Mastodawn

New.

"The emails contained links to GitHub repositories masquerading as technical assignments or cryptocurrency-related projects. The instructions encouraged the target to clone the repository and open it in an editor such as VS Code or Cursor. A pre-configured task executes silently when the user opens the repository folder in the IDE, triggering platform-specific loaders that decode embedded payloads on Linux, macOS, and Windows."

Proofpoint: Don't Fear the Repo: UNK_DeadDrop Phishing Campaign Targets Developers to Steal Cryptocurrency https://www.proofpoint.com/us/blog/threat-insight/dont-fear-repo-unkdeaddrop-phishing-campaign-targets-developers-steal #threatresearch #infosec #phhishing #GitHub #Linux #MacOS #Windows11

Don't Fear the Repo: UNK_DeadDrop Phishing Campaign Targets Developers to Steal Cryptocurrency | Proofpoint US

By Saher Naumaan, Carlos Rubio, and the Proofpoint Threat Research Team Key Findings Between April and May 2026, Proofpoint Threat Research observed a likely North Korean threat actor

Proofpoint

AA 9h ago

New.

Kaspersky: From cause to cash: a cross-border look at hacktivist activity https://securelist.com/tr/hacktivists-broaden-attack-geography/120115/ @Kaspersky #infosec #threatresearch

Hacktivists are broadening their scope beyond political motivation

Hacktivist outfits, namely 4BID, Hakerskii Kit, and C.A.S., are now targeting organizations across Kazakhstan, the UAE, Egypt, and Syria.

Securelist

AA 9h ago

Socket posted this yesterday, if you missed it:

Shai-Hulud Descends to Hades: Miasma Worm Campaign Spreads with New PyPI Wave https://socket.dev/blog/shai-hulud-descends-to-hades-miasma-pypi-wave @SocketSecurity #infosec #threatresearch #PyPI #Python #vulnerability

Shai-Hulud Descends to Hades: Miasma Worm Campaign Spreads with New PyPI Wave

Socket found 37 malicious PyPI wheels that abuse Python startup hooks to launch a Bun-powered credential stealer tied to Mini Shai-Hulud/Miasma.

Socket

AA 3d ago

New.

Palo Alto Unit 42: Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257 https://unit42.paloaltonetworks.com/active-exploitation-of-pan-os-cve-2026-0257/ @unit42_intel #PaloAlto #infosec #vulnerability #threatresearch

Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257

We include indicators of activity and mitigations for PAN-OS vulnerability CVE-2026-0257.

Unit 42

AA 4d ago

New.

Any.Run: Q1 2026 Cyber Risk Report: Insights from 2.1 Million Malware and Phishing Investigations https://any.run/cybersecurity-blog/cyber-risk-report-q1-2026/ @anyrun_app #infosec #malware #phishing #threatresearch

Cyber Risk Report Q1 2026 by ANY.RUN

Explore a quarterly Cyber Risk report to discover seven key malware trends and their strategic implications for Q2 2026.

ANY.RUN's Cybersecurity Blog

AA 4d ago

New.

Sophos: You do surprise me.exe: An unexpected executable in Hola Browser https://www.sophos.com/en-us/blog/you-do-surprise-me-exe-an-unexpected-executable-in-hola-browser @SophosXOps #infosec #threatresearch #supplychain

You do surprise me.exe: An unexpected executable in Hola Browser

Following a certification test, Sophos X-Ops found an unexpected guest had hitched a ride

SOPHOS

AA 4d ago

New.

Threat Fabtic: Own Goal? Piracy as an Attack Vector to Target Football Fans https://www.threatfabric.com/blogs/own-goal-piracy-as-an-attack-vector-to-target-football-fans #infosec #threatresearch #malware #Android

Own Goal? Piracy as an Attack Vector to Target Football Fans

Recently, ahead of the UEFA Champions League final and World Cup, our MTI research team observed an increase in unofficial IPTV apps containing malware.

AA 5d ago

New.

Proofpoint: TA4922: The Suspected Chinese Crime Group is Going Global https://www.proofpoint.com/us/blog/threat-insight/ta4922-suspected-chinese-crime-group-going-global #infosec #threatresearch #cybercrime

TA4922: The Suspected Chinese Crime Group is Going Global | Proofpoint US

Key Findings: TA4922 is a highly sophisticated threat actor demonstrating a rapid operational tempo and continually evolving malware arsenal. The group has been

Proofpoint

AA 5d ago

New.

Also known as porn.

Kaspersky: Argamal: Malware hidden in hentai games https://securelist.com/argamal-rat-distributed-with-hentai-games/119999/ @Kaspersky #infosec #malware #threatresearch

Argamal: Malware hidden in hentai games

Kaspersky researchers analyze new Argamal RAT distributed via infected hentai games and allowing the attacker to control the target machine.

Kaspersky

AA 5d ago

New.

Group-IB: Error 524 Decoy: Unmasking a Global Smishing Operation Hiding Behind Error Pages https://www.group-ib.com/blog/error-524-decoy-smishing/ #infosec #threatresearch #phishing

Error 524 Decoy: Unmasking a Global Smishing Operation Hiding Behind Error Pages

Group-IB researchers expose a large-scale smishing and phishing operation impersonating 260+ brands across 72 countries, using fake Cloudflare error pages, geofencing, and encrypted WebSocket channels for real-time credit card theft.

Group-IB