The multi-stage campaign targeting South Korea uses weaponized Windows shortcuts and GitHub-based command-and-control to evade detection. DPRK-linked threat actors are preferring stealth over ...
On 2026-03-31, an unknown threat actor compromised the npm account of jasonsaayman, the primary maintainer of axios. The attacker changed the account email to ifstap@proton[.]me and manually published ...
An advanced persistent threat (APT) group, Flax Typhoon, was able to gain persistent access to the mapping tool ArcGIS for over a year, putting several enterprises at risk. ArcGIS is a geospatial ...
ESET researchers have identified a new threat actor, whom we have named GhostRedirector, that compromised at least 65 Windows servers mainly in Brazil, Thailand, and Vietnam. GhostRedirector used two ...
Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to compromise at least 65 Windows servers primarily located in Brazil, ...
An ongoing malware campaign active throughout 2025 is using malvertising to deliver a sophisticated PowerShell-based framework. According to Cisco Talos researchers, the malware is named “PS1Bot” due ...
This research from Bitdefender Labs details a cluster of malicious activity we've been tracking since mid-2024. It uncovers a new threat actor group we’ve named Curly COMrades, operating to support ...
Since October 2024, Microsoft Defender Experts (DEX) has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to ...
PowerShell modules help IT professionals and business owners organize multiple scripts into a single, reusable package, making code easier to manage, share and maintain. While individual scripts work ...
PyPI is popular among Python programmers for sharing and downloading code. Since anyone can contribute to the repository, malware – sometimes posing as legitimate, popular code libraries – can appear ...
The Microsoft Detection and Response Team (DART) has been renamed to Microsoft Incident Response (Microsoft IR). For more information on IR services, go to Microsoft Incident Response Web exploitation ...