“Cyber warfare is as much about psychological strategy as technical prowess.”
― James Scott
-

North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets [email protected] (The Hacker News)
Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data theft. According to JFrog, the packages “rollup-packages-polyfill-core” and “rollup-runtime-polyfill-core” mimic the legitimate “rollup-plugin-polyfill-node” project, down to the description, repository metadata, andRead More
-

Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer [email protected] (The Hacker News)
A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan. “Armored Likho blends financially motivated campaigns targeting private individuals with targeted cyber espionage aimed at organizations,” Kaspersky said in a technical analysis published today. “Read More
-

European Parliament Member Investigating Spyware Was Hacked With Pegasus [email protected] (The Hacker News)
A new report from the Citizen Lab has revealed that former Member of the European Parliament Stelios Kouloglou had his mobile device repeatedly hacked with the notorious Pegasus spyware while serving on a committee that was tasked with investigating the abuse of such commercial surveillance tools in the bloc. “Through forensic analysis of his device,…
-

PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords [email protected] (The Hacker News)
Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data. The stealer, discovered by Jamf Threat Labs, is distributed as a compiled AppleScript (.scpt) file impersonating Maccy, a legitimate open-source clipboard manager. It has been codenamed PamStealer owing to its…
-

Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices [email protected] (The Hacker News)
Google has significantly degraded NetNut, one of the biggest networks that turns home devices into rented relays for other people’s traffic. Working with the FBI, Lumen, and others, Google’s Threat Intelligence Group (GTIG) said this week it had reduced the network’s pool of usable devices by millions. Google identifies NetNut, also tracked as Popa, as a network…
-

Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials [email protected] (The Hacker News)
Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access. “Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and Monitoring (RMM) tooling, credential access, and hands-on-keyboard procedures used for lateralRead More
-

ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories [email protected] (The Hacker News)
This week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through. This is not one big break. It is small permissions, weak checks, open systems, and normal…
-

ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API [email protected] (The Hacker News)
The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that’s designed to gain surreptitious access to a victim’s email correspondence via the Google API. “In this campaign, the attackers focused their attention on corporate email communications hosted on Gmail, targeting access compromise via APIs,” Kaspersky said in a detailed…
-

Identity Lifecycle Management Wasn’t Built for AI Agents [email protected] (The Hacker News)
Identity lifecycle management was architected around a person with an employment record, a manager, and a departure date. AI agents have none of those. As autonomous principals proliferate across enterprise environments, the governance model built for humans develops structural blind spots that traditional IGA tools weren’t designed to detect. This guide covers where that model…
-
Perimeter to posture: A roadmap to zero trust maturity
Transforming an organization to take on a zero-trust posture is no small affair. A phased, thoughtful approach can bolster security while supporting business outcomes.Read More
“Security used to be an inconvenience sometimes, but now it’s a necessity all the time.”
― Martina Navratilova
