Threats

Threats

Pre-Stuxnet Sabotage Malware Fast16 Confirmed as Nuclear Weapons Simulation Tampering Tool Dating Back to 2005

Symantec and Carbon Black have published a definitive analysis confirming that Fast16, a Lua-based malware framework first surfaced by SentinelOne weeks ago, was purpose-built to sabotage nuclear weapons testing simulations. The findings establish Fast16 as the earliest known cyber sabotage tool targeting nuclear weapons research — predating the first

Threats

FamousSparrow Targets Azerbaijani Oil and Gas Firm in Three-Wave Campaign Using ProxyNotShell, Deed RAT, and Kernel-Level Rootkit

Bitdefender Labs has documented a sustained espionage campaign by Chinese-aligned APT group FamousSparrow against an oil and gas company in Azerbaijan, carried out across three distinct waves between December 2025 and February 2026. The campaign marks a strategic pivot for the group toward South Caucasus energy infrastructure and demonstrates

Threats

Mini Shai-Hulud Worm Spreads Across npm and PyPI, Hits TanStack, Mistral AI, and More

A threat actor tracked as TeamPCP is behind a widening supply chain attack campaign called Mini Shai-Hulud, which has compromised packages across both the npm and PyPI ecosystems belonging to TanStack, Mistral AI, Guardrails AI, OpenSearch, and UiPath, among others. The compromised packages contain an obfuscated JavaScript file named

Threats

Microsoft Exposes AiTM Phishing Campaign Targeting 35,000 Users Across 26 Countries With Code of Conduct Lures and Real-Time Token Theft

Microsoft has disclosed a large-scale credential theft campaign that targeted more than 35,000 users across 13,000 organizations in 26 countries over a three-day window between April 14 and 16, 2026. The campaign combined polished enterprise-style lures with adversary-in-the-middle (AiTM) phishing to harvest

Threats

ScarCruft Compromises Gaming Platform in Supply Chain Attack to Deploy BirdCall Backdoor on Android and Windows Against Ethnic Koreans in China

ESET researchers have uncovered a supply chain espionage campaign by North Korean APT group ScarCruft that compromised a video game platform popular with ethnic Koreans living in China's Yanbian region — a border area known as a primary transit point for North Korean defectors crossing the Tumen River into

Threats

Mustang Panda Deploys Updated LOTUSLITE Backdoor Against Indian Banking Sector and South Korean Policy Targets

Acronis researchers have identified a new variant of the LOTUSLITE backdoor being deployed by Mustang Panda in campaigns targeting India's banking sector and South Korean policy communities. The updated malware demonstrates incremental refinements over its predecessor, confirming active maintenance by the Chinese nation-state group as it broadens

Threats

Iranian APT Seedworm Deploys Dindoor Backdoor via Microsoft Teams Social Engineering Using Deno Runtime for In-Memory Execution

CyberProof researchers have uncovered a campaign by Iranian APT group Seedworm that uses Microsoft Teams as an initial access vector, deploying a custom backdoor called Dindoor through social engineering that impersonates IT support personnel. The campaign emerged in early March 2026, coinciding with a surge in Iranian-linked cyber activity

Threats

DSCourier Proof-of-Concept Abuses WinGet COM API to Bypass CrowdStrike Falcon, Microsoft Defender, and Elastic EDR

A security researcher has released DSCourier, a proof-of-concept tool that abuses the WinGet Configuration COM API to apply arbitrary Desired State Configuration (DSC) configurations through Microsoft-signed binaries — a technique that has been demonstrated bypassing three of the most widely deployed enterprise EDR platforms: CrowdStrike Falcon, Microsoft Defender

Threats

Google Attributes Axios npm Supply Chain Attack to North Korean UNC1069, Links Backdoor to WAVESHAPER Evolution

Google has formally attributed the Axios npm supply chain attack to UNC1069, a North Korean threat cluster tracked by Mandiant and Google's Threat Intelligence Group since 2018. The attribution, confirmed by GTIG chief analyst John Hultquist, links the compromise of the JavaScript ecosystem's most popular HTTP

Threats

Axios Supply Chain Attack Delivers Cross-Platform RAT to Millions After npm Maintainer Account Hijacked

A coordinated supply chain attack targeting the Axios npm package has delivered a cross-platform remote access trojan to developer workstations and CI/CD environments worldwide, after an attacker hijacked the lead maintainer's npm credentials and published two backdoored releases to the official registry. The attack, executed in

Threats

Coruna iOS Exploit Kit Traced Back to Operation Triangulation Authors as Attacks Shift From Espionage to Mass Exploitation

Kaspersky's GReAT team has established a direct code-level link between the Coruna iOS exploit kit and Operation Triangulation, the sophisticated espionage campaign that targeted iOS devices in 2023. The connection goes beyond shared vulnerabilities — the kernel exploits in both toolchains were created by the same author using

Threats

Payment Skimmer Abuses WebRTC Channels to Bypass CSP and Steal Card Data

Security researchers at Sansec have uncovered a payment skimmer that represents a significant technical evolution in how attackers steal card data from online stores. Instead of relying on conventional HTTP requests or image beacons to exfiltrate stolen information, the malware abuses WebRTC data channels — a technique that renders Content Security