Today’s threats highlight the vast and varied attack surface, from open-source code repositories to the billions of devices connecting to the internet. A new campaign named PhantomRaven has emerged, with hundreds of malicious npm packages being downloaded over 86,000 times to steal sensitive developer information. Simultaneously, the sophisticated PolarEdge botnet has compromised over 25,000 IoT devices and established 140 C2 servers, using a novel relay system to obscure its attack sources. Even web browsing remains a critical frontline, as Google released Chrome version 142 to patch 20 vulnerabilities, including high-severity flaws in the V8 engine that could lead to remote code execution. Here are the top 10 highlights from the past 24 hours.
01
A new campaign named PhantomRaven has emerged, involving 126 malicious npm packages that have collectively garnered over 86,000 downloads. These packages are designed to stealthily steal sensitive information.
02
The PolarEdge botnet has compromised over 25,000 IoT devices and established 140 C2 servers. This sophisticated botnet exploits vulnerable edge devices and uses a novel RPX relay system to obscure attack sources.
03
Researchers from IIJ discovered a sophisticated malware loader capable of simultaneously deploying two malware families, TorNet and PureHVNC, using advanced obfuscation techniques like API hashing with MurmurHash2.
04
Russian hackers targeted Ukrainian organizations using Living-off-the-Land tactics. They exploited unpatched vulnerabilities and deployed web shells like LocalOlive to deliver payloads such as Chisel and plink.
05
Google has released Chrome version 142 to address 20 security vulnerabilities, including high-severity flaws in the V8 JavaScript engine that could lead to remote code execution.
06
BitSight researchers identified new tactics by the Lampion banking trojan, including a 700MB DLL payload and ClickFix VBS scripts targeting Brazilian users. The infection chain begins with phishing emails impersonating financial institutions.
07
A vulnerability in the Anti-Malware Security and Brute-Force Firewall plugin for WordPress, used by over 100,000 sites, allows subscribers to access sensitive files on the server.
08
Cybersecurity researchers have observed a sharp rise in automated botnet attacks targeting PHP servers, IoT devices, and cloud gateways, with botnets like Mirai, Gafgyt, and Mozi being prominent ones.
09
A new AI-targeted cloaking attack has emerged, enabling malicious actors to deceive AI crawlers into presenting false information as verified facts. This technique manipulates AI-based web browsers by serving different content based on user agent checks.
10
As per a Barracuda report, 78% of organizations suffered an email breach in the past 12 months, with phishing and spear-phishing being the most common breach types.
