Russia-Linked GREYVIBE Exploits AI in Ukraine Cyberattacks

Discover how the Russia-linked group GREYVIBE is using AI to launch sophisticated cyberattacks on Ukraine, leveraging tactics like spear-phishing emails and fake websites to spread malware. WithSecure researchers have tracked GREYVIBE's activities back to August 2025, revealing a pattern of attacks targeting Ukraine's…

https://osintsights.com/russia-linked-greyvibe-exploits-ai-in-ukraine-cyberattacks?utm_source=mastodon&utm_medium=social

#RussialinkedGreyvibe #UkraineCyberattacks #NationState #MalwareOperations #Spearphishing

AI-Generated Malware Exposes Operator's GitHub Token

A malicious npm package, disguised as a harmless sync utility called "mouse5212-super-formatter", was downloaded 676 times before it was caught stealing sensitive data and exposing its creator's GitHub token. This AI-generated malware cleverly hid its true intentions, uploading stolen files to a fake repository and covering its tracks.

https://osintsights.com/ai-generated-malware-exposes-operators-github-token?utm_source=mastodon&utm_medium=social

#AigeneratedMalware #Github #Infostealer #MalwareOperations #Npm

Kimsuky Expands Malware Arsenal with HTTPSpy, HelloDoor

Kimsuky, a notorious North Korean hacking group, has upgraded its malware arsenal with HTTPSpy and HelloDoor, using clever tactics like fake installation pages and a spoofed Webex meeting to infiltrate targets. The group's latest attacks involve highly tailored social engineering and real-time infection verification to maximize success.

https://osintsights.com/kimsuky-expands-malware-arsenal-with-httpspy-hellodoor?utm_source=mastodon&utm_medium=social

#Kimsuky #NorthKorea #Statesponsored #MalwareOperations #SocialEngineering

Cybercrime Gang Targets Fans with Miner Malware via Pirated Media Sites

Millions of fans are unwittingly getting hacked when they visit popular pirated media sites, with a staggering 40 million visits to infected sites in April alone. A sneaky malware campaign is using fake video player updates to infect devices with cryptomining and remote-access malware.

https://osintsights.com/cybercrime-gang-targets-fans-with-miner-malware-via-pirated-media-sites?utm_source=mastodon&utm_medium=social

#MalwareOperations #MinerMalware #PiratedMedia #Cryptomining #RemoteaccessCampaign

GPU mining malware spreads via SEO poisoning and AI chatbot manipulation

Beware of a sneaky malware that's spreading through manipulated AI chatbot responses and search engine poisoning, tricking users into downloading GPU mining malware. Victims unknowingly stumble upon malicious links while searching for popular software or getting recommendations from AI assistants.

https://osintsights.com/gpu-mining-malware-spreads-via-seo-poisoning-and-ai-chatbot-manipulation?utm_source=mastodon&utm_medium=social

#SeoPoisoning #GpuMiningMalware #AiChatbotManipulation #MalwareOperations #EmergingThreats

CrowdStrike Disrupts GlassWorm Malware's Global Supply Chain Attack Infrastructure

In a major win for cybersecurity, CrowdStrike teamed up with Google and the Shadowserver Foundation to dismantle the global infrastructure behind the GlassWorm malware attack, crippling its ability to issue commands or deliver new payloads to infected machines. This coordinated operation targeted and neutralized…

https://osintsights.com/crowdstrike-disrupts-glassworm-malwares-global-supply-chain-attack-infrastructur?utm_source=mastodon&utm_medium=social

#Glassworm #MalwareOperations #SupplyChain #EmergingThreats #CicdPipeline

KnowledgeDeliver LMS Flaw Exploited to Deploy Malware

A security flaw in the KnowledgeDeliver LMS, known as CVE-2026-5426, was exploited by a threat actor to inject malicious code and infect users visiting the site. This vulnerability was caused by a predictable secret in the system's web.config file, allowing attackers to execute remote code.

https://osintsights.com/knowledgedeliver-lms-flaw-exploited-to-deploy-malware?utm_source=mastodon&utm_medium=social

#RemoteCodeExecution #LmsSecurity #Cve20265426 #MalwareOperations #EmergingThreats

TrapDoor Attack Spreads Credential-Stealing Malware Across Software Ecosystems

A massive supply chain attack, dubbed TrapDoor, has been spreading credential-stealing malware across three major language ecosystems, infecting over 34 malicious packages and 384 versions. The coordinated campaign began on May 22, 2026, and continues to target developers with cleverly named packages…

https://osintsights.com/trapdoor-attack-spreads-credential-stealing-malware-across-software-ecosystems?utm_source=mastodon&utm_medium=social

#SupplyChain #CredentialstealingMalware #Trapdoor #MalwareOperations #EmergingThreats

GitHub Tags Exploited to Deploy Credential-Stealing Malware

Malicious actors have manipulated hundreds of GitHub tags to spread credential-stealing malware through popular Laravel Lang localization packages, putting countless users at risk. By rewriting historical tags, attackers tricked Composer installations into downloading the malicious payload.

https://osintsights.com/github-tags-exploited-to-deploy-credential-stealing-malware?utm_source=mastodon&utm_medium=social

#MalwareOperations #CredentialStealing #Github #Composer #Laravel

Malicious Laravel-Lang Packages Deliver Cross-Platform Credential Stealer

A massive wave of malicious Laravel-Lang packages, with over 700 versions released in just two days, has been used to spread a sneaky cross-platform credential stealer. Security researchers warn that multiple PHP packages from the Laravel-Lang organization were compromised, hinting at a large-scale breach of the organization's…

https://osintsights.com/malicious-laravel-lang-packages-deliver-cross-platform-credential-stealer?utm_source=mastodon&utm_medium=social

#MalwareOperations #Laravel #CredentialStealer #Php #SupplyChain