How Zombie APIs Resurface and Expand Attack Paths
Abandoned apps, APIs, and identities keep resurfacing. Hunt them continuously, retire them completely, and verify they stay dead—before attackers exploit them.
Category: Malware
Read More
Malicious npm Packages Hide Code in Invisible Dependencies
Attackers hide malware behind invisible npm dependencies and install-time scripts, which bypass static scanners and drain tokens. Close install-time egress, ban URL dependencies, and add dynamic checks.
Herodotus Malware Mimics Human Typing to Evade Detection
Herodotus is a new Android banking trojan that fakes human typing with randomized delays. Because naive timing checks fail, defenders should harden policy, watch overlays and Accessibility events, and tune fraud models to catch the session—not just the cadence.
Chrome Sandbox Escape Leads to Memento Spyware Implants
Attackers abused a Chrome zero-day to install Memento spyware in targeted operations. This analysis explains the chain, highlights reliable signals to hunt, and outlines a focused 72-hour action plan.
ChatGPT Safety Under Scrutiny: Psychosis and Mania Signals
AI chats can mirror delusions, escalate insomnia, and miss crisis cues. Use safer design, publish real metrics, and route users to human help.
LockBit 5.0 Ransomware Variant Targets Hypervisors and Servers
The latest version of the ransomware family known as LockBit has resurfaced with a potent new variant, LockBit 5.0, capable of striking Windows endpoints, Linux servers and VMware ESXi hypervisor platforms in one campaign. Organisations must reassess their ransomware defences and detection posture now.
RedTiger Toolkit Repurposed: Stealing Discord Tokens and Wallets
A newly weaponized version of the open-source toolkit RedTiger is actively targeting Discord accounts and gaming credentials. This article examines the malware’s mechanics, why gamers and enterprises should care, and outlines a mitigation roadmap.
North Korean Hackers Hit UAV Industry with Job Offer Malware
The Lazarus Group launched a sophisticated social-engineering campaign targeting European unmanned aerial vehicle (UAV) manufacturers via fake job offers to steal intellectual property and design data. Understanding the “Operation DreamJob” method, infection chain and mitigation is critical for defense supply-chain security.
CoPhish Exploit Shows Trusted Microsoft Domains Aren’t Safe
A new phishing technique called CoPhish abuses Microsoft Copilot Studio agents to steal OAuth tokens via trusted Microsoft domains, bypassing traditional security filters and highlighting the growing threat within low-code platforms.
AI Ransomware Revolution: What Security Teams Must Know
AI-powered ransomware is revolutionizing cybercrime. Using artificial intelligence, attackers automate targeting, evasion, and encryption enabling self-learning, large-scale attacks that outpace human defenses.