A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a self-propagating worm. “This is effectively a Mini Shai-Hulud campaign: it uses the same core tactics of install-time execution, credential harvesting, CI/CD targeting, encrypted exfiltration, andRead More »Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta’s “AI support assistant” bot into resetting account passwords. A screenshotRead More »Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

This year, the World Cup is facing a cyber threat that, historically, it hasn’t seen as often: malicious AI agents.

Foreign adversaries are exploiting commercial location data to track U.S. servicemembers in active war zones. 

Monday hit like a cron job with anger issues. A busted auth path here, a repo-side faceplant there, some “patched-ish” thing already getting chewed on in the wild, and then the usual bonus round: poisoned dev tools, sketchy forum chatter, phishing kits pretending to be productivity, and AI lowering theRead More »⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More

A new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic and Taiwan to deliver an AdaptixC2 agent. According to Seqrite Labs, targets of the campaign include government, research, academic, technology, and financial services sectors. The activity entails distributing spear-phishing emailsRead More »China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan