Researchers identified several malicious packages on PyPI and npm that exploit APIs and implant backdoors. checker-SaGaF (2,605 downloads) steinlurks (1,049 downloads) sinnercore (3,300 downloads) dbgpkg (~350 downloads) requestsdev (76 downloads)

A newly discovered malicious npm package, os-info-checker-es6, masquerades as a utility for retrieving OS information but is designed to stealthily deliver a next-stage payload.

A sophisticated phishing campaign dubbed Meta Mirage has been uncovered, targeting users of Meta's Business Suite. This campaign specifically focuses on hijacking high-value accounts.

Threat actors BianLian and RansomExx (tracked by Microsoft as Storm-2460) are actively exploiting SAP NetWeaver vulnerabilities CVE-2025-31324 and CVE-2025-42999 to deploy the PipeMagic trojan and Brute Ratel C2 framework.

Multiple critical vulnerabilities have been discovered in the on-premise version of SysAid IT support software, enabling pre-authenticated remote code execution (RCE) with elevated privileges.

Threat actors are actively exploiting critical vulnerabilities in end-of-life (EoL) GeoVision IoT devices and Samsung MagicINFO servers to deploy the Mirai botnet. These attacks leverage command injection and path traversal flaws.

A recent investigation by Anthropic has uncovered a sophisticated misuse of its Claude AI chatbot in a commercial “influence-as-a-service” operation. This campaign involved the creation of over 100 politically-aligned fake personas on Facebook and X.

Storm-1977 has been targeting cloud tenants in the education sector through password spraying attacks using AzureChecker.exe. The campaign led to the compromise of accounts and the deployment of over 200 containers for illicit cryptocurrency mining.

Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files, inject malicious data, and tamper with logs.

The Darcula phishing-as-a-service (PhaaS) platform has introduced generative AI (GenAI) capabilities, significantly enhancing its accessibility and effectiveness for cybercriminals.