Research
-
Silver Fox uses ABCDoor malware in phishing campaign targeting India and Russia
Silver Fox used tax-themed phishing emails to target organizations in Russia and India with the ABCDoor backdoor, with more than 1,600 malicious messages flagged in early 2026, according to a technical analysis by Kaspersky.
-
Python backdoor DEEP#DOOR uses tunneling service to hide remote access
Researchers disclosed DEEP#DOOR, a Python backdoor that uses a public tunneling service for command and control, steals credentials and includes multiple persistence and defense evasion features.
-
Linux flaw could let local users gain root on many systems
Researchers disclosed a Linux local privilege escalation flaw, called Copy Fail, that could let a local unprivileged user gain root on systems shipped since 2017. The issue affects multiple major distributions and has been assigned CVE-2026-31431.
-
WordPress redirect plugin hid dormant backdoor for years
A WordPress redirect plugin installed on more than 70,000 sites hid a dormant backdoor for years, according to a technical analysis by Anchor. The issue involved a hidden update path and a tampered build from an external server.
-
SAP-related npm packages hit by credential-stealing supply chain attack
SAP-related npm packages were compromised in an April 29 supply chain attack that inserted credential-stealing malware into four releases, affecting developer, GitHub, npm, cloud, and Kubernetes secrets, according to a technical analysis from Aikido Security.
-
North Korean hackers use AI to hide npm malware in Web3 supply chain
North Korean-linked hackers are using AI-generated code and layered npm packages to spread malware that steals cryptocurrency wallets and developer data, according to a technical analysis from ReversingLabs. The campaign has also expanded beyond npm to other platforms.
-
VECT 2.0 ransomware flaw can make files unrecoverable, researchers say
Researchers say VECT 2.0 ransomware can permanently destroy files larger than 131,072 bytes on Windows, Linux and ESXi systems, making recovery impossible even for victims who pay. The group has only two listed victims so far.
-
Critical LeRobot flaw could let attackers run code on robotics systems
A critical flaw in Hugging Face’s LeRobot robotics platform could let an unauthenticated attacker run code on affected systems. The issue is tracked as CVE-2026-25874 and remains unpatched, with a fix planned for version 0.6.0.
-
Microsoft says Windows Shell flaw was actively exploited after patch
Microsoft said a Windows Shell spoofing flaw was actively exploited after patching, with researchers linking the issue to an incomplete fix and a zero-click path that could expose NTLM credentials.
-
PhantomCore linked to attacks on TrueConf servers in Russia
PhantomCore has been tied to attacks on TrueConf servers in Russia since September 2025, using three vulnerabilities to run commands remotely and move deeper into victim networks, according to a technical analysis by Positive Technologies.
