Phishing campaign exploits OAuth redirection to bypass defenses
Phishing campaign exploits OAuth redirection to bypass defenses Pierluigi Paganini March 03, 2026 Microsoft researchers warn that threat actors abuse...
campaign
UAT-10027 campaign hits U.S. education and healthcare with stealthy Dohdoor backdoor
UAT-10027 campaign hits U.S. education and healthcare with stealthy Dohdoor backdoor Pierluigi Paganini February 26, 2026 UAT-10027 campaign is targeting...
Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware
A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into...
Arkanix Stealer: AI-assisted info-stealer shuts down after brief campaign
Arkanix Stealer: AI-assisted info-stealer shuts down after brief campaign Pierluigi Paganini February 24, 2026 Arkanix Stealer surfaced in late 2025...
Wormable XMRig campaign leverages BYOVD and timed kill switch for stealth
Wormable XMRig campaign leverages BYOVD and timed kill switch for stealth Pierluigi Paganini February 23, 2026 A wormable cryptojacking campaign...
Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb
Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a...
AI-powered campaign compromises 600 FortiGate systems worldwide
AI-powered campaign compromises 600 FortiGate systems worldwide Pierluigi Paganini February 23, 2026 A Russian-speaking cybercriminal used commercial generative AI tools...
CRESCENTHARVEST Campaign Targets Iran Protest Supporters With RAT Malware
Cybersecurity researchers have disclosed details of a new campaign dubbed CRESCENTHARVEST, likely targeting supporters of Iran's ongoing protests to conduct...
Keenadu backdoor found preinstalled on Android devices, powers Ad fraud campaign
Keenadu backdoor found preinstalled on Android devices, powers Ad fraud campaign Pierluigi Paganini February 18, 2026 Kaspersky uncovered Keenadu, an...
Job scam uses fake Google Forms site to harvest Google logins
As part of our investigation into a job-themed phishing campaign, we came across several suspicious URLs that all looked...
Poorly crafted phishing campaign leverages bogus security incident report
Poorly crafted phishing campaign leverages bogus security incident report Pierluigi Paganini February 17, 2026 Attackers used a fake PDF incident...
Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware
Image: edhardie/Unsplash A new social engineering campaign is abusing fake CAPTCHA verification pages to trick Windows users into launching StealC...
Malicious npm and PyPI packages linked to Lazarus APT fake recruiter campaign
Malicious npm and PyPI packages Llinked to Lazarus APT fake recruiter campaign Pierluigi Paganini February 15, 2026 Researchers found malicious...
TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure
Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious...
Asian Cyber Espionage Campaign Breached 37 Countries
Image: DC_Studio (Envato) A sprawling cyber espionage campaign linked to an Asian state-aligned hacking group has compromised government agencies and...
