News
-
Malicious NuGet package poses as Sicoob SDK to steal banking credentials
A malicious NuGet package posing as a Sicoob SDK stole banking credentials and certificate data from developers before being blocked, according to a technical analysis. Researchers said the package could expose payment-related API responses too.
-
Kimsuky uses fake Webex pages and HTTPSpy in South Korea attacks
Kimsuky targeted South Korean military and corporate entities in March and April 2026 with fake security pages, counterfeit Webex lures and a new HTTPSpy malware variant, according to technical analyses from ENKI and Kaspersky.
-
FBI warns of fake FIFA sites ahead of 2026 World Cup
The FBI warned that fake FIFA websites are being used ahead of the 2026 World Cup to steal data, sell bogus tickets and push other scams. Researchers said hundreds of phishing sites and related campaigns are already active.
-
Critical Gogs flaw can let authenticated users run code on servers
A critical, unpatched flaw in Gogs can let authenticated users run arbitrary code on affected servers under certain conditions, with Rapid7 rating the issue 9.4 on the CVSS scale and reporting no CVE yet.
-
Threat actors abuse patched FortiClient EMS flaw to push credential stealer
Threat actors are exploiting a patched FortiClient EMS flaw to push a credential stealer disguised as a Fortinet update, according to a technical analysis from Arctic Wolf. The campaign affects managed endpoints and can expose browser data, cookies and saved credentials.
-
Microsoft urges coordinated disclosure after public zero-day releases
Microsoft said public disclosure of six Windows zero-days without prior notice put customers at risk, after exploit details surfaced over the past month and three of the flaws were later used in active attacks.
-
Romanian man gets 56 months for hacking Oregon state network
A Romanian national was sentenced to 56 months in federal prison for breaching an Oregon state government network and selling access to other U.S. victims, in a case tied to at least $250,000 in losses.
-
Grandoreiro and BTMOB campaigns target banking users in Europe and Latin America
Researchers say Grandoreiro and BTMOB are being used in separate campaigns against banking users in Europe and Latin America, combining phishing, DLL side-loading and Android social engineering with malware-as-a-service sales.
-
Malicious npm package used GitHub uploads to steal files from AI workspace
A malicious npm package was found stealing files from Claude’s workspace directory by using GitHub uploads during installation. Researchers said the package hid the theft behind fake sync and network logs.
-
CrowdStrike and partners disrupt GlassWorm malware command channels
CrowdStrike said it and partners disrupted all command and control channels used by GlassWorm, a developer-targeting malware campaign that poisoned more than 300 GitHub repositories and used four separate infrastructure layers.
