The U.S. Secret Service dismantled a massive telecom threat in New York City, seizing 100,000 SIM cards and 300 servers hidden across abandoned apartments. Authorities say the “imminent” campaign, discovered before the UN Assembly, could have crippled cellular services, government operations, and emergency systems. Investigators believe foreign threat actors used the network for covert communication with criminal enterprises
Cybersecurity researchers have uncovered a new form of supply chain attack hidden within the npm ecosystem. A malicious npm package was discovered embedding malware inside steganographic QR codes, a technique designed to slip past traditional security defenses. The attack highlights growing risks in opensource software dependencies and developer tools How the Malware Works The compromised…
OpenAI plans to give content owners greater control over how their characters appear in Sora, moving toward an opt-in model and instituting revenue-sharing for participating rights holders.
GlassWorm is the first known self-propagating worm targeting developer environments by infecting VS Code extensions with hidden Unicode payloads. Once installed, it steals credentials from NPM, GitHub and Git, and upgrades machines into proxy nodes and part of a distributed criminal infrastructure. It uses a blockchain-based command and control mechanism and auto-updates to spread across the developer ecosystem. In this article, we dissect how GlassWorm works, what makes it a paradigm shift in supply-chain attacks, and what organisations must do to detect and contain it before their dev workstations become weaponised.
Threat actors are increasingly poisoning AI tools and assistants embedding dangerous prompts or corrupting the data they rely on to turn defenses against organizations.
The recently disclosed flaw in LANSCOPE Endpoint Manager (CVE-2025-61932) enables unauthenticated attackers to send malicious packets, execute arbitrary code and compromise systems. Organisations must patch affected versions, apply network controls and monitor for unusual traffic to avoid full network takeover.
EvilAI operators are hiding malware in legitimate-looking AI tools that appear functional and signed, enabling reconnaissance, browser data exfiltration, and encrypted C2 communication across global targets.
A newly discovered backdoor, dubbed Net-CAPI, has infiltrated multiple Russian government networks by hijacking Windows cryptographic services. Analysts believe the tool, developed by a sophisticated threat group, uses advanced evasion and persistence methods to hide within legitimate system operations—making detection nearly impossible.
Attackers actively exploit a Linux kernel use-after-free. Patch quickly, reduce local attack surface, and verify coverage with high-signal detections and a weekly baseline review.
The UK is investigating whether Yutong electric buses can be remotely deactivated. Norway’s Faraday-cage tests and Denmark’s review raised alarms about SIM-enabled diagnostics and OTA updates. Operators should lock down telematics, broker OTA, and drill outage response now.