serisec

Category: cyber attack

  • Aqua Security’s Trivy Scanner Compromised in Supply Chain Attack

    Aqua Security’s Trivy Scanner Compromised in Supply Chain Attack A sophisticated supply chain attack targeting Aqua Security’s widely used open-source vulnerability scanner, Trivy. A threat actor leveraged compromised credentials to distribute malicious releases, turning a trusted security tool into a mechanism for large-scale credential theft across CI/CD pipelines. The incident remains an ongoing and evolving…

  • Hackers Leveraging Multiple AI Services to Compromise 600+ FortiGate Devices

    Hackers Leveraging Multiple AI Services to Compromise 600+ FortiGate Devices A financially motivated threat actor exploited various commercial generative AI services to compromise over 600 FortiGate devices across more than 55 countries between January 11 and February 18, 2026. The campaign marks a defining demonstration of how AI is lowering the technical entry barrier to…

  • Hackers Linked to State Actors Target Signal Messages of Military Officials and Journalists

    Hackers Linked to State Actors Target Signal Messages of Military Officials and Journalists Germany’s top security agencies issued an urgent warning yesterday regarding a sophisticated cyber espionage campaign targeting high-ranking officials and journalists across Europe. The Federal Office for the Protection of the Constitution (BfV) and the Federal Office for Information Security (BSI) revealed that…

  • China Hacked Email Systems Used by US Congressional Staff, New Report

    China Hacked Email Systems Used by US Congressional Staff, New Report A sophisticated Chinese hacking group has breached email systems accessed by staffers on critical U.S. House committees, exposing sensitive communications amid escalating cyber tensions between Washington and Beijing. The Financial Times revealed on Wednesday that the intruders, tracked as Salt Typhoon, targeted aides supporting…

  • DIG AI – Darknet AI Tool Enabling Threat Actors to Launch Sophisticated Attacks

    DIG AI – Darknet AI Tool Enabling Threat Actors to Launch Sophisticated Attacks A new and ominous player has emerged in the rapidly expanding landscape of “Shadow AI.” Researchers at Resecurity have identified DIG AI, an uncensored artificial intelligence tool hosted on the darknet that is empowering threat actors to automate cyberattacks, generate illicit content,…

  • U.S. DOJ Charged 54 in Connection With ATM Hacking Attack by Deploying Ploutus Malware

    U.S. DOJ Charged 54 in Connection With ATM Hacking Attack by Deploying Ploutus Malware The U.S. Department of Justice (DOJ) has charged 54 individuals in a sweeping crackdown on a transnational cyber-physical attack network. The indictments, announced by U.S. Attorney Lesley A. Woods, allege a massive conspiracy involving “ATM jackpotting” to fund Tren de Aragua…

  • LockBit 5.0 Infrastructure Exposed in New Server, IP, and Domain Leak

    LockBit 5.0 Infrastructure Exposed in New Server, IP, and Domain Leak LockBit 5.0 key infrastructure exposed, revealing the IP address 205.185.116.233, and the domain karma0.xyz is hosting the ransomware group’s latest leak site. According to researcher Rakesh Krishnan, hosted under AS53667 (PONYNET, operated by FranTech Solutions), a network frequently abused for illicit activities, the server…

  • New Albiriox Malware Attacking Android Users to Take Complete Control of their Device

    New Albiriox Malware Attacking Android Users to Take Complete Control of their Device A sophisticated new Android malware family dubbed “Albiriox” has emerged on the cybercrime landscape, offering advanced remote access capabilities as a Malware-as-a-Service (MaaS). Identified by researchers at Cleafy, the malware is designed to execute On-Device Fraud (ODF) by granting attackers full control…

  • Canon Allegedly Breached by Clop Ransomware via Oracle E-Business Suite 0-Day Hack

    Canon Allegedly Breached by Clop Ransomware via Oracle E-Business Suite 0-Day Hack Canon has officially confirmed that it was targeted during the widespread hacking campaign exploiting a critical zero-day vulnerability in Oracle E-Business Suite (EBS). The attack, orchestrated by the notorious Clop ransomware gang, has impacted dozens of major organizations worldwide. The group listed Canon…

  • ClickFix Attack Uses Steganography to Hide Malicious Code in Fake Windows Security Update Screen

    ClickFix Attack Uses Steganography to Hide Malicious Code in Fake Windows Security Update Screen A new wave of ClickFix attacks is abusing highly realistic fake Windows Update screens and PNG image steganography to secretly deploy infostealing malware such as LummaC2 and Rhadamanthys on victim systems. The campaigns rely on tricking users into manually running a…

  • Open VSX Registry Addresses Leaked Tokens and Malicious Extensions in Wake of Security Scare

    Open VSX Registry Addresses Leaked Tokens and Malicious Extensions in Wake of Security Scare The Open VSX Registry and the Eclipse Foundation have completed their investigation into a significant security incident involving exposed developer tokens and malicious extensions. The comprehensive response reveals how the platform is strengthening defenses across the entire VS Code extension ecosystem…

  • New Phishing Attack Leverages Azure Blob Storage to Impersonate Microsoft

    New Phishing Attack Leverages Azure Blob Storage to Impersonate Microsoft Threat actors are leveraging Microsoft Azure Blob Storage to craft highly convincing phishing sites that mimic legitimate Office 365 login portals, putting Microsoft 365 users at severe risk of credential theft. This method exploits trusted Microsoft infrastructure, making the attacks harder to spot as the…

  • Volkswagen Allegedly Hit by Ransomware Attack as 8Base Claims Sensitive Data Theft

    Volkswagen Allegedly Hit by Ransomware Attack as 8Base Claims Sensitive Data Theft Volkswagen Group has issued a statement addressing claims by the ransomware group 8Base, which alleges it has stolen and leaked sensitive data from the automaker. The German carmaker maintains that its core IT infrastructure remains unaffected; however, the company’s vague response leaves questions…

  • Microsoft Disrupted Vanilla Tempest Attack by Revoking Certificates Used to Sign Fake Teams File

    Microsoft Disrupted Vanilla Tempest Attack by Revoking Certificates Used to Sign Fake Teams File Microsoft announced that it had revoked more than 200 digital certificates exploited by the notorious Vanilla Tempest hacking group. This action effectively disrupted an ongoing campaign where attackers impersonated Microsoft Teams installations to infiltrate corporate networks and deploy ransomware. The operation,…

  • Hackers use Weaponized Microsoft Teams Installer to Compromise Systems With Oyster Malware

    Hackers use Weaponized Microsoft Teams Installer to Compromise Systems With Oyster Malware A sophisticated malvertising campaign is using fake Microsoft Teams installers to compromise corporate systems, leveraging poisoned search engine results and abused code-signing certificates to deliver the Oyster backdoor malware. The attack was neutralized by Microsoft Defender’s Attack Surface Reduction (ASR) rules, which blocked…

  • 17-year-old Hacker Responsible for Vegas Casinos Hack has Been Released

    17-year-old Hacker Responsible for Vegas Casinos Hack has Been Released A 17-year-old suspect who surrendered over his alleged role in the 2023 cyberattacks against two major Las Vegas casino operators was released to his parents under strict supervision.  During his initial hearing before Family Court Judge Dee Smart Butler in Las Vegas, the teenager originally…

  • 22.2 Tbps DDoS Attack Breaks Internet With New World Record

    22.2 Tbps DDoS Attack Breaks Internet With New World Record Cloudflare announced it had autonomously mitigated the largest distributed denial-of-service (DDoS) attack ever recorded. The hyper-volumetric attack peaked at an unprecedented 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps), setting a new and alarming benchmark for the scale of cyber threats.…

  • Massive Cyber-Attack Attacking macOS Users via GitHub Pages to Deliver Stealer Malware

    Massive Cyber-Attack Attacking macOS Users via GitHub Pages to Deliver Stealer Malware A sophisticated cyber-attack campaign exploiting GitHub Pages to distribute the notorious Atomic stealer malware to macOS users.  The threat actors behind this operation are leveraging Search Engine Optimization (SEO) techniques to position malicious repositories at the top of search results across major platforms,…

  • Russian Airline Suffered Cyberattack Website and Other Systems Affected

    Russian Airline Suffered Cyberattack Website and Other Systems Affected Krasnoyarsk Regional Airlines (KrasAvia) confirmed a sophisticated cyberattack that has rendered its primary online services inoperable.  The breach targeted the airline’s web portal and associated back-end systems, including the Passenger Service System (PSS) and flight planning applications.  As a result, passengers are currently unable to complete…

  • Lessons Learned From Massive npm Supply Chain Attack Using “Shai-Hulud” Self-Replicating Malware

    Lessons Learned From Massive npm Supply Chain Attack Using “Shai-Hulud” Self-Replicating Malware The JavaScript ecosystem experienced one of its most sophisticated and damaging supply chain attacks in September 2025, when a novel self-replicating worm dubbed “Shai-Hulud” compromised over 477 npm packages, marking the first successful automated propagation campaign in the npm registry’s history. This attack represents…

  • How a Plaintext File On Users’ Desktops Exposed Secrets Leads to Akira Ransomware Attacks

    How a Plaintext File On Users’ Desktops Exposed Secrets Leads to Akira Ransomware Attacks A threat actor who gained initial access through a SonicWall VPN device was able to escalate their attack by finding Huntress recovery codes saved in a plaintext file on a user’s desktop. This allowed the attacker to log into the client’s…

  • SpamGPT – AI-powered Attack Tool Used By Hackers For Massive Phishing Attack

    SpamGPT – AI-powered Attack Tool Used By Hackers For Massive Phishing Attack A sophisticated new cybercrime toolkit named SpamGPT is enabling hackers to launch massive and highly effective phishing campaigns by combining artificial intelligence with the capabilities of professional email marketing platforms. Marketed on the dark web as a “spam-as-a-service” platform, SpamGPT automates nearly every…

  • Hackers Hijacked 18 Very Popular npm Packages With 2 Billion Weekly Downloads

    Hackers Hijacked 18 Very Popular npm Packages With 2 Billion Weekly Downloads In the largest supply chain attack, hackers compromised 18 popular npm packages, which together account for over two billion downloads per week. The attack, which began on September 8th, involved injecting malicious code designed to steal cryptocurrency from users. The compromised packages include…

  • WhatsApp 0-Day Vulnerability Exploited to Hack Mac and iOS Users

    WhatsApp 0-Day Vulnerability Exploited to Hack Mac and iOS Users A sophisticated attack campaign has leveraged a previously unknown zero-day vulnerability in WhatsApp on Apple devices to target specific users, the company has confirmed. The vulnerability, now identified as CVE-2025-55177, was combined with a separate vulnerability in Apple’s operating systems to compromise devices and access…

  • TransUnion Hack Exposes 4M+ Customers Personal Information

    TransUnion Hack Exposes 4M+ Customers Personal Information TransUnion, one of the nation’s three major credit reporting agencies, has disclosed a significant data breach that exposed the personal information of more than four million U.S. customers. The company is now alerting affected individuals about the cyber incident, which involved unauthorized access to data stored on a…

  • Hackers Uses Social Engineering Attack to Gain Remote Access in 300 Seconds

    Hackers Uses Social Engineering Attack to Gain Remote Access in 300 Seconds Threat actors successfully compromised corporate systems within just five minutes using a combination of social engineering tactics and rapid PowerShell execution.  The incident, investigated by NCC Group’s Digital Forensics and Incident Response (DFIR) team, demonstrates how cybercriminals are weaponizing trusted business applications to…

  • Hackers Compromised Official Gaming Mouse Software to Deliver Windows-based Xred Malware

    Hackers Compromised Official Gaming Mouse Software to Deliver Windows-based Xred Malware Gaming peripheral manufacturer Endgame Gear has confirmed that hackers successfully compromised its official software distribution system, using the company’s OP1w 4K V2 mouse configuration tool to spread dangerous Xred malware to unsuspecting customers for nearly two weeks. The security breach, which occurred between June…

  • WordPress GravityForms Plugin Hacked to Include Malicious Code

    WordPress GravityForms Plugin Hacked to Include Malicious Code A sophisticated supply chain attack has compromised the official GravityForms WordPress plugin, allowing attackers to inject malicious code that enables remote code execution on affected websites. The attack, discovered on July 11, 2025, represents a significant security breach affecting one of WordPress’s most popular form-building plugins, with…

  • BERT Ransomware Forcibly Shut Down ESXi Virtual Machines to Disrupt Recovery

    BERT Ransomware Forcibly Shut Down ESXi Virtual Machines to Disrupt Recovery New ransomware group employs advanced virtualization attack tactics to maximize damage and hinder organizational recovery efforts. A newly emerged ransomware group known as BERT has introduced a particularly disruptive capability that sets it apart from traditional ransomware operations: the ability to forcibly terminate ESXi…

  • 10 Best Network Security Solutions For Chief Security Officer To Consider – 2025

    10 Best Network Security Solutions For Chief Security Officer To Consider – 2025 In today’s hyper-connected digital landscape, the stakes for network security have never been higher. With the proliferation of cloud computing, remote workforces, and IoT devices, organizations are exposed to a broader array of cyber threats than ever before. Chief Security Officers (CSOs)…

  • Sensata Technologies Hit by Ransomware Attack – Operations Impacted

    Sensata Technologies Hit by Ransomware Attack – Operations Impacted Sensata Technologies, Inc., a prominent industrial technology company based in Attleboro, Massachusetts, has disclosed a significant cybersecurity incident that compromised the personal information of hundreds of individuals.  The external system breach, classified as a hacking incident, occurred on March 28, 2025, but remained undetected for nearly…

  • Over 90% of Cybersecurity Leaders Worldwide Encountered Cyberattacks Targeting Cloud Environments

    Over 90% of Cybersecurity Leaders Worldwide Encountered Cyberattacks Targeting Cloud Environments In what security experts are describing as a “distributed crisis,” a staggering 90% of cybersecurity and IT leaders worldwide reported experiencing cyberattacks targeting their cloud environments within the past year. This alarming statistic emerges from comprehensive research conducted across ten countries, highlighting the increasing…

  • 23,000 GitHub Repositories Targeted In Supply Chain Attack

    23,000 GitHub Repositories Targeted In Supply Chain Attack In a massive security breach discovered this week, approximately 23,000 GitHub repositories have been compromised in what security experts are calling one of the largest supply chain attacks to date. The attackers exploited vulnerabilities in the software development pipeline to potentially distribute malicious code to thousands of…

  • New Context Compliance Attack Jailbreaks Most of The Major AI Models

    New Context Compliance Attack Jailbreaks Most of The Major AI Models A new, surprisingly simple method called Context Compliance Attack (CCA) has proven effective at bypassing safety guardrails in most leading AI systems. Unlike complex prompt engineering techniques that attempt to confuse AI systems with intricate word combinations, CCA exploits a fundamental architectural weakness present…

  • Black Basta Ransomware Attack Edge Network Devices With Automated Brute Force Attacks

    Black Basta Ransomware Attack Edge Network Devices With Automated Brute Force Attacks A Russian-speaking actor using the Telegram handle @ExploitWhispers leaked internal chat logs of Black Basta Ransomware-as-a-Service (RaaS) members on February 11, 2025. These communications, spanning from September 2023 to September 2024, have provided security researchers with unprecedented insight into the group’s operational tactics…

  • Multiple Russian Actors Attacking Orgs To Hack Microsoft 365 Accounts via Device Code Authentication

    Multiple Russian Actors Attacking Orgs To Hack Microsoft 365 Accounts via Device Code Authentication Security researchers at Volexity have uncovered multiple Russian threat actors conducting sophisticated social engineering and spear-phishing campaigns targeting Microsoft 365 accounts through Device Code Authentication exploitation. The attacks, observed since mid-January 2025, involve three distinct groups: “CozyLarch (APT29),” “UTA0304,” and “UTA0307.”…

  • Beware of Fake BSOD Delivered by Malicious Python Script

    Beware of Fake BSOD Delivered by Malicious Python Script A recently discovered Python script has been flagged as a potential cybersecurity threat due to its use of a clever anti-analysis trick.  This script, which has a low detection rate on VirusTotal (4/59), uses the tkinter library to create a fake “Blue Screen of Death” (BSOD)…

  • Lazarus Group Infostealer Malwares Attacking Developers In New Campaign

    Lazarus Group Infostealer Malwares Attacking Developers In New Campaign The notorious Lazarus Group, a North Korean Advanced Persistent Threat (APT) group, has been linked to a sophisticated campaign targeting software developers. This campaign involves the use of infostealer malware, designed to steal sensitive information from developers’ systems. The attack leverages social engineering tactics, including fake…

  • New Device Code Phishing Attack Exploit Device Code Authentication To Capture Authentication Tokens

    New Device Code Phishing Attack Exploit Device Code Authentication To Capture Authentication Tokens A sophisticated phishing campaign, identified by Microsoft Threat Intelligence, has been exploiting a technique known as “device code phishing” to capture authentication tokens. This attack, attributed to a group called Storm-2372, has been active since August 2024 and targets a wide range…

  • APT37 Hackers Abusing Group Chats To Attack Via Malicious LNK File

    APT37 Hackers Abusing Group Chats To Attack Via Malicious LNK File The North Korean state-sponsored hacking group APT37 (aka ScarCruft, Reaper), has been identified leveraging group chat platforms to distribute malicious LNK files. This latest tactic highlights the group’s evolving methods to infiltrate systems and exfiltrate sensitive data. APT37’s recent campaign involves sending malicious LNK…