Threats

Threats

Nx Console VS Code Extension Compromised — 2.2 Million Installs Exposed to Credential Stealer With Sigstore Supply Chain Poisoning Capability

A compromised version of the Nx Console extension — a popular VS Code plugin with over 2.2 million installations — was published to the Visual Studio Code Marketplace after an attacker leveraged stolen developer credentials to inject a multi-stage credential stealer into the official nrwl/nx GitHub repository. The malicious version

Threats

Pre-Stuxnet Sabotage Malware Fast16 Confirmed as Nuclear Weapons Simulation Tampering Tool Dating Back to 2005

Symantec and Carbon Black have published a definitive analysis confirming that Fast16, a Lua-based malware framework first surfaced by SentinelOne weeks ago, was purpose-built to sabotage nuclear weapons testing simulations. The findings establish Fast16 as the earliest known cyber sabotage tool targeting nuclear weapons research — predating the first known version

Threats

FamousSparrow Targets Azerbaijani Oil and Gas Firm in Three-Wave Campaign Using ProxyNotShell, Deed RAT, and Kernel-Level Rootkit

Bitdefender Labs has documented a sustained espionage campaign by Chinese-aligned APT group FamousSparrow against an oil and gas company in Azerbaijan, carried out across three distinct waves between December 2025 and February 2026. The campaign marks a strategic pivot for the group toward South Caucasus energy infrastructure and demonstrates how

Threats

Mini Shai-Hulud Worm Spreads Across npm and PyPI, Hits TanStack, Mistral AI, and More

A threat actor tracked as TeamPCP is behind a widening supply chain attack campaign called Mini Shai-Hulud, which has compromised packages across both the npm and PyPI ecosystems belonging to TanStack, Mistral AI, Guardrails AI, OpenSearch, and UiPath, among others. The compromised packages contain an obfuscated JavaScript file named "

Threats

Microsoft Exposes AiTM Phishing Campaign Targeting 35,000 Users Across 26 Countries With Code of Conduct Lures and Real-Time Token Theft

Microsoft has disclosed a large-scale credential theft campaign that targeted more than 35,000 users across 13,000 organizations in 26 countries over a three-day window between April 14 and 16, 2026. The campaign combined polished enterprise-style lures with adversary-in-the-middle (AiTM) phishing to harvest Microsoft credentials and authentication tokens in

Threats

ScarCruft Compromises Gaming Platform in Supply Chain Attack to Deploy BirdCall Backdoor on Android and Windows Against Ethnic Koreans in China

ESET researchers have uncovered a supply chain espionage campaign by North Korean APT group ScarCruft that compromised a video game platform popular with ethnic Koreans living in China's Yanbian region — a border area known as a primary transit point for North Korean defectors crossing the Tumen River into

Threats

Mustang Panda Deploys Updated LOTUSLITE Backdoor Against Indian Banking Sector and South Korean Policy Targets

Acronis researchers have identified a new variant of the LOTUSLITE backdoor being deployed by Mustang Panda in campaigns targeting India's banking sector and South Korean policy communities. The updated malware demonstrates incremental refinements over its predecessor, confirming active maintenance by the Chinese nation-state group as it broadens its

Threats

Iranian APT Seedworm Deploys Dindoor Backdoor via Microsoft Teams Social Engineering Using Deno Runtime for In-Memory Execution

CyberProof researchers have uncovered a campaign by Iranian APT group Seedworm that uses Microsoft Teams as an initial access vector, deploying a custom backdoor called Dindoor through social engineering that impersonates IT support personnel. The campaign emerged in early March 2026, coinciding with a surge in Iranian-linked cyber activity following

Threats

DSCourier Proof-of-Concept Abuses WinGet COM API to Bypass CrowdStrike Falcon, Microsoft Defender, and Elastic EDR

A security researcher has released DSCourier, a proof-of-concept tool that abuses the WinGet Configuration COM API to apply arbitrary Desired State Configuration (DSC) configurations through Microsoft-signed binaries — a technique that has been demonstrated bypassing three of the most widely deployed enterprise EDR platforms: CrowdStrike Falcon, Microsoft Defender for Endpoint, and

Threats

Google Attributes Axios npm Supply Chain Attack to North Korean UNC1069, Links Backdoor to WAVESHAPER Evolution

Google has formally attributed the Axios npm supply chain attack to UNC1069, a North Korean threat cluster tracked by Mandiant and Google's Threat Intelligence Group since 2018. The attribution, confirmed by GTIG chief analyst John Hultquist, links the compromise of the JavaScript ecosystem's most popular HTTP

Threats

Axios Supply Chain Attack Delivers Cross-Platform RAT to Millions After npm Maintainer Account Hijacked

A coordinated supply chain attack targeting the Axios npm package has delivered a cross-platform remote access trojan to developer workstations and CI/CD environments worldwide, after an attacker hijacked the lead maintainer's npm credentials and published two backdoored releases to the official registry. The attack, executed in the

Threats

Coruna iOS Exploit Kit Traced Back to Operation Triangulation Authors as Attacks Shift From Espionage to Mass Exploitation

Kaspersky's GReAT team has established a direct code-level link between the Coruna iOS exploit kit and Operation Triangulation, the sophisticated espionage campaign that targeted iOS devices in 2023. The connection goes beyond shared vulnerabilities — the kernel exploits in both toolchains were created by the same author using a