QR codes
-
FBI warns Kimsuky used malicious QR codes in 2025 quishing campaigns
An FBI flash alert warned that North Korea linked group Kimsuky used malicious QR codes in 2025 spear phishing to target think tanks, academia, and government entities. The attacks aimed to steal session tokens and bypass multi factor authentication.
-
Kimsuky campaign uses QR codes to deliver DocSwap Android malware, South Korean firm says
South Korean firm ENKI linked the North Korean actor Kimsuky to a campaign distributing a DocSwap Android trojan via QR codes on phishing sites impersonating CJ Logistics; the malware decrypts an embedded APK, registers a RAT service and accepts many remote commands.
-
GitHub Tightens npm Publishing Security with 2FA, Short-Lived Tokens and Trusted Publishing
GitHub announced a sweeping set of security measures for npm publishing, including deprecating legacy tokens, migrating to FIDO-based 2FA, and introducing seven-day, short-lived granular tokens plus trusted publishing that uses OpenID Connect and cryptographic provenance attestations to bolster npm’s supply-chain security.
-
New Android Malware Campaign Targeting Telegram Users Uncovered
A recent study by BforeAI reveals a malware campaign deceiving Android users into downloading fake Telegram applications from hundreds of malicious domains, utilizing tactics such as QR code redirects and lookalike websites.
