2FA phishing
-
18 npm Packages Published With Malware That Rewrites Crypto Destinations
Aikido Security reported that attackers pushed malicious updates to 18 npm packages on Sept. 8 that inject browser hooks to intercept and rewrite crypto transaction destinations; the company said maintainers were targeted via phishing and listed indicators including specific compromised package versions.
-
Lovesac confirms data breach after ransomware attack; notices indicate data exposure and recovery steps
Lovesac disclosed a data breach after a March 2025 ransomware intrusion, exposing personal data of an undisclosed number of individuals. The company discovered the breach on Feb. 28, 2025, and offered 24-month credit monitoring through Experian while noting no current evidence of misuse. A Vermont AG notice and a GlobeneNewswire release provide context on the…
-
Noisy Bear Linked to Kazakh Energy Sector in Operation BarrelFire, Seqrite Says
Security researchers attribute a new campaign, Operation BarrelFire, to the Noisy Bear group, targeting Kazakhstan’s KazMunayGas with phishing lures and a DLL-based implant designed to deliver a reverse shell, amid broader regional cyberactivity and training-misinterpreted reports.
-
Wealthsimple reports data breach affecting under 1% of customers; breach tied to third‑party software in suspected supply‑chain attack
Wealthsimple disclosed a data breach affecting less than 1% of its customers, with attackers accessing personal data but not funds or passwords. The breach is linked to a compromised third-party software package and is being treated as part of a broader Salesloft supply-chain attack. The firm is offering two years of free credit monitoring and…
-
Zscaler confirms Salesforce data exposure tied to Salesloft Drift compromise amid wider Salesforce breach activity
Zscaler confirms a data breach tied to the Salesloft Drift supply-chain attack, exposing customer Salesforce data due to compromised Drift credentials. The company revoked Drift integrations, rotated tokens, and reinforced customer authentication while investigations continue; Google Threat Intelligence links UNC6395 to the broader campaign affecting Salesforce environments.
-
Amazon says APT29 attempted watering-hole attack to harvest Microsoft credentials; AWS says no systems affected
Amazon said it disrupted an APT29 watering-hole campaign aimed at harvesting Microsoft credentials, stressing that no AWS systems were compromised. The operation used spoofed Cloudflare pages and randomized redirects to trick users, with Google Threat Intelligence and AWS detailing evasion techniques and previous similar activity.
-
Abandoned Sogou Zhuyin Update Server Hijacked to Deliver Espionage Malware, TAOTH Campaign Reveals
A June 2025 reveal shows attackers hijacking an abandoned Sogou Zhuyin update server to deploy multiple spyware and backdoors (TOSHIS, DESFY, GTELAM, C6DOOR) in a campaign targeting East Asia and overseas Chinese communities, with phishing and OAuth abuse used to gain access to high-value targets.
-
Healthcare Services Group breach affects more than 624,000 individuals
Healthcare Services Group said a data breach exposed the personal information of more than 624,000 individuals, with unauthorized access occurring between Sept. 27 and Oct. 3, 2024 and notifications sent on Aug. 25, 2025. Data types varied but included identifiers and financial details; credit monitoring is being offered, and there is no current evidence of…
-
ZipLine phishing campaign uses public contact forms to drop in-memory MixShell malware, researchers say
Cybersecurity researchers warn of ZipLine, a social-engineering campaign that uses public-facing Contact Us forms to seed weeks-long conversations before delivering in-memory MixShell malware via a weaponized ZIP file, with DNS tunneling as the primary command-and-control channel.
-
HOOK Android banking trojan adds ransomware overlay, expands remote command set
Security researchers have identified a new HOOK Android banking trojan variant that adds ransomware-style overlays, remote command capabilities, and expanded data-theft features, signaling a growing blend of banking fraud with spyware and ransomware tactics.
