Cybercrime
-
Multi-stage AitM phishing and BEC campaign abused SharePoint to target energy organisations
Microsoft flagged a multi-stage AitM phishing and BEC campaign using SharePoint links and inbox rules to persist. One observed case sent over 600 phishing messages. Mitigation requires revoking session cookies and deleting attacker-created rules.
-
Malicious PyPI package sympy-dev impersonates SymPy to install XMRig miner
A malicious PyPI package named sympy-dev impersonates the SymPy library to deliver an XMRig cryptocurrency miner on Linux. The package has been downloaded over 1,100 times since January 17 2026 and remains available.
-
Mass spam wave uses unsecured Zendesk ticket systems to send hundreds of automated emails
A global spam wave beginning January 18 used unsecured Zendesk ticket systems to deliver hundreds of automated confirmation emails that bypassed filters and confused recipients. The advisory urges restricting ticket creation to verified users and removing open placeholders.
-
Android click-fraud trojans use TensorFlow.js to tap hidden browser ads
Android click-fraud trojans using TensorFlow.js analyze hidden WebView screenshots to tap ads. Infected apps were distributed through Xiaomi GetApps and third-party APK sites, causing battery drain and increased mobile data charges.
-
Report: North Korean-linked PurpleBravo targeted 3,136 IPs and 20 companies
Recorded Future’s technical analysis found PurpleBravo targeted 3,136 IPs and claimed 20 potential victim companies across multiple regions from August 2024 to September 2025, using infostealers and backdoors to create supply-chain risk.
-
NCSC alert warns pro-Russian DDoS groups targeting UK local government and operational technology
On January 21, 2026 the UK’s National Cyber Security Centre issued an alert warning that pro-Russian DDoS attacks are targeting British organisations, especially local government and operational technology, and advised steps to harden defences.
-
Password manager vendor warns of active phishing campaign urging 24 hour vault backups
A phishing campaign that began around January 19 2026 uses maintenance and backup lures to pressure users into creating local vault backups within 24 hours. The vendor advises never to disclose master passwords and is working to remove the malicious infrastructure.
-
Check Point Research says VoidLink cloud malware was largely AI generated
A Check Point Research technical analysis says the VoidLink Linux cloud malware was largely generated with AI, reaching about 88,000 lines of code and a functional iteration within a week after development began in late November 2025.
-
North Korean linked actors use malicious VS Code projects to deploy backdoor
Jamf reported North Korean linked actors abused Visual Studio Code task files to execute obfuscated JavaScript that fetches backdoors and enables remote code execution targeting developers who clone and open repositories.
-
LinkedIn messages used to deliver RAT via DLL sideloading
A LinkedIn phishing campaign delivers a WinRAR SFX that sideloads a malicious DLL and installs a Python interpreter which runs Base64 in-memory shellcode to deploy a remote access trojan and exfiltrate data.
