Malicious PyPI Package Masquerades as SOCKS5 Proxy Tool
The PyPI “SoopSocks” package claims to be a SOCKS5 proxy solution but conceals backdoor capabilities, enabling attackers to control compromised systems remotely.
Read More
APT31 Targets Russian IT via Yandex Cloud & OneDrive C2
Between 2024 and 2025, China-linked APT31 conducted a stealthy espionage campaign targeting Russian IT contractors and government integrators. The group masked its command-and-control using legitimate cloud services such as Yandex Cloud and OneDrive, deployed loaders like CloudyLoader via DLL side-loading, and maintained long dwell times within compromised networks. This article decodes APT31’s tool-kit, tactics and persistence model, and offers detection and response guidance for defenders.
Trump Demands Microsoft Fire Global Affairs Chief Lisa Monaco Over Security Concerns
Trump urged Microsoft to fire Lisa Monaco, its head of global affairs, raising concerns over her revoked security clearance and history in DOJ investigations.
Fake “Safery” Chrome wallet exfiltrates seed phrases on Sui
A fake Chrome wallet called “Safery” steals seed phrases by encoding them into Sui addresses and sending dust transactions, allowing attackers to reconstruct mnemonics later. Consequently, users risk full account takeover. Enforce extension allowlists, remove unknown wallets, rotate seeds, and migrate assets to new addresses immediately.
Home Lab SOC: Free SIEM + Sysmon + Sigma in a Weekend
Spin up a free SIEM home lab this weekend. You’ll deploy Wazuh or OpenSearch, collect Windows telemetry with Sysmon, and run Sigma detections you can actually see and tune. This guide prioritizes students and hobbyists: minimal hardware, copy-paste steps, and safe tests so you learn detection engineering not just dashboards.
How Commercial Spyware Is Hijacking Signal and WhatsApp
CISA is warning that state-linked threat actors are actively using commercial spyware and remote access trojans to hijack Signal and WhatsApp accounts, weaponize linked devices and deploy zero-click exploits. This article breaks down the campaigns, the tools involved and the specific hardening steps high-value targets should take immediately.
Crisis24’s OnSolve CodeRED Exposes Data and Disrupts Alerts
A cyberattack on Crisis24’s OnSolve CodeRED platform disrupted emergency alerts for cities, counties, police and fire agencies across the U.S. The INC Ransom group claims responsibility, with stolen resident data, clear-text passwords and a rollback to older backups now forcing agencies to rebuild their notification capabilities and review credential hygiene.
Developers Warned: North Korean Hackers Use Malicious Repos
Cybersecurity researchers uncovered a North Korean operation that targets software developers by hiding malicious code inside public repositories.
The campaign, linked to Lazarus Group, uses fake developer tools and trojanized libraries to infiltrate development environments worldwide.
China-Linked Actors Abuse DNS in Advanced Espionage Malware
A China-linked cyber espionage malware campaign demonstrates how attackers abuse DNS traffic to maintain stealthy, long-term command-and-control access.
DraftKings Accounts Targeted in Credential-Stuffing Wave
Online betting platform DraftKings has confirmed a credential-stuffing breach exposing customer data. Attackers reused leaked passwords from past breaches to gain access to DraftKings accounts, compromising personal details, account balances, and transaction history. Users are advised to reset passwords and enable multi-factor authentication immediately.