#hijack-loader
#hijack-loader

EU data protection

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

fromLos Angeles Times

Los Angeles

L.A. Metro confirms it was hacked. Weeks later, it's still getting systems back online

14 hours ago

EU data protection

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

TA416 has intensified cyberattacks on European government and diplomatic organizations since mid-2025, utilizing advanced malware delivery techniques.

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The ThreatsDay Bulletin provides a concise overview of current cybersecurity threats and trends affecting system safety.

12 hours ago

After fighting malware for decades, this cybersecurity veteran is now hacking drones | TechCrunch

Mikko Hyppönen emphasizes the invisible nature of cybersecurity work, comparing it to Tetris where successes vanish and failures accumulate.

EU data protection

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

A cybercriminal group known as TeamPCP hacked the EU's executive body, stealing 92 gigabytes of data, including personal information.

fromLos Angeles Times

Los Angeles

L.A. Metro confirms it was hacked. Weeks later, it's still getting systems back online

EU data protection

14 hours ago

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

Hackers stole over 300GB of data from the European Commission's AWS environment using a compromised API key from the Trivy supply chain attack.

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

TA416 has intensified cyberattacks on European government and diplomatic organizations since mid-2025, utilizing advanced malware delivery techniques.

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The ThreatsDay Bulletin provides a concise overview of current cybersecurity threats and trends affecting system safety.

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

DevOps

fromInfoWorld

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

Human Error, Not Hacking, Cited as Top Cause for Crypto Access Loss

Human error is the leading cause of cryptocurrency access loss, affecting 35% of holders, primarily due to forgotten passwords and lost seed phrases.

Privacy professionals

fromNextgov.com

Suspected Chinese breach of FBI system exposed surveillance targets' phone numbers

A breach linked to China exposed phone numbers of FBI surveillance targets, raising concerns about counterintelligence risks.

Roam Research

New Rowhammer attacks give complete control of machines running Nvidia GPUs

Rowhammer attacks on Nvidia GPUs can compromise CPU memory, allowing full control of host machines.

ICE says it bought Paragon's spyware to use in drug trafficking cases | TechCrunch

ICE has utilized spyware from Paragon Solutions to combat drug trafficking and foreign terrorist organizations' use of encrypted communications.

US politics

fromSilicon Canals

ICE confirms it deployed Paragon spyware inside the United States for drug trafficking cases - Silicon Canals

ICE is using commercial spyware domestically, raising constitutional concerns about warrantless surveillance and lack of oversight.

US politics

ICE says it bought Paragon's spyware to use in drug trafficking cases | TechCrunch

ICE has utilized spyware from Paragon Solutions to combat drug trafficking and foreign terrorist organizations' use of encrypted communications.

US politics

fromSilicon Canals

ICE confirms it deployed Paragon spyware inside the United States for drug trafficking cases - Silicon Canals

ICE is using commercial spyware domestically, raising constitutional concerns about warrantless surveillance and lack of oversight.

Node JS

North Korean hackers implicated in major supply chain attack

Node JS

Axios NPM Package Breached in North Korean Supply Chain Attack

fromBleepingComputer

3 hours ago

Axios npm hack used fake Teams error fix to hijack maintainer account

A social engineering attack linked to North Korean hackers compromised Axios maintainers, leading to a supply chain attack with malicious npm package versions.

Node JS

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Node JS

fromAxios

North Korean hackers implicated in major supply chain attack

A compromised maintainer account for the Axios npm package led to the publication of malicious software versions targeting various operating systems.

Node JS

Axios NPM Package Breached in North Korean Supply Chain Attack

Malicious Axios NPM library versions were distributed in a supply chain attack by North Korean hackers, affecting millions of users.

fromBleepingComputer

3 hours ago

Axios npm hack used fake Teams error fix to hijack maintainer account

A social engineering attack linked to North Korean hackers compromised Axios maintainers, leading to a supply chain attack with malicious npm package versions.

Node JS

fromHarvard Business Review

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios experienced a supply chain attack due to malicious dependencies in two npm package versions.

more#axios

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

An AI agent named MJ Rathbun published a blogpost attacking engineer Scott Shambaugh.

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

Threat actor exploits Next.js vulnerabilities to exfiltrate credentials and compromise systems at scale, affecting over 766 systems and collecting more than 10,000 files.

North Korean Hackers Drain $285 Million From Drift in 10 Seconds

A North Korean threat actor executed a $285 million heist from the Drift DeFi platform using sophisticated techniques and pre-signed transactions.

fromFortune

I knew about North Korean hackers-they still tricked me and got into my computer | Fortune

North Korean hackers are increasingly targeting individuals in the crypto industry, employing sophisticated deception tactics.

fromNextgov.com

North Korea-linked hackers suspected in Axios open-source hijack, Google analysts say

North Korea-aligned hackers compromised the Axios JavaScript library, risking many developers' systems through a sophisticated supply chain attack.

fromDevOps.com

North Korean Hackers Suspected in Supply Chain Attack on Popular Axios Project - DevOps.com

North Korean hackers hijacked the npm account of an axios maintainer, publishing malicious versions that installed a remote access trojan.

Cryptocurrency

North Korean Hackers Drain $285 Million From Drift in 10 Seconds

A North Korean threat actor executed a $285 million heist from the Drift DeFi platform using sophisticated techniques and pre-signed transactions.

fromFortune

I knew about North Korean hackers-they still tricked me and got into my computer | Fortune

North Korean hackers are increasingly targeting individuals in the crypto industry, employing sophisticated deception tactics.

fromNextgov.com

North Korea-linked hackers suspected in Axios open-source hijack, Google analysts say

North Korea-aligned hackers compromised the Axios JavaScript library, risking many developers' systems through a sophisticated supply chain attack.

fromDevOps.com

North Korean Hackers Suspected in Supply Chain Attack on Popular Axios Project - DevOps.com

North Korean hackers hijacked the npm account of an axios maintainer, publishing malicious versions that installed a remote access trojan.

more#north-korea

#cyberattack

Privacy professionals

Hasbro says it was hacked, and may take 'several weeks' to recover | TechCrunch

Hasbro confirmed a cyberattack, prompting system shutdowns and ongoing investigations, with potential operational disruptions lasting several weeks.

Hasbro Cyberattack Knocks Systems Offline, Recovery Could Take Weeks

Hasbro experienced a cyberattack that forced parts of its systems offline, potentially leading to weeks of operational impact.

Privacy professionals

Hasbro says it was hacked, and may take 'several weeks' to recover | TechCrunch

Hasbro confirmed a cyberattack, prompting system shutdowns and ongoing investigations, with potential operational disruptions lasting several weeks.

Hasbro Cyberattack Knocks Systems Offline, Recovery Could Take Weeks

Hasbro experienced a cyberattack that forced parts of its systems offline, potentially leading to weeks of operational impact.

Documentation can contain malicious instructions for agents

Context Hub may enhance API usage but poses risks of software supply chain attacks through unverified documentation.

Top npm package backdoored to drop dirty RAT on dev machines

The attackers swapped the account's email address for an anonymous ProtonMail inbox and pushed the infected packages manually via the npm CLI, completely bypassing the project's GitHub Actions CI/CD pipeline and the safeguards developers tend to assume are in place.

Node JS

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Drift decentralized exchange lost $285 million due to a sophisticated attack involving unauthorized access and social engineering.

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Operation REF1695 uses fake installers to deploy RATs and cryptocurrency miners, monetizing infections through CPA fraud since November 2023.

Information security

New DeepLoad Malware Dropped in ClickFix Attacks

Information security

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

Information security

Fake Claude Code source downloads actually delivered malware

Information security

Sophisticated CrystalX RAT Emerges

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Operation REF1695 uses fake installers to deploy RATs and cryptocurrency miners, monetizing infections through CPA fraud since November 2023.

New DeepLoad Malware Dropped in ClickFix Attacks

DeepLoad malware steals credentials and intercepts browser interactions, utilizing ClickFix for distribution and evading detection through sophisticated techniques.

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

A new version of SparkCat malware targets cryptocurrency users on mobile platforms, concealing itself in benign apps and evolving its technical capabilities.

Fake Claude Code source downloads actually delivered malware

Leaked Claude Code source code led to malware downloads, including credential-stealing Vidar and proxy tool GhostSocks, via a malicious GitHub repository.

Sophisticated CrystalX RAT Emerges

CrystalX RAT is a new malware-as-a-service combining spyware, stealer, and remote access capabilities, promoted on Telegram and YouTube.

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

more#malware

Artificial intelligence

fromFuturism

AI Tools Are Supercharging Hackers

AI systems are increasingly weaponized for cybercrime, enabling hackers to exploit vulnerabilities at scale with minimal technical expertise, as demonstrated by recent attacks on Mexican government networks and global firewall systems.

Critical ShareFile Flaws Lead to Unauthenticated RCE

Two critical vulnerabilities in ShareFile could allow unauthenticated remote code execution through improper access to configuration pages.

fromComputerworld

A core infrastructure engineer pleads guilty to federal charges in insider attack

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.

Information security

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Stolen credentials significantly enhance ransomware attacks, enabling illegitimate access and operational disruption within networks.

Axios supply chain attack victim posts postmortem to prevent a repeat

Axios was compromised for three hours, distributing Remote Access Trojans due to a sophisticated social engineering attack by North Korean group UNC1069.

Mercor Hit by LiteLLM Supply Chain Attack

Mercor was impacted by a supply chain attack involving LiteLLM, resulting in the theft of 4 terabytes of data.

Mercor says it was 'one of thousands' hit in LiteLLM attack

Mercor confirmed it was affected by the LiteLLM supply-chain attack, with significant data theft by the Lapsus$ group.

Mercor Hit by LiteLLM Supply Chain Attack

Mercor was impacted by a supply chain attack involving LiteLLM, resulting in the theft of 4 terabytes of data.

Mercor says it was 'one of thousands' hit in LiteLLM attack

Mercor confirmed it was affected by the LiteLLM supply-chain attack, with significant data theft by the Lapsus$ group.

more#supply-chain-attack

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

A large-scale credential harvesting operation exploits the React2Shell vulnerability to steal sensitive data from compromised hosts across multiple regions.

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Mercor, an AI startup, experienced a data breach involving 4 terabytes of stolen data linked to a supply chain attack by hacking groups.

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.

fromSecuritymagazine

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Mercor, an AI startup, experienced a data breach involving 4 terabytes of stolen data linked to a supply chain attack by hacking groups.

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.

CERT-EU blames Trivy supply chain attack for Europa.eu data breach

TeamPCP exploited Trivy to access sensitive cloud credentials and data, creating significant vulnerabilities for organizations.

Venom Stealer Raises Stakes With Continuous Credential Harvesting

Stolen credentials via infostealers like Venom Stealer are central to modern cybercrime.

#phishing

Information security

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

Information security

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

Major phishing campaign on GitHub using fake security alerts

A large-scale phishing campaign targets developers on GitHub, exploiting Discussions to spread fake security alerts about Visual Studio Code and distribute malware.

Information security

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

Information security

Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

A phishing campaign impersonating CERT-UA distributed malware called AGEWHEEZE targeting various organizations in Ukraine.

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A phishing campaign targets Spanish-speaking users in Latin America and Europe, delivering banking trojans via malware called Horabot.

Major phishing campaign on GitHub using fake security alerts

A large-scale phishing campaign targets developers on GitHub, exploiting Discussions to spread fake security alerts about Visual Studio Code and distribute malware.

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

Information security

Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Google has released a security update for Chrome due to multiple high-severity vulnerabilities, including an actively exploited use-after-free flaw.

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation - Patch Released

"Use-after-free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page."

Information security

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

CrewAI Vulnerabilities Expose Devices to Hacking

Threat actors can exploit four vulnerabilities in CrewAI for remote code execution and other attacks.

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

Threat actors exploit a critical SQL injection vulnerability in Fortinet FortiClient EMS, allowing remote code execution without authentication.

Exploitation of Fresh Citrix NetScaler Vulnerability Begins

Exploitation of a critical Citrix NetScaler vulnerability began shortly after its public disclosure, with active attempts detected within days.

US Prisons Russian Access Broker for Aiding Ransomware Attacks

Aleksei Volkov was sentenced to 81 months in prison for his role in ransomware attacks causing over $9 million in losses.

fromChannelPro

Information security

Ransomware is on the rise. Again

Information security

Ransomware Groups May Pivot Back to Encryption as Data Theft Tactics Falter

US Prisons Russian Access Broker for Aiding Ransomware Attacks

Aleksei Volkov was sentenced to 81 months in prison for his role in ransomware attacks causing over $9 million in losses.

fromChannelPro

Information security

Ransomware is on the rise. Again

Information security

Ransomware Groups May Pivot Back to Encryption as Data Theft Tactics Falter

more#ransomware

Self-propagating malware poisons open source software and wipes Iran-based machines

CanisterWorm, as Aikido has named the malware, targets organizations' CI/CD pipelines used for rapid development and deployment of software. Every developer or CI pipeline that installs this package and has an npm token accessible becomes an unwitting propagation vector.

Information security

Identity has become malleable for cyber attackers

Modern cyberattacks combine psychological manipulation, deepfakes, voice phishing, and stolen data to breach even well-defended organizations without exploiting software vulnerabilities.

fromWIRED

US Takes Down Botnets Used in Record-Breaking Cyberattacks

The US Department of Justice, working with the cybercrime-fighting agency within the US Department of Defense known as the Defense Criminal Investigative Service, announced that it had dismantled four massive botnets in a single operation, removing the command-and-control servers used to commandeer the hacker-run armies of compromised devices known by the names JackSkid, Mossad, Aisuru, and Kimwolf.

Information security

54 EDR Killers Use BYOVD to Exploit 34 Signed Vulnerable Drivers and Disable Security

Ransomware gangs, especially those with ransomware-as-a-service (RaaS) programs, frequently produce new builds of their encryptors, and ensuring that each new build is reliably undetected can be time-consuming. More importantly, encryptors are inherently very noisy (as they inherently need to modify a large number of files in a short period); making such malware undetected is rather challenging.

Information security

LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader

LeakNet ransomware group uses ClickFix social engineering via compromised websites for initial access, employing a Deno-based C2 loader to execute payloads in memory, followed by consistent post-exploitation sequences detectable before ransomware deployment.

Targeted Phishing Attack Breaches Biotech Company Data

Intuitive Surgical suffered a phishing attack compromising employee credentials, exposing customer and corporate data, though operational systems and customer networks remained unaffected due to network segmentation.

Security Firm Executive Targeted in Sophisticated Phishing Attack

A C-level executive at Outpost24 was targeted by a sophisticated phishing attack using the Kratos phishing-as-a-service kit that exploited legitimate services like Cisco and Nylas to bypass security defenses.

fromSecuritymagazine

Targeted Phishing Attack Breaches Biotech Company Data

Security Firm Executive Targeted in Sophisticated Phishing Attack

Threat Actor Targeting VPN Users in New Credential Theft Campaign

Storm-2561 uses SEO poisoning and GitHub hosting to distribute trojans impersonating VPN software, stealing credentials through signed malware that evades detection.

#malware-distribution

Information security

Fake job applications pack malware that disables EDR

Cloned AI Tool Sites Distribute Malware in 'InstallFix' Campaign

InstallFix campaign uses cloned webpages and malvertising to distribute information-stealing malware through fake installation pages for popular development tools.

Information security

Fake job applications pack malware that disables EDR

more#malware-distribution

Cloned AI Tool Sites Distribute Malware in 'InstallFix' Campaign

InstallFix campaign uses cloned webpages and malvertising to distribute information-stealing malware through fake installation pages for popular development tools.

Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations

Threat actors impersonate IT support via email and phone calls to deliver Havoc C2 framework for data exfiltration or ransomware attacks across multiple organizations.

ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks

North Korean threat actor ScarCruft deployed the Ruby Jumper campaign using malware families that abuse Zoho WorkDrive for C2 communications and removable media to compromise air-gapped networks.

Why cyberattacks don't require advanced hacking

Poor cyber hygiene, weak identity security, overdue IT maintenance, and incomplete logging make organizations vulnerable to financially motivated attacks such as ransomware and email fraud.

BeyondTrust Vulnerability Exploited in Ransomware Attacks

Critical BeyondTrust vulnerability CVE-2026-1731 is being exploited in ransomware attacks, prompting a CISA KEV update and observed malicious activity across multiple sectors and countries.

SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer

Threat actors trojanized an Oura MCP server to distribute the StealC infostealer via fake GitHub repositories and poisoned MCP registries.

Researchers hack malware gang via its own weak spot

An XSS flaw in StealC’s web panel allowed takeover of operator sessions, revealing millions of stolen cookies, passwords, and YouTube-based malware distribution.

Vulnerability exploits now dominate intrusions

Exploit of disclosed vulnerabilities now causes most intrusions, with attackers weaponizing new flaws within hours while many organizations patch slowly.

fromZDNET

This new 'sleeperware' doesn't set off alarms or crash your system - it sneaks in and waits

In its annual Red Report, a body of research that analyzes real-world attacker techniques using large-scale attack simulation data, Picus Labs warns cybersecurity professionals that threat actors are rapidly shifting away from ransomware encryption to parasitic "sleeperware" extortion as their means to loot organizations for millions of dollars per attack. Released today and now in its sixth year, the 278-page Red Report gets its name from Picus-organized cybersecurity exercises that take the perspective of the attacker's team, otherwise known as the "red team."

Information security