Skip to content
Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries

Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries

Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 that breached at least 53 organizations across 42 countries. “This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations acrossRead More »Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic’s Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code execution and theft of API credentials. “The vulnerabilities exploit various configuration mechanisms, including Hooks, Model Context Protocol (MCP) servers, and environment variables – executing

SolarWinds Patches Four Critical Serv-U Vulnerabilities

The four security defects could be exploited for remote code execution but require administrative privileges. The post SolarWinds Patches Four Critical Serv-U Vulnerabilities appeared first on SecurityWeek.

SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks

SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks

The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to recruit women to pull off social engineering attacks. The idea is to hire them for voice phishing campaigns targeting IT help desks, Dataminr said in a new threat brief. The group is saidRead More »SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks

Medical Device Maker UFP Technologies Hit by Cyberattack

UFP Technologies appears to have been targeted in a ransomware attack that involved data theft and file-encrypting malware. The post Medical Device Maker UFP Technologies Hit by Cyberattack appeared first on SecurityWeek.

Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal sensitive data. The campaign, discovered by Socket, exfiltrates ASP.NET Identity data, including user accounts, role assignments, and permission mappings, as well as manipulates authorization rules to create persistent backdoors in victimRead More »Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

Copyright © 2026 infosecintel.net