Latest Analysis
Cybersecurity intelligence, threat analysis, and national security reporting.
DriveSurge Hijacks Thousands of Sites for Malware Attacks
DriveSurge, a notorious threat actor, is hijacking thousands of reputable websites using an open-source tool called zTDS, silently redirecting unsuspecting visitors to malware. This allows them to operate a lucrative pay-per-install business, fueling a range of devastating cyberattacks.
Malware Worms Red Hat npm Packages, Targets Cloud Credentials
A single compromised Red Hat employee's GitHub account was used to seed dozens of Red Hat npm package releases with a self-propagating credential-stealer, putting cloud credentials at risk. The malicious packages, downloaded around 80,000 times a week, are still considered a live threat.
Red Hat npm Packages Compromised in Supply-Chain Attack
A recent supply-chain attack compromised 32 Red Hat npm packages, affecting 117,000 weekly downloads, after attackers backdoored 96 package versions under the @redhat-cloud-services namespace. The breach occurred when a Red Hat employee's GitHub account was compromised, allowing malicious commits to be pushed.
Spain Cracks Down on Doser Behind Leak of Gov't Employee Data
Spain's National Police have cracked down on a suspect behind a massive data leak that exposed sensitive information of government employees, posing a significant risk to national security. The suspect was arrested on May 27, and a search of their home yielded crucial evidence, including computers and electronic devices.
Phishers Target Midterm Elections With 5K+ Domain Registrations
Scammers are ramping up their efforts to deceive voters with over 5,000 election-themed domains registered in just two months, providing a fertile ground for phishing, impersonation, and misinformation campaigns to manipulate the midterm elections. This alarming surge in domain registrations has already exposed around 17,000 credentials linked to sensitive organizations and services.
Miasma Supply Chain Attack Targets Red Hat npm Packages
A new supply-chain campaign, codenamed Miasma, has compromised multiple Red Hat npm packages to steal sensitive credentials and deliver a self-propagating worm, putting developer machines at risk. This sneaky attack uses clever tactics like install-time execution and encrypted exfiltration to harvest secrets and spread its reach.
Dashlane Bolsters Defenses After Brute Force Attacks Lock Out Users
Dashlane recently thwarted a brute force attack that temporarily locked out some users, but swift action ensured their accounts were quickly restored. The company has since bolstered its defenses and is closely monitoring the situation to prevent future incidents.
World Cup Faces New Cyber Threats in AI-Driven Era
As the World Cup kicks off on June 11, it's not just a sporting spectacle - it's a high-stakes target for cyber threats, with billions of people, devices, and transactions converging online at once. This massive influx creates a perfect storm of vulnerability, exposing ticketing, payments, broadcasts, and infrastructure to unprecedented risk.
WordPress Sites Targeted in Steam Profile Malware Campaign
A massive malware campaign has infected nearly 2,000 WordPress websites, using a sneaky tactic of hiding command-and-control data within Steam Community profile comments. The attack, first detected in July 2025, has left security experts scrambling to uncover its entry point.
Foreign Adversaries Exploit Location Data to Track US Troops in War Zones
Foreign adversaries are using commercial location data to track US troops in war zones, putting their lives at risk by revealing their whereabouts and patterns of movement to potential attackers. This alarming practice allows enemies to target troops with missiles, drones, and roadside bombs, and even aids in counterintelligence efforts.
China-Aligned Hackers Target Czech Republic, Taiwan in Cyber Espionage Push
China-aligned hackers have launched a sneaky cyber espionage campaign, dubbed Operation Dragon Weave, targeting officials and citizens in the Czech Republic and Taiwan with a cunning malware that masquerades as a legitimate cloud storage service. The malware ultimately delivers an AdaptixC2 agent, putting sensitive information at risk.
Cyberattacks Accelerate as AI Lowers Bar for Threat Actors
Defaults and automation are handing attackers cheap, fast entry points, making it alarmingly easy for them to wreak havoc - just like in the case of Gogs, where open registration and unlimited repository creation allow unauthenticated attackers to create an account and repository with ease. This vulnerability is being exploited, along with a critical authentication bypass flaw in PAN-OS and Prisma Access, underscoring the urgent need for heightened cybersecurity measures.
Microsoft Probes Office Apps, Teams File Access Outage
Microsoft is currently investigating an issue that's preventing some users from accessing files in Office for the web and Microsoft Teams, with affected users seeing an error message stating that Office Online services are temporarily unavailable. The company is working to restore services as soon as possible.
Atlas Menu Hack Exposes 64,000 User Records
A shocking security breach has hit Atlas Menu, a popular cheat service for Grand Theft Auto, with an attacker claiming to have fully compromised the system and leaked 64,000 user records online. The hacker also made the disturbing allegation that Atlas Menu was secretly taking screenshots of users' machines.
Faster Vulnerability Alerts Disrupt Cyberattack Window
The time it takes for attackers to exploit a newly disclosed vulnerability has dramatically shrunk to just 1.6 days - leaving organizations scrambling to respond. In today's lightning-fast threat landscape, staying ahead of vulnerability alerts is crucial to preventing devastating cyberattacks.
Flowise Flaw Exposes Servers to Full Attacker Control
A critical security flaw in Flowise, a popular open-source AI workflow platform, allows attackers to seize full control of a server by tricking a logged-in user into importing a malicious file. This vulnerability, disclosed by Obsidian Security, puts self-hosted deployments at risk, with a simple exploit capable of unleashing a devastating attack.
Microsoft Resolves MFA, MySignIn Outage After Infrastructure Failover
Microsoft quickly sprang into action to resolve a widespread outage that left some users unable to set up multi-factor authentication or access their accounts on My Sign-Ins. The issue, marked by 504 Gateway Timeout errors, was confirmed around 5:00 AM ET and swiftly addressed with an infrastructure failover.
Cybersecurity Teams Face Simulated Supermarket Cyber-Attack Test
Get ready to enter the war room and face off against a simulated cyber-attack in a thrilling tabletop experience, where you'll play out a high-stakes battle to protect a fictional supermarket from a multi-stage cyber threat. Join Semperis at Infosecurity Europe 2026 for a 90-minute immersive roleplaying simulation that puts your cybersecurity skills to the test.
Palo Alto VPN Bug Sees Active Exploitation
Security experts at Rapid7 have confirmed that hackers are actively exploiting a critical authentication bypass flaw in Palo Alto Networks' VPN, putting PAN-OS users at risk of targeted attacks. This urgent development means users must patch their systems ASAP to prevent exploitation.
Windows Netlogon flaw exploited in attacks after patch release
A critical Windows Netlogon flaw, patched just last month, is now being actively exploited in attacks, putting vulnerable systems at risk of remote code execution. This severe vulnerability, rated 9.8 out of 10 in severity, allows attackers to gain control of targeted domain controllers with just a specially crafted network request.
MSPs Pivot to Security Growth Platforms
Small and medium businesses are driving a seismic shift in cybersecurity spending, with SMBs projected to shell out $109 billion by 2026 - and managed service providers are stepping up to meet the demand as the de facto security function. As a result, MSPs are pivoting to security growth platforms to keep pace.
AI Transforms SOCs, But Human Analysts Remain Vital
AI is revolutionizing Security Operations Centers, but not by replacing human analysts - instead, it's freeing them from tedious tasks to focus on high-stakes decision-making. By automating routine work, AI is augmenting human capabilities, not replacing them.
Dashlane Disrupts Service Amid Brute-Force Attacks
Dashlane recently took swift action to protect its users, suspending customer accounts in response to a surge of brute-force attacks that triggered the company's automatic defenses, putting engineers' weekends on hold. This decisive move showcases the password manager's commitment to safeguarding user security.
Microsoft Outage Disrupts Multi-Factor Authentication Setup, My Sign-Ins Platform
Microsoft is currently investigating an outage that's preventing users from setting up multi-factor authentication and accessing the My Sign-Ins platform, with the issue confirmed around 5 AM ET. The company is actively working to resolve the disruption, urging affected customers to monitor its Microsoft 365 Status account for updates.