Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools
Ravie LakshmananMay 04, 2026Network Security / Endpoint Security An active phishing campaign has been observed targeting multiple vectors since at...
active
Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic
Ravie LakshmananApr 16, 2026Botnet / Cryptomining Cybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in...
QEMU abused to evade detection and enable ransomware delivery
Sophos analysts are investigating the active abuse of QEMU, an “open-source machine emulator and virtualizer,” by threat actors seeking to...
Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign
An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into...
How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers
The most active piece of enterprise infrastructure in the company is the developer workstation. That laptop is where credentials are created, tested,...
Technical Advisory: Axios npm Supply Chain Attack – Cross-Platform RAT Deployed via Compromised Maintainer Account
| Active RAT | Malicious npm versions removed | Assess all systems that ran npm install during exposure window...
Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains
Chinese-speaking users are the target of an active campaign that uses typosquatted domains impersonating trusted software brands to deliver a...
Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse
Cybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than...
Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR
Ravie LakshmananMar 24, 2026Endpoint Security / Social Engineering A large-scale malvertising campaign active since January 2026 has been observed targeting...
Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed...
Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access
Ravie LakshmananMar 18, 2026Network Security / Ransomware Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that's exploiting...
Emulating the Systematic LokiLocker Ransomware
LokiLocker is a Ransomware-as-a-Service (Raas) that has been active since at least mid-August 2021 targeting Windows systems. The ransomware...
Stopping real-world attacks: Lessons for business leaders from the 2026 cyber frontline
The 2026 Sophos Active Adversary Report offers an evidence‑based look at how today’s attackers operate in real environments, drawing on...
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens
Cybersecurity researchers have disclosed what they say is an active "Shai-Hulud-like" supply chain worm campaign that has leveraged a cluster...
Dynamic Objects in Active Directory: The Stealthy Threat
Active Directory’s “dynamic objects” feature offers attackers a perfect evasion cloak. These objects automatically self-destruct without a trace, so...
