Cybercrime
-
Long-running ‘ShadyPanda’ campaign amassed more than 4.3 million browser extension installs, researchers say
Researchers say the ShadyPanda campaign turned hundreds of browser extensions into spyware and backdoors, accumulating more than 4.3 million installs across Chrome and Edge and exfiltrating browsing data to multiple domains.
-
Coupang says data breach exposed 33.7 million customer records
Coupang has acknowledged a data breach affecting about 33.7 million domestic customer accounts, exposing names, contact details, shipping addresses and partial order histories; the company says credentials and payment card data were not accessed, has notified authorities and is investigating.
-
New Android RAT ‘Albiriox’ marketed as MaaS targets banking and crypto apps
A new Android remote access trojan called Albiriox is being sold as malware‑as‑a‑service and targets more than 400 banking, payment and crypto apps using droppers, VNC‑based remote control, accessibility abuses and overlays to conduct on‑device fraud, researchers reported.
-
Kaspersky: Tomiris APT increasingly uses Telegram and Discord as command-and-control channels
Kaspersky researchers reported that the Tomiris threat actor has targeted diplomatic and government entities, increasingly using public services like Telegram and Discord as command-and-control channels and deploying multi-language implants and open-source C2 frameworks.
-
CISA adds OpenPLC ScadaBR XSS flaw to Known Exploited Vulnerabilities list amid active attacks
CISA added CVE-2021-26829, a cross-site scripting flaw in OpenPLC ScadaBR, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation tied to a hacktivist operation; Forescout and VulnCheck reported related intrusions and a sustained OAST-driven exploit campaign.
-
Legacy Python bootstrap scripts create potential PyPI domain takeover risk, researchers say
ReversingLabs found legacy zc.buildout bootstrap scripts in several PyPI packages that download an obsolete Distribute installer from a domain now for sale, creating a potential domain takeover supply chain risk; researchers warned some projects still ship the file and pointed to a separate malicious PyPI package discovered by HelixGuard.
-
North Korean actors push 197 malicious packages to npm to deploy OtterCookie variant
Researchers say North Korean actors uploaded 197 malicious npm packages, downloaded over 31,000 times, to deploy an OtterCookie variant that evades sandboxes, establishes C2 access and steals credentials and crypto data; delivery used a Vercel URL and a now-unavailable GitHub account, and the campaign has also employed fake job-assessment lures to distribute Go-based backdoors.
-
French Football Federation discloses data breach after compromised account
The French Football Federation said attackers used a compromised account to access administrative software for clubs, stealing personal and contact details; the FFF disabled the account, reset passwords, filed a criminal complaint and notified ANSSI and CNIL.
-
Bloody Wolf campaign expands from Kyrgyzstan to Uzbekistan, delivers NetSupport RAT via Java loaders
Researchers report the Bloody Wolf hacking group used impersonated government PDFs and Java JAR loaders to deliver an older NetSupport RAT to targets in Kyrgyzstan and, later, Uzbekistan, employing geofencing and simple persistence techniques.
-
OpenAI notifies some API customers after Mixpanel analytics vendor hacked
OpenAI said some ChatGPT API customers had limited identifying information exposed after a smishing-driven compromise of analytics vendor Mixpanel; no chats, API requests, credentials or payment data were exposed and both companies have taken mitigation steps while investigations continue.
