Risk
-
SentinelOne finds old malware that may have aimed to sabotage engineering software
SentinelOne says it found old malware that may have been built to sabotage engineering and physics simulation software. The sample appears to predate Stuxnet by years and may have targeted precision calculation tools used in several technical fields.
-
UNC6692 Uses Microsoft Teams Help Desk Impersonation to Push Custom Malware
UNC6692 used Microsoft Teams help desk impersonation, email bombing and a custom malware chain to target corporate users, according to Mandiant. The activity included credential harvesting, remote access, tunneling and later-stage network movement.
-
Bitwarden CLI hit by npm supply chain compromise in Checkmarx-linked campaign
Bitwarden said its CLI package was briefly compromised on npm on April 22, 2026, in a supply chain attack that targeted developer secrets and CI/CD credentials through version 2026.4.0.
-
Rituals discloses data breach affecting My Rituals members
Rituals said attackers stole personal information from its My Rituals membership database, affecting an undisclosed number of customers. The company said passwords and payment information were not accessed and that it has contained the breach.
-
China-linked GopherWhisper infiltrates Mongolian government systems, ESET says
ESET says a China-aligned group called GopherWhisper targeted Mongolian government institutions, infecting about 12 systems and using Discord, Slack, Outlook and file.io for control and exfiltration.
-
Vercel Finds More Customer Accounts Compromised After Security Incident
Vercel said it found additional customer accounts compromised in a security incident that exposed its internal systems, but did not say how many were affected. The company linked the breach to a compromised Context.ai account used by a Vercel employee.
-
Malicious npm packages spread self-propagating worm through stolen developer tokens
Researchers found a self-propagating npm supply chain worm in April 2026 that stole developer secrets, reused npm tokens to publish poisoned packages and also included PyPI propagation logic.
-
Mirai campaign targets unpatched D-Link router flaw
A Mirai-based malware campaign is exploiting CVE-2025-29635 in end-of-life D-Link DIR-823X routers, according to Akamai. The attacks download a shell script that installs botnet malware and also target other router flaws.
-
Harvester deploys Linux version of GoGra backdoor in South Asia targeting campaign
Harvester has deployed a Linux version of its GoGra backdoor in attacks likely aimed at South Asia, using Microsoft cloud email services as a covert control channel, according to a technical analysis by Symantec and Carbon Black Threat Hunter Team.
-
Researchers find Lotus Wiper targeting Venezuela’s energy and utilities sector
Researchers said a new wiper called Lotus Wiper hit Venezuela’s energy and utilities sector in late 2025 and early 2026, erasing recovery options and using Windows tools to destroy data across infected systems.
