#qakbot
#qakbot

EU data protection

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

20 hours ago

Information security

After fighting malware for decades, this cybersecurity veteran is now hacking drones | TechCrunch

Information security

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

New Android malware targets banking users, Italy fines Intesa Sanpaolo for data breach, Apple updates Mac security against ClickFix attacks.

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The ThreatsDay Bulletin provides a concise overview of current cybersecurity threats and trends affecting system safety.

fromSilicon Canals

5 hours ago

The man who discovered the ILOVEYOU virus is now fighting Russian drones using the same playbook - Silicon Canals

Mikko Hyppönen has transitioned from cybersecurity to anti-drone defense, focusing on systems for law enforcement and military clients.

EU data protection

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

A cybercriminal group known as TeamPCP hacked the EU's executive body, stealing 92 gigabytes of data, including personal information.

20 hours ago

After fighting malware for decades, this cybersecurity veteran is now hacking drones | TechCrunch

Mikko Hyppönen emphasizes the invisible nature of cybersecurity work, comparing it to Tetris where successes vanish and failures accumulate.

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

TA416 has intensified cyberattacks on European government and diplomatic organizations since mid-2025, utilizing advanced malware delivery techniques.

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

New Android malware targets banking users, Italy fines Intesa Sanpaolo for data breach, Apple updates Mac security against ClickFix attacks.

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The ThreatsDay Bulletin provides a concise overview of current cybersecurity threats and trends affecting system safety.

Human Error, Not Hacking, Cited as Top Cause for Crypto Access Loss

Human error is the leading cause of cryptocurrency access loss, affecting 35% of holders, primarily due to forgotten passwords and lost seed phrases.

Marketing tech

fromTipRanks Financial

AI Recommendation Poisoning: Why Microsoft (NASDAQ:MSFT) Is Fighting So Hard - TipRanks.com

AI recommendation poisoning manipulates AI outputs by embedding hidden instructions in websites, potentially skewing information and affecting marketing strategies.

Roam Research

8 in 10 AI Chatbots Likely to Help Plan Attacks, Hate Crimes

Most AI chatbots fail to discourage violent actions and often provide assistance for planning attacks.

#phishing

fromIrish Independent

Deliverability

Public warned to 'ignore' scam email claiming to be from Garda Commissioner accusing them of serious crimes

Information security

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

Information security

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

Major phishing campaign on GitHub using fake security alerts

A large-scale phishing campaign targets developers on GitHub, exploiting Discussions to spread fake security alerts about Visual Studio Code and distribute malware.

Information security

Tax Season Means Phishing Season: How Individuals and Businesses Can Protect Themselves

1 week ago

Information security

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

fromIrish Independent

Deliverability

Public warned to 'ignore' scam email claiming to be from Garda Commissioner accusing them of serious crimes

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

A phishing campaign impersonating CERT-UA distributed malware called AGEWHEEZE targeting various organizations in Ukraine.

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A phishing campaign targets Spanish-speaking users in Latin America and Europe, delivering banking trojans via malware called Horabot.

Major phishing campaign on GitHub using fake security alerts

A large-scale phishing campaign targets developers on GitHub, exploiting Discussions to spread fake security alerts about Visual Studio Code and distribute malware.

Tax Season Means Phishing Season: How Individuals and Businesses Can Protect Themselves

Phishing attacks during tax season have become more sophisticated, leveraging generative AI to impersonate trusted entities like the IRS.

1 week ago

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

fromArs Technica

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

fromZDNET

Artificial intelligence

From Clawdbot to OpenClaw: This viral AI agent is evolving fast - and it's nightmare fuel for security pros

DevOps

fromInfoWorld

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

fromArs Technica

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

fromZDNET

Artificial intelligence

From Clawdbot to OpenClaw: This viral AI agent is evolving fast - and it's nightmare fuel for security pros

ICE says it bought Paragon's spyware to use in drug trafficking cases | TechCrunch

ICE has utilized spyware from Paragon Solutions to combat drug trafficking and foreign terrorist organizations' use of encrypted communications.

#whatsapp

WhatsApp notifies hundreds of users who installed a fake app that was actually government spyware | TechCrunch

WhatsApp notified 200 users about a malicious fake app containing spyware created by Italian firm SIO.

Don't open that WhatsApp message, Microsoft warns

WhatsApp messages are being exploited to deliver malicious files that allow attackers to control victims' machines and access their data.

WhatsApp notifies hundreds of users who installed a fake app that was actually government spyware | TechCrunch

WhatsApp notified 200 users about a malicious fake app containing spyware created by Italian firm SIO.

Don't open that WhatsApp message, Microsoft warns

WhatsApp messages are being exploited to deliver malicious files that allow attackers to control victims' machines and access their data.

more#whatsapp

Mental health

fromwww.theguardian.com

Unregulated chatbots are putting lives at risk | Letters

AI companies must implement pre-use screening tools to protect vulnerable users from harm.

Axios NPM Package Breached in North Korean Supply Chain Attack

Malicious Axios NPM library versions were distributed in a supply chain attack by North Korean hackers, affecting millions of users.

Node JS

fromAxios

North Korean hackers implicated in major supply chain attack

A compromised maintainer account for the Axios npm package led to the publication of malicious software versions targeting various operating systems.

North Korea behind social engineering attack on Axios project

Attackers compromised the Axios maintainer's account through social engineering, publishing malicious versions that installed a Remote Access Trojan on victims' systems.

Node JS

Axios NPM Package Breached in North Korean Supply Chain Attack

Malicious Axios NPM library versions were distributed in a supply chain attack by North Korean hackers, affecting millions of users.

Node JS

fromAxios

North Korean hackers implicated in major supply chain attack

A compromised maintainer account for the Axios npm package led to the publication of malicious software versions targeting various operating systems.

fromHarvard Business Review

North Korea behind social engineering attack on Axios project

Attackers compromised the Axios maintainer's account through social engineering, publishing malicious versions that installed a Remote Access Trojan on victims' systems.

more#axios

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

An AI agent named MJ Rathbun published a blogpost attacking engineer Scott Shambaugh.

North Korean Hackers Drain $285 Million From Drift in 10 Seconds

A North Korean threat actor executed a $285 million heist from the Drift DeFi platform using sophisticated techniques and pre-signed transactions.

fromFortune

I knew about North Korean hackers-they still tricked me and got into my computer | Fortune

North Korean hackers are increasingly targeting individuals in the crypto industry, employing sophisticated deception tactics.

fromNextgov.com

North Korea-linked hackers suspected in Axios open-source hijack, Google analysts say

North Korea-aligned hackers compromised the Axios JavaScript library, risking many developers' systems through a sophisticated supply chain attack.

fromDevOps.com

North Korean Hackers Suspected in Supply Chain Attack on Popular Axios Project - DevOps.com

North Korean hackers hijacked the npm account of an axios maintainer, publishing malicious versions that installed a remote access trojan.

Cryptocurrency

North Korean Hackers Drain $285 Million From Drift in 10 Seconds

A North Korean threat actor executed a $285 million heist from the Drift DeFi platform using sophisticated techniques and pre-signed transactions.

fromFortune

I knew about North Korean hackers-they still tricked me and got into my computer | Fortune

North Korean hackers are increasingly targeting individuals in the crypto industry, employing sophisticated deception tactics.

fromNextgov.com

North Korea-linked hackers suspected in Axios open-source hijack, Google analysts say

North Korea-aligned hackers compromised the Axios JavaScript library, risking many developers' systems through a sophisticated supply chain attack.

fromDevOps.com

North Korean Hackers Suspected in Supply Chain Attack on Popular Axios Project - DevOps.com

North Korean hackers hijacked the npm account of an axios maintainer, publishing malicious versions that installed a remote access trojan.

more#north-korea

6 days ago

FBI Confirms Kash Patel Email Hack as US Offers $10M Reward for Hackers

Threat actors accessed FBI Director Kash Patel's personal email, but no government information was compromised.

#malware

Information security

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

Information security

Sophisticated CrystalX RAT Emerges

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Operation REF1695 uses fake installers to deploy RATs and cryptocurrency miners, monetizing infections through CPA fraud since November 2023.

Information security

New DeepLoad Malware Dropped in ClickFix Attacks

Information security

Fake Claude Code source downloads actually delivered malware

fromTechRepublic

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

A new version of SparkCat malware targets cryptocurrency users on mobile platforms, concealing itself in benign apps and evolving its technical capabilities.

Sophisticated CrystalX RAT Emerges

CrystalX RAT is a new malware-as-a-service combining spyware, stealer, and remote access capabilities, promoted on Telegram and YouTube.

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Operation REF1695 uses fake installers to deploy RATs and cryptocurrency miners, monetizing infections through CPA fraud since November 2023.

New DeepLoad Malware Dropped in ClickFix Attacks

DeepLoad malware steals credentials and intercepts browser interactions, utilizing ClickFix for distribution and evading detection through sophisticated techniques.

Fake Claude Code source downloads actually delivered malware

Leaked Claude Code source code led to malware downloads, including credential-stealing Vidar and proxy tool GhostSocks, via a malicious GitHub repository.

fromTechRepublic

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

Documentation can contain malicious instructions for agents

Context Hub may enhance API usage but poses risks of software supply chain attacks through unverified documentation.

Cryptocurrency

fromnews.bitcoin.com

Kraken User Loses $18.2M in Crypto Social Engineering Attack as Funds Move via Thorchain: ZachXBT

A coordinated theft involved phishing tactics, rapid asset transfers, and laundering of approximately $1.8 million in ether through decentralized protocols.

Roam Research

174 Vulnerabilities Targeted by RondoDox Botnet

RondoDox botnet expanded its exploit list to 174 vulnerabilities and shifted from indiscriminate to targeted exploitation strategies, proactively targeting unpatched flaws before CVE assignment.

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

Threat actor exploits Next.js vulnerabilities to exfiltrate credentials and compromise systems at scale, affecting over 766 systems and collecting more than 10,000 files.

fromComputerworld

Cyber criminals too are working from home... your home

The FBI warns that cybercriminals use residential proxies to mask illegal activities by hijacking IoT devices, smartphones, and routers, threatening both consumers and enterprises, particularly older devices.

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Four terabytes of data have reportedly been stolen, including database records and source code. Allegedly stolen data has been published on a leak site, containing Slack information, internal ticketing data, and videos of conversations between Mercor's AI systems and contractors.

Information security

Artificial intelligence

fromFuturism

AI Tools Are Supercharging Hackers

AI systems are increasingly weaponized for cybercrime, enabling hackers to exploit vulnerabilities at scale with minimal technical expertise, as demonstrated by recent attacks on Mexican government networks and global firewall systems.

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Drift decentralized exchange lost $285 million due to a sophisticated attack involving unauthorized access and social engineering.

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.

Axios supply chain attack victim posts postmortem to prevent a repeat

Axios was compromised for three hours, distributing Remote Access Trojans due to a sophisticated social engineering attack by North Korean group UNC1069.

Mercor Hit by LiteLLM Supply Chain Attack

Mercor was impacted by a supply chain attack involving LiteLLM, resulting in the theft of 4 terabytes of data.

fromInfoQ

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.

Mercor Hit by LiteLLM Supply Chain Attack

Mercor was impacted by a supply chain attack involving LiteLLM, resulting in the theft of 4 terabytes of data.

fromInfoQ

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.

more#supply-chain-attack

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Stolen credentials significantly enhance ransomware attacks, enabling illegitimate access and operational disruption within networks.

Venom Stealer Raises Stakes With Continuous Credential Harvesting

Stolen credentials via infostealers like Venom Stealer are central to modern cybercrime.

Exabeam now monitors AI agents in ChatGPT, Copilot, and Gemini

Exabeam expands Agent Behavior Analytics to monitor AI agent behavior, detect anomalies, and enhance security against AI risks.

Information security

Are criminals vibe coding malware? All signs point to yes

Information security

Block red-teamed its own AI agent to run an infostealer

Exabeam now monitors AI agents in ChatGPT, Copilot, and Gemini

Exabeam expands Agent Behavior Analytics to monitor AI agent behavior, detect anomalies, and enhance security against AI risks.

Information security

Are criminals vibe coding malware? All signs point to yes

Information security

Block red-teamed its own AI agent to run an infostealer

Chainalysis Deploys AI Agents to Counter Criminal Use of Artificial Intelligence in Crypto

Chainalysis introduces AI agents to enhance fraud detection and compliance without requiring deep technical expertise, ensuring data quality and human oversight.

CrewAI Vulnerabilities Expose Devices to Hacking

Threat actors can exploit four vulnerabilities in CrewAI for remote code execution and other attacks.

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

Aisuru and Kimwolf DDoS Botnets Disrupted in International Operation

The US Justice Department disrupted several IoT botnets used for DDoS attacks, targeting Aisuru, Kimwolf, JackSkid, and Mossad.

fromWIRED

US Takes Down Botnets Used in Record-Breaking Cyberattacks

The US Department of Justice, working with the cybercrime-fighting agency within the US Department of Defense known as the Defense Criminal Investigative Service, announced that it had dismantled four massive botnets in a single operation, removing the command-and-control servers used to commandeer the hacker-run armies of compromised devices known by the names JackSkid, Mossad, Aisuru, and Kimwolf.

Information security

Identity has become malleable for cyber attackers

Modern cyberattacks combine psychological manipulation, deepfakes, voice phishing, and stolen data to breach even well-defended organizations without exploiting software vulnerabilities.

Konni Deploys EndRAT Through Spear-Phishing, Uses KakaoTalk to Propagate Malware

North Korean threat actor Konni uses spear-phishing emails to compromise victims and abuse their KakaoTalk application to distribute malware to contacts while stealing sensitive documents.

Security Firm Executive Targeted in Sophisticated Phishing Attack

A C-level executive at Outpost24 was targeted by a sophisticated phishing attack using the Kratos phishing-as-a-service kit that exploited legitimate services like Cisco and Nylas to bypass security defenses.

Targeted Phishing Attack Breaches Biotech Company Data

Intuitive Surgical suffered a phishing attack compromising employee credentials, exposing customer and corporate data, though operational systems and customer networks remained unaffected due to network segmentation.

Security Firm Executive Targeted in Sophisticated Phishing Attack

Targeted Phishing Attack Breaches Biotech Company Data

Threat Actor Targeting VPN Users in New Credential Theft Campaign

Storm-2561 uses SEO poisoning and GitHub hosting to distribute trojans impersonating VPN software, stealing credentials through signed malware that evades detection.

Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks

AI-generated malware Slopoly enables threat actors to develop malware frameworks significantly faster, demonstrating the weaponization of AI for cybercriminal purposes.

Cloned AI Tool Sites Distribute Malware in 'InstallFix' Campaign

InstallFix campaign uses cloned webpages and malvertising to distribute information-stealing malware through fake installation pages for popular development tools.

Crims hit EV charger firm ELECQ, steal customer contact data

In a notice sent to customers on Monday and seen by The Register, the EV charging outfit said that it detected "unusual activity" on its AWS cloud platform on March 7 and quickly discovered that attackers had launched a ransomware attack against parts of its infrastructure. According to the message, some databases were both encrypted and copied during the intrusion, meaning that the crooks likely walked off with user information before the company pulled the plug.

Information security

ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks

North Korean threat actor ScarCruft deployed the Ruby Jumper campaign using malware families that abuse Zoho WorkDrive for C2 communications and removable media to compromise air-gapped networks.

fromComputerWeekly.com

Qilin crew continues to dominate ransomware ecosystem | Computer Weekly

Given the scale and disruption of 2025, this pattern could be an early signal that 2026 may follow a similar path. Organisations should not mistake the month-on-month drop for a decline in risk. As for Qilin, its attacks show no signs of stopping - within the past few days it has claimed a breach of the Local 100 Chapter of the Transport Workers Union of America, affecting 41,000 current and 26,000 former employees.

Information security

fromMashable

Hackers use this tool to bypass fraud detection and weaponize Google ads

The service, referred to as 1Campaign, provides hackers with a one-stop-shop for running malicious ads and enabling fraud "at scale," a recent report by cybersecurity company Varonis uncovered. Using just a single dashboard, hackers can cloak malicious content from security researchers, ad platform reviewers, and automated scanners - who instead see a benign white page - and target general users with phishing or scam attempts.

Information security

Crims hit a $20M jackpot via malware-stuffed ATMs

ATM jackpotting malware enabled thieves to steal over $20 million by forcing compromised ATMs to dispense cash without bank authorization.

Researchers hack malware gang via its own weak spot

An XSS flaw in StealC’s web panel allowed takeover of operator sessions, revealing millions of stolen cookies, passwords, and YouTube-based malware distribution.

Crims hit the easy button for IT helpdesk scams

Custom voice-phishing kits sold on dark-web channels enable attackers to spoof authentication flows, intercept credentials and MFA codes, and orchestrate live helpdesk social-engineering.

Number of phishing attacks doubles in one year

Phishing kits and phishing-as-a-service expanded in 2025, enabling less skilled attackers and leveraging AI-generated messages and QR-based quishing to increase realism and bypass defenses.

DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files

DEAD#VAX uses IPFS-hosted VHDs, heavy script obfuscation, runtime decryption, and in-memory AsyncRAT shellcode injection to evade detection and avoid disk artifacts.