Research
-
Microsoft urges coordinated disclosure after public zero-day releases
Microsoft said public disclosure of six Windows zero-days without prior notice put customers at risk, after exploit details surfaced over the past month and three of the flaws were later used in active attacks.
-
New campaign targets crypto firms with macOS malware and supply chain attacks
A new campaign against cryptocurrency firms and developers used fake recruitment lures, macOS malware and a supply chain attack to steal credentials and target development infrastructure, according to a technical analysis by Wiz.
-
Grandoreiro and BTMOB campaigns target banking users in Europe and Latin America
Researchers say Grandoreiro and BTMOB are being used in separate campaigns against banking users in Europe and Latin America, combining phishing, DLL side-loading and Android social engineering with malware-as-a-service sales.
-
Malicious npm package used GitHub uploads to steal files from AI workspace
A malicious npm package was found stealing files from Claude’s workspace directory by using GitHub uploads during installation. Researchers said the package hid the theft behind fake sync and network logs.
-
CrowdStrike and partners disrupt GlassWorm malware command channels
CrowdStrike said it and partners disrupted all command and control channels used by GlassWorm, a developer-targeting malware campaign that poisoned more than 300 GitHub repositories and used four separate infrastructure layers.
-
Microsoft says AI chatbot recommendations were used to steer users to cryptojacking sites
Microsoft said it blocked a cryptojacking campaign that used AI chatbot recommendations and search poisoning to steer users to fake software downloads, with more than 150 malicious domains identified and ScreenConnect used to deploy miners.
-
Apple releases quantum-resistant cryptographic code and verification tools
Apple has released quantum-resistant cryptographic code and verification tools for its corecrypto library, including ML-KEM and ML-DSA. The company said the work found a bug that could have broken digital signatures.
-
MuddyWater campaign hit at least nine organizations across four continents, researchers say
MuddyWater was linked to a 2026 campaign that hit at least nine organizations in nine countries. Researchers said the group used DLL side loading, signed binaries and browser-stealing malware to support espionage.
-
Iran-linked hackers use new MiniFast backdoor in campaign across U.S., Europe and Middle East
Iran-linked hackers used a new MiniFast backdoor in a campaign targeting aviation and software sectors across several regions, according to a technical analysis. The activity also involved fake job lures, trojanized installers and search engine poisoning.
-
Anthropic may be preparing public rollout of restricted Claude Mythos model
Anthropic appears to be preparing a public rollout of its restricted Claude Mythos model after it briefly surfaced in Claude Code and Claude Security, following an April preview that said it could generate highly capable cyberattacks.
