Mastodawn

New.

"The latest activity includes malicious npm releases affecting LeoPlatform and RStreams packages, GitHub Actions workflow abuse, and a related Go module compromise involving the Verana Blockchain project."

Socket: Miasma Mini Shai-Hulud Hits LeoPlatform npm Packages and GitHub Actions, Expands to the Go Ecosystem https://socket.dev/blog/miasma-mini-shai-hulud-hits-leoplatform-npm-packages-go-ecosystem @SocketSecurity #infosec #threatresearch #GitHub #npm #malware #JavaScript

FYI @ifin

Miasma Mini Shai-Hulud Hits LeoPlatform npm Packages and GitHub Actions, Expands to the Go Ecosystem

Mini Shai-Hulud expands into the Go ecosystem after hitting LeoPlatform npm packages and targeting GitHub Actions workflows.

Socket

AA 2d ago

New.

Sekoia:

Sold to the Highest Bidder: The Escalation of ADINT from Geolocation Tracking to Intrusion Vector https://www.sekoia.com/blog/sold-to-the-highest-bidder-the-escalation-of-adint-from-geolocation-tracking-to-intrusion-vector @sekoia_io

Picus:

Aquatic Panda (Earth Lusca) Analysis: Campaigns, Malware, and TTPs https://www.picussecurity.com/resource/blog/aquatic-panda-earth-lusca-analysis-campaigns-malware-and-ttps

VulnCheck:

NVIDIA GEN3C: Unauthenticated RCE via Pickle Deserialization in the Inference API https://www.vulncheck.com/blog/nvidia-gen3c-unauth-pickle-rce @vulncheck #Nvidia

Infoblox:

From San Pedro to Salinas: How a Chinese Framework “DCloud Uni-App” Powers a Global Scam Economy https://www.infoblox.com/blog/threat-intelligence/from-san-pedro-to-salinas-how-a-chinese-framework-dcloud-uni-app-powers-a-global-scam-economy/ @InfobloxThreatIntel

Group-IB:

Millenium: A RAT Rewritten, A Threat Multiplied https://www.group-ib.com/blog/millenium-rat-maas/

Kaspersky:

Inside the 2026 SMB threat landscape: From phishing and scams to fake AI tools https://securelist.com/smb-threat-report-2026/120357/ @Kaspersky #infosec #Telegram #cybercrime #scam #malware #threatintel #threatintelligence #phishing #threatresearch #surveillance #privacy

Sold to the Highest Bidder: The Escalation of ADINT from Geolocation Tracking to Intrusion Vector

Discover how private companies repurpose the advertising ecosystem into a global surveillance apparatus.

AA 2d ago

New.

ESET: Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new alliances https://www.welivesecurity.com/en/eset-research/gamaredon-2025-leveraging-tunnels-workers-dead-drops-new-alliances/ @ESETresearch #threatresearch #infosec #espionage #phishing #PowerShell

Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new alliances

ESET Research analyzes Gamaredon’s new toolset and the group’s growing reliance on legitimate online services to hide its C&C infrastructure and exfiltrate stolen data.

AA 2d ago

New.

Checkmarx: Operation Navy Ghost: How Attackers Planted a Telegram-Powered Backdoor Across Fake pyrogram Packages on PyPI https://checkmarx.com/zero-post/operation-navy-ghost-pyrogram-telegram-supplychain-attack/ #infosec #Telegram #Python #threatresearch #cyberattack

Operation Navy Ghost: How Attackers Planted a Telegram-Powered Backdoor Across Fake pyrogram Packages on PyPI - Checkmarx

A threat actor targeted Telegram bot developers adopting the popular 'pyrogram' package on PyPI over the course of six months starting November 2025, in Operation Navy Ghost. This malware is a complete backdoor on servers where infected bots are operated, and uses Telegram itself for C2 and data exfiltration. Learn how it works, how it sneaks by most scanners, and how to detect infections.

Checkmarx

AA 3d ago

New.

Mandiant: Zero-Day Exploitation of Vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager https://cloud.google.com/blog/topics/threat-intelligence/zero-day-exploitation-cisco-catalyst-sd-wan-manager #Google

Microsoft:

StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them https://www.microsoft.com/en-us/security/blog/2026/06/24/stealc-and-amadey-breaking-down-infostealers-and-the-cybercrime-services-that-deliver-them/

Kaspersky:

StrikeShark: investigating a new campaign delivering Cobalt Strike through SharkLoader https://securelist.com/strikeshark-campaign/120326/ @Kaspersky

Symantec: Backdoor.Mistic: New Backdoor May be Linked to Ransomware Access Broker https://www.security.com/threat-intelligence/new-mistic-backdoor-modelorat

Picus:

The ShinyHunters Domino Effect: One Breach, Hundreds of Victims https://www.picussecurity.com/resource/blog/the-shinyhunters-domino-effect-one-breach-hundreds-of-victims

Proofpoint:

StealC You Later: Proofpoint and IBM X-Force Support Operation Endgame Disruptions https://www.proofpoint.com/us/blog/threat-insight/stealc-you-later-proofpoint-and-ibm-x-force-support-operation-endgame #threatresearch #cybercrime #Microsoft #infosec #threatintelligence #Cisco #vulnerability #zeroday #ransomware

Zero-Day Exploitation of Vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager | Google Cloud Blog

The threat actor exploited the vulnerability to escalate privileges from a compromised administrative account to root-level access.

Google Cloud Blog

AA 3d ago

ESET takes part in Operation Endgame to disrupt Amadey and Stealc https://www.welivesecurity.com/en/eset-research/eset-takes-part-operation-endgame-disrupt-amadey-stealc/ @ESETresearch #infosec #threatresearch #botnet #cybercrime

ESET takes part in Operation Endgame to disrupt Amadey and Stealc

ESET researchers assisted in the global disruption of the Amadey botnet and Stealc infostealer, providing technical analysis, infrastructure tracking, and affiliate-level insights.

AA 4d ago

New.

Any.Run: EvilTokens: How “Ghost” Code Threatens US and European Businesses https://any.run/cybersecurity-blog/eviltokens-ghost-code-analysis/ @anyrun_app #infosec #malware #threatresearch

EvilTokens “Ghost” Code Phishing Analysis

See how EvilTokens hides Microsoft 365 account takeover activity behind browser-side decryption and how in-browser data inspection reveals the full attack flow.

ANY.RUN's Cybersecurity Blog

AA 4d ago

New.

Picus: Agent Tesla Malware Analysis: How This .NET RAT Steals Your Data https://www.picussecurity.com/resource/blog/agent-tesla-malware-analysis-how-this-.net-rat-steals-your-data #infosec #threatresearch #malware

Agent Tesla Malware Analysis: How This .NET RAT Steals Your Data

Agent Tesla is a .NET RAT stealing credentials, keystrokes, and screenshots. Learn how it works and how to defend your endpoints.

AA 5d ago

New.

Kaspersky: A VBScript campaign distributed through WhatsApp deploying RMM software https://securelist.com/whatsapp-vbs-rmm-campaign/120290/ @Kaspersky #infosec #WhatsApp #Meta #malware #threatresearch

A VBScript campaign distributed through WhatsApp deploying RMM software

A Kaspersky researcher analyzes a global malicious campaign that distributes VBS scripts via WhatsApp delivering a UEMS RMM agent through a multi-stage infection chain.

Kaspersky

TechNadu Jun 2

Mobile malware is becoming a billing engine.
Kern Smith of Zimperium explains how Android fraud campaigns silently subscribe victims to premium SMS services, intercept OTPs, and monetize users through carrier billing systems.
🔶 Carrier-specific targeting
🔶 OTP interception
🔶 Silent subscriptions
🔶 Automated monetization

Read the full discussion:
https://www.technadu.com/when-your-phone-is-subscribed-without-consent-the-attack-has-already-worked/628818/

#MobileSecurity #Android #SMSFraud #CyberSecurity #ThreatResearch #Malware