Tag: emerging threats
3178 articles
ShinyHunters Exclusive: Damaging Corporate Extortion Wave
The ShinyHunters campaign has escalated from quiet database dumps to brazen public extortion—naming victims, posting timetables, and using voice‑phishing plus massive file thefts that could turn single breaches into a supply‑chain crisis. Corporations now face a stark choice: pay ransoms or risk a public dump of sensitive customer and corporate data.
DDoS Botnet Aisuru Sparks Severe, Stunning ISP Outages
Imagine fighting a storm when most of the clouds are over your own house — that’s the Aisuru DDoS. A near‑record 30 trillion bps flood from hijacked home IoT devices clustered on AT&T, Comcast and Verizon networks forced ISPs to choose between cutting off millions with blunt defenses or chasing slow, costly surgical fixes.
Self-Replicating Worm: Stunning Threat Hits 180+ Packages
A stark wake-up call: a self-replicating worm has infected 187+ NPM packages, stealing and publicly exposing developer tokens during installs. By weaponizing automated installs and transitive dependencies, it turns every npm install into a potential propagation engine.
Self-Replicating Worm Hits 180+ Packages: Exclusive Danger
A fast-spreading self-replicating worm has already infected 180+ packages—our exclusive breakdown reveals how it spreads, who’s at risk, and the quick steps you can take to protect your projects.
Bulletproof Host Exclusive: Stark’s Controversial EU Evasion
When the EU froze Stark Industries Solutions — a notorious bulletproof hosting provider tied to Kremlin-linked cyberattacks — the aim was to choke off dangerous infrastructure, but months later the same IPs and services resurfaced under new shells. That rapid reconstitution shows how sanctions on paper can fail when operators lean on bulletproof hosting to keep malware, botnets, and disinformation campaigns alive.
Bulletproof Host Evades EU Sanctions: Exclusive Controversy
EU sanctions couldnt stop a notorious bulletproof hosting provider—it reconstituted under new names and kept serving the same clients. Our exclusive reporting shows how shell companies, domain and IP migrations, and rapid rebrands preserved a hostile infrastructure, a wake-up call for regulators and defenders.
18 Popular Code Packages Hacked: Stunning Crypto Theft Risk
Imagine one convincing phishing email letting attackers slip crypto‑stealing code into 18 popular JavaScript packages — collectively downloaded billions of times each week. The breach lays bare how fragile the software supply chain is: a single compromised maintainer can push malicious updates into countless projects and developer environments.
Smishing Triad Exclusive: Dangerous 194K Domains Revealed
Think a text cant hurt you? Researchers say a single smishing campaign has spawned over 194,000 malicious domains, turning routine SMS alerts into localized lookalike sites and clever redirect chains that steal credentials or deliver malware worldwide.
Smishing Triad Exclusive: 194K Alarming Malicious Domains
A single text can open a global crime machine — Unit 42 ties 194,000+ malicious domains to one sprawling smishing operation, so pause and verify before you click.
Microsoft WSUS flaw: Exclusive urgent fix for severe exploit
Heads up: Microsoft released an emergency patch for a critical WSUS vulnerability (CVE‑2025‑59287) that’s already being exploited in the wild. Administrators must weigh rapid deployment against potential disruption — but with exploit code circulating, closing the exposure window should be the priority.
Microsoft WSUS Critical Flaw: Exclusive Exploitation Alert
Imagine the service you rely on to push security updates becoming a vehicle for remote code execution — that’s the urgent reality for WSUS admins after Microsoft issued an out‑of‑band patch for CVE-2025-59287 (CVSS 9.8) amid public proof‑of‑concept and active exploitation. Apply the emergency update now and verify your WSUS and recovery workflows to stop attackers from turning your update pipeline into an attack vector.
Microsoft WSUS flaw Exclusive: Critical exploit active
Your update server shouldnt be the thing that unpatches you. Microsoft rushed an emergency patch for a critical Windows Server Update Service (WSUS) RCE after public proof‑of‑concept code and active exploitation surfaced — inventory and patch your WSUS servers now.
APT36 Exclusive: Critical Golang DeskRAT Threat to India
Heres the scoop: a targeted spear-phishing campaign installed DeskRAT—a compact, Golang-based remote access tool linked to APT36—into Indian government systems, letting attackers read emails, capture keystrokes and siphon sensitive files. Lightweight and cross-platform, DeskRAT underscores how APT36’s patient social-engineering playbook keeps compromising high-value targets.
APT36 Exclusive: Golang DeskRAT Threatens India
This autumn, a seemingly innocent spear-phish opened the door to DeskRAT, a Golang-based remote-access trojan tied to APT36 (Transparent Tribe) that slipped into Indian government networks to harvest credentials and siphon documents. Analysts warn the groups move to Go makes these cross-platform implants smaller, stealthier, and tougher to pin down—an unnerving evolution in a decade-long espionage playbook.
APT36 Exclusive: Critical Golang DeskRAT Threat Hits India
Think a phishing email cant threaten national security? In summer 2025, tailored spear-phishing delivered Golang DeskRAT into Indian government networks — a stealthy APT36 tool that turns a single click into a strategic risk.
3,000 YouTube Videos Exposed: Exclusive Malicious Network
Imagine the how‑to video you trust quietly installing a trojan — researchers have uncovered a malicious network behind 3,000+ YouTube uploads that lure viewers to downloads which deploy credential stealers, cryptominers and remote‑access trojans. By posing as tutorials and fixes and using lightweight loaders, this scalable scheme turns platform trust into a repeatable infection machine.
YouTube Videos Exposed: Exclusive Dangerous Malware Alert
Think twice before clicking — researchers have uncovered a coordinated network that’s published over 3,000 malicious videos, baiting viewers with fake tools and links that install credential stealers, cryptominers, and remote-access trojans.
GlassWorm Exclusive: Dangerous VS Code Supply-Chain Attack
Meet GlassWorm: a self‑propagating supply‑chain worm hiding in VS Code extensions (Open VSX and the Microsoft Marketplace) that uses install‑time scripts and stolen CI tokens to publish more malicious packages, turning developer convenience into a fast‑moving attack vector.
North Korean Hackers: Exclusive Dangerous Drone Job Scam
North Korean hackers are posing as recruiters for “exclusive” drone jobs that could put applicants in real danger — here’s how to spot the scam and protect yourself.
North Korean Hackers Exclusive Drone Espionage Threat
Imagine a calendar invite from a colleague that’s actually a spy. North Korean threat actors are exploiting trusted collaboration tools and clever social engineering to steal drone designs and supplier data from European defense contractors.
ThreatsDay Exclusive: Critical Security Risks $176M Fine
When abused OAuth tokens, unpatched libraries, and lax segmentation make breaches easy, attackers dont need cleverness—just opportunity—and regulators are now handing out fines in the hundreds of millions. Tighten hygiene, authentication, and monitoring before convenience becomes an expensive lesson.
ThreatsDay Exclusive: Critical Crypto Fine, AI Hijack Alert
ThreatsDay peels back how criminals are weaponizing trust — not by inventing new tech but by exploiting convenience, stale components and lax controls, from a billion‑dollar crypto collapse to AI‑assisted hijacks and targeted smishing. Find out why ordinary systems and trusted channels are the new attack surface, and who should be closing the door.
Jingle Thief Exclusive: Hackers Devastate Gift Cards
Exclusive: Hackers are turning gift cards into easy targets—our deep dive reveals how gift card fraud works, who’s at risk, and simple steps to protect your balance.
Magento Exclusive: Critical Flaw Hits 250+ Stores Overnight
A single flaw prompted 250+ attack attempts against Magento-based stores in just 24 hours, forcing merchants to weigh sales against safety. Adobe’s emergency patches — plus quick steps like MFA and session token rotation — need to be applied now to stop fraud, skimming, and account takeovers.