Risk
-
DPRK-linked hackers use GitHub as command hub in South Korea attacks
DPRK-linked hackers used GitHub as command and control infrastructure in attacks on South Korean organizations, Fortinet said. The campaigns relied on LNK files, PowerShell, persistence tasks and trusted cloud services to hide activity.
-
Microsoft links Medusa ransomware affiliate to rapid zero-day attacks
Microsoft said Storm-1175 has used n-day and zero-day flaws in rapid Medusa ransomware attacks, sometimes within 24 hours of initial access, and has hit healthcare, education, finance and other sectors.
-
Qilin and Warlock ransomware groups use vulnerable drivers to disable security tools
Qilin and Warlock ransomware operators have used vulnerable drivers to disable security tools on compromised systems, according to a technical analysis by Cisco Talos and Trend Micro. The findings highlight growing use of BYOVD tactics and in-memory evasion.
-
Germany identifies two alleged REvil leaders behind 130 ransomware attacks
Germany’s Federal Criminal Police Office says it has identified two alleged REvil figures tied to 130 ransomware attacks in the country, with more than €35.4 million in reported damage.
-
Apple expands iOS 18.7.7 update to more iPhones and iPads after DarkSword attacks
Apple expanded iOS 18.7.7 and iPadOS 18.7.7 to more older iPhones and iPads on Wednesday to blunt DarkSword attacks, letting users install security fixes without first moving to iOS 26.
-
Researchers track fake installer campaign tied to cryptominers and RATs
A fake-installer campaign tracked as REF1695 has spread RATs and cryptominers since November 2023, with researchers estimating at least 27.88 XMR in proceeds. The operation also used ISO lures, Defender evasion and GitHub-hosted payloads.
-
CERT-UA impersonation phishing campaign spread AGEWHEEZE malware
A phishing campaign impersonating Ukraine’s CERT-UA spread AGEWHEEZE malware to organizations and individuals in March, though officials said only a small number of personal devices were infected.
-
Phishing campaign uses Casbaneiro and Horabot to target Latin America and Europe
A phishing campaign is using court summons-themed emails, WhatsApp automation and ClickFix tactics to spread Casbaneiro and Horabot across Latin America and Europe, according to a BlueVoyant technical analysis.
-
Microsoft Warns of WhatsApp Campaign Delivering Malicious VBS Files
Microsoft says a campaign that began in late February 2026 has used WhatsApp messages to spread malicious VBS files, then used renamed Windows tools and cloud services to help install persistent access on infected systems.
-
FBI warns Americans about data risks from Chinese mobile apps
The FBI warned Americans about privacy and data security risks from foreign-developed mobile apps, especially those made by Chinese developers, saying some can collect extensive data and store it on servers in China.
