Over 500 GitHub repositories were found distributing infostealers disguised as Minecraft mods. The Fractureiser malware was spread via popular modding platforms like Bukkit and CurseForge, targeting both Windows and Linux users.

Three Russian FSB officers are accused of orchestrating cyberattacks on U.S. critical infrastructure. Two malicious npm packages were using Ethereum smart contracts to conceal URLs for second-stage payload delivery.

Key incidents include the sentencing of high-profile cybercriminals, enhanced supply chain protections by PyPI, the evolution of the Noodlophile infostealer, and a sophisticated DPRK-linked espionage campaign using the MoonPeak RAT.

A widespread cryptocurrency scam campaign has been uncovered, where threat actors distribute malicious Ethereum smart contracts disguised as trading bots. These contracts have collectively stolen over $900,000 USD from unsuspecting users.

A sophisticated infostealer campaign leveraging the Python-based PXA Stealer has compromised over 4,000 systems across 62 countries. The campaign exfiltrates credentials, cookies, and financial data via Telegram bots and Cloudflare Workers.

A new variant of the macOS.ZuRu malware has resurfaced, targeting macOS users through a trojanized version of the Termius SSH client. This version incorporates a modified Khepri C2 beacon and introduces new techniques for persistence.