Supply chain compromises and advanced remote access malware continue to play a major role in modern cyberattacks. In one incident, attackers took over the Axios NPM account and distributed a malicious package that was downloaded millions of times. In a separate development, the newly identified Roadk1ll WebSocket implant is being used by attackers to move laterally within compromised networks. Moreover, researchers have identified the CrySome RAT, a sophisticated .NET-based trojan designed for long-term persistence, data exfiltration, and remote system control. Keep reading for more news.
01
Attackers compromised the Axios NPM account to distribute a malicious package downloaded over 50 million times, which installed a remote access trojan that deleted itself after installation to evade detection.
02
Hackers are using the newly discovered Roadk1ll WebSocket implant to move laterally across breached networks and maintain persistent command-and-control communication.
03
Russian state-sponsored hacking group Star Blizzard has adopted the DarkSword iOS exploit kit in a new campaign targeting government, financial, education, and legal entities, as well as think tanks.
04
The DeepLoad malware uses AI-powered techniques to steal credentials while evading traditional security detection mechanisms.
05
Researchers at Proofpoint reported ongoing tax-scam campaigns targeting taxpayer funds through phishing emails and fraudulent tax-refund schemes.
06
Security researchers identified the CrySome RAT, an advanced .NET-based remote access trojan capable of persistent access, data exfiltration, and remote command execution.
07
Threat actors weaponized the Telnyx Python SDK in a supply chain attack linked to the TeamPCP campaign, enabling malicious code execution through compromised developer tools.
08
A critical vulnerability in Fortinet FortiClient EMS could allow attackers to execute remote code or escalate privileges on affected enterprise management servers.
09
Threat actors are actively exploiting a critical vulnerability (CVE-2025-53521) in F5 BIG-IP, allowing remote code execution and system compromise, prompting urgent patching recommendations.
10
A critical vulnerability in OpenAI Codex allowed attackers to potentially compromise GitHub tokens, posing a risk of source code theft and supply chain attacks.
