended for import into legitimate projects but instead served as hosting for proxy web applications branded…...
Active Exploitation Alert: Indirect Prompt Injection Attacks Target AI Agents to Facilitate Unauthorized Cryptocurrency Payments
6+ day, 22+ hour ago (195+ words) Prompt injection is a class of attacks where adversaries embed hidden or obfuscated instructions within content that is likely to be ingested by AI agents. In the context of cryptocurrency payment fraud, attackers use indirect prompt injection (IPI) to target…...
Active Exploitation Alert: North Korean PolinRider Supply Chain Attack Targets npm, Packagist, Go Modules, and Chrome Extensions
1+ week, 2+ day ago (488+ words) Rescana Active Exploitation Alert: North Korean PolinRider Supply Chain Attack Targets npm, Packagist, Go Modules, and Chrome Extensions The PolinRider campaign represents a significant escalation in supply chain attacks orchestrated by North Korean threat actors, specifically those associated with the…...
GlassWorm Malware Takedown: Disruption of Developer Supply Chain Attacks Targeting VSCode, npm, Python, and GitHub
1+ mon, 2+ week ago (179+ words) The campaign’s impact extended across the software development sector, with the potential to compromise thousands of downstream organizations through poisoned packages and repositories. The attackers’ focus on developers as high-value targets underscores the evolving threat landscape, where compromising the tools…...
Active Exploitation Alert: Grandoreiro Banking Trojan and BTMOB RAT Targeting Windows and Android Users in Global Financial Malware Campaigns
1+ mon, 2+ week ago (363+ words) The malware's configuration is highly modular, enabling dynamic targeting of specific banks such as Abanca, Banco de Portugal, BBVA PT, Caixa Geral Depositos, Santander, Revolut, and Wise. It is capable of real-time web injection, credential harvesting, and session hijacking, allowing…...
Active Exploitation Alert: Lazarus Group Targets Financial and Crypto Firms with RemotePE Memory-Only RAT
1+ mon, 2+ week ago (193+ words) The first stage involves the deployment of a loader DLL, typically named Iassvc.dll, which utilizes the Windows Data Protection API (DPAPI) to decrypt and load the next stage. This loader is made persistent by manipulating Windows services, such as…...
Robinhood Account Creation Vulnerability Exploited for Phishing: HTML Injection in Device Metadata Bypasses Email Security
2+ mon, 2+ week ago (227+ words) From a MITRE ATT&CK perspective, the campaign leveraged techniques including T1566.001 (Phishing: Spearphishing Attachment), T1190 (Exploit Public-Facing Application), and T1589 (Gather Victim Identity Information). The attackers’ use of breached data for targeting, combined with sophisticated email and web spoofing, reflects a mature…...
GlassWorm ForceMemo Campaign: Supply Chain Attack Targets GitHub Python Repositories with Stolen Tokens and Blockchain-Based Malware
3+ mon, 3+ week ago (721+ words) Rescana Yes, subscribe me to your newsletter. A highly sophisticated supply chain attack, attributed to the GlassWorm threat actor and tracked as the ForceMemo campaign, is actively targeting the Python open-source ecosystem by leveraging stolen GitHub tokens to force-push obfuscated…...
VENON Rust Malware Targets Itaú and 32 Other Brazilian Banks with Advanced Credential-Stealing Attacks
3+ mon, 4+ week ago (587+ words) Executive SummaryA newly identified banking malware, VENON, written in the Rust programming language, is actively targeting 33 Brazilian banks and digital asset platforms. This malware represents a significant technical leap from the traditional Delphi-based Latin American banking trojans, leveraging advanced evasion…...