When trust becomes the attack surface, even routine professional interactions can turn into intrusion vectors. A highly targeted fake recruiter campaign is luring cryptocurrency developers with seemingly legitimate interview opportunities that deliver malware designed to harvest credentials and infiltrate development environments. In parallel, researchers identified “AgreeToSteal,” the first known malicious Microsoft Outlook add-in, which exploited OAuth permissions and marketplace trust to compromise more than 4,000 user credentials. Meanwhile, on the geopolitical front, Pakistan-linked APT36 and SideCopy have intensified cross-platform espionage efforts, deploying custom RATs to target government and defense organizations. Continue reading for more cybersecurity updates.
01
The graphalgo campaign, attributed to North Korea’s Lazarus Group, is targeting JavaScript and Python developers in the cryptocurrency sector using fake companies to deliver malware and compromise victims.
02
Researchers uncovered AgreeToSteal, the first known malicious Microsoft Outlook add-in, which led to over 4,000 stolen credentials by abusing OAuth permissions and trusted marketplace features.
03
Threat actors are misusing the legitimate SimpleHelp remote monitoring and management (RMM) tool to gain persistence and facilitate ransomware deployments in enterprise environments.
04
The duer-js npm package was identified as malicious, embedding obfuscated code designed to execute remote payloads and compromise developer systems through supply chain infection.
05
OysterLoader, also known as Broomstick and CleanUp, is a sophisticated multi-stage malware loader developed in C++ that primarily targets victims through fake websites mimicking legitimate software.
06
The LummaStealer information-stealing malware has re-emerged in campaigns distributed through the CastleLoader malware loader, enabling credential theft and data exfiltration.
07
Pakistan-linked APT36 (Transparent Tribe) and SideCopy groups have launched coordinated cross-platform attacks deploying custom RATs against government and defense targets.
08
Apple fixed a highly sophisticated, actively exploited zero-day vulnerability affecting its ecosystem, which attackers leveraged in targeted attacks against specific individuals.
09
A critical vulnerability in Palo Alto Networks firewalls was revealed that could allow attackers to bypass authentication and potentially execute unauthorized actions if unpatched.
10
An arbitrary file upload vulnerability in the WPvivid Backup WordPress plugin exposed over 800,000 websites to potential remote code execution and full site compromise.
