Cybersecurity researchers have discovered a malicious npm package that comes with stealthy features to inject malicious code into desktop apps for cryptocurrency wallets like Atomic and Exodus on Windows systems.

The threat actor known as Silver Fox has been attributed to abuse of a previously unknown vulnerable driver associated with WatchDog Anti-malware as part of a BYOVD attack aimed at disarming security solutions installed on compromised hosts.

ScarCruft, a North Korea-linked threat actor, has launched a spear-phishing campaign named Operation HanKook Phantom. The attackers aim to steal sensitive information, establish persistence, and conduct long-term espionage using the RokRAT malware.

These campaigns—GeoServer exploitation, PolarEdge botnet, and the Gayfemboy Mirai variant—demonstrate a shift toward stealthy, persistent monetization and advanced evasion techniques.

U.S. authorities have charged 22-year-old Ethan Foltz for operating the RapperBot botnet, also known as "CowBot" and "Eleven Eleven Botnet." This botnet facilitated over 370,000 DDoS attacks across 80+ countries.

The Python Package Index (PyPI) has implemented a new security measure to proactively block account takeovers and supply chain attacks by un-verifying email addresses tied to expired domains.

A sophisticated cybercriminal operation led by the VexTrio group has been uncovered, involving the distribution of fraudulent mobile applications through the Google Play Store and Apple App Store.

Multiple critical vulnerabilities in NVIDIA's Triton Inference Server for Windows and Linux allow unauthenticated remote attackers to achieve remote code execution (RCE) and hijack AI servers.

Patchwork has been attributed to a new spear-phishing campaign targeting Turkish defense contractors with the goal of gathering strategic intelligence. The campaign employs a five-stage execution chain.

A sophisticated cyber espionage campaign by Fire Ant has targeted VMware ESXi hosts, vCenter servers, and network appliances. This activity is part of a broader trend of persistent targeting of network edge devices by China-linked threat actors.