GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos
Ravie LakshmananMar 16, 2026Malware / Cryptocurrency The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages...
campaign
Former Germany’s foreign intelligence VP hit in Signal account takeover campaign
Former Germany’s foreign intelligence VP hit in Signal account takeover campaign Pierluigi Paganini March 16, 2026 Former BND VP Arndt...
Former Germany’s foreign intelligence VP hit in Signal account takeover campaign
Former Germany’s foreign intelligence VP hit in Signal account takeover campaign Pierluigi Paganini March 16, 2026 Former BND VP Arndt...
DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage
Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according...
GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers
Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a "significant escalation" in how...
Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials
Ravie LakshmananMar 13, 2026VPN Security / Malware Microsoft has disclosed details of a credential theft campaign that employs fake virtual...
Evil evolution: ClickFix and macOS infostealers
This campaign – use of a popular and up-to-date lure notwithstanding – has all the hallmarks of a ‘classic’ ClickFix...
FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials
Ravie LakshmananMar 10, 2026Network Security / Vulnerability Cybersecurity researchers are calling attention to a new campaign where threat actors are...
Microsoft warns of ClickFix campaign exploiting Windows Terminal to deliver Lumma Stealer
Microsoft warns of ClickFix campaign exploiting Windows Terminal to deliver Lumma Stealer Pierluigi Paganini March 06, 2026 Microsoft warns of...
Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT
Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various...
Oracle EBS 2025 campaign impacts Madison Square Garden, sensitive data leaked
Oracle EBS 2025 campaign impacts Madison Square Garden, sensitive data leaked Pierluigi Paganini March 03, 2026 Madison Square Garden confirmed...
Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations
Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support...
Phishing campaign exploits OAuth redirection to bypass defenses
Phishing campaign exploits OAuth redirection to bypass defenses Pierluigi Paganini March 03, 2026 Microsoft researchers warn that threat actors abuse...
UAT-10027 campaign hits U.S. education and healthcare with stealthy Dohdoor backdoor
UAT-10027 campaign hits U.S. education and healthcare with stealthy Dohdoor backdoor Pierluigi Paganini February 26, 2026 UAT-10027 campaign is targeting...
Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware
A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into...
