Threats

Malware, attack campaigns, APT groups

Operation Bizarre Bazaar: First LLMjacking Marketplace Monetizes Stolen AI Infrastructure Access

Threats

Operation Bizarre Bazaar: First LLMjacking Marketplace Monetizes Stolen AI Infrastructure Access

Security researchers have documented the first fully attributed criminal operation dedicated to hijacking and reselling unauthorized access to AI infrastructure at scale. Dubbed Operation Bizarre Bazaar, the campaign represents a complete LLMjacking supply chain—from initial reconnaissance to commercial marketplace monetization—operated by a threat actor known as "Hecker&

By Zero Day Wire
North Korea's LABYRINTH CHOLLIMA Splinters into Three Specialized Cyber Units

Threats

North Korea's LABYRINTH CHOLLIMA Splinters into Three Specialized Cyber Units

CrowdStrike Intelligence has reclassified LABYRINTH CHOLLIMA, the North Korean threat group behind the 2017 WannaCry ransomware attack, into three distinct operational units with specialized missions, malware, and targeting patterns. The new attribution framework recognizes GOLDEN CHOLLIMA, PRESSURE CHOLLIMA, and a narrower core LABYRINTH CHOLLIMA group as separate adversaries that emerged

By Zero Day Wire
Initial Access Broker TA584 Deploys High-Speed Phishing Campaigns with ClickFix Social Engineering and New Tsundere Bot Backdoor

Threats

Initial Access Broker TA584 Deploys High-Speed Phishing Campaigns with ClickFix Social Engineering and New Tsundere Bot Backdoor

The financially motivated threat actor TA584 has significantly escalated its initial access operations, adopting a high-speed attack model built around short-lived campaigns, rapid infrastructure changes, and aggressive social engineering techniques, according to research published by Proofpoint. The evolution reflects a broader shift in modern cybercrime where speed and adaptability now

By Zero Day Wire
Threat Actors Exploit React2Shell Vulnerability to Deploy Cryptocurrency Miners and Botnets Worldwide

Threats

Threat Actors Exploit React2Shell Vulnerability to Deploy Cryptocurrency Miners and Botnets Worldwide

Threat actors are actively exploiting a critical remote code execution vulnerability in React Server Components to compromise systems across multiple industries worldwide, deploying cryptocurrency miners, botnets, and remote access tools, according to research from BI.ZONE Threat Detection and Response. The vulnerability, tracked as CVE-2025-55182 and commonly referred to as

By Zero Day Wire
China-Aligned APT Groups Deploy PeckBirdy JScript Framework for Fileless Attacks on Government Targets

Threats

China-Aligned APT Groups Deploy PeckBirdy JScript Framework for Fileless Attacks on Government Targets

China-aligned advanced persistent threat groups have been using a previously undocumented JScript-based command-and-control framework called PeckBirdy to conduct fileless attacks against Asian government entities, educational institutions, and Chinese gambling operations since 2023, according to research published by Trend Micro. PeckBirdy is built entirely in JScript and leverages the Windows Script

By Zero Day Wire
Malicious npm Package "G_Wagon" Steals Browser Credentials and 100+ Cryptocurrency Wallets

Threats

Malicious npm Package "G_Wagon" Steals Browser Credentials and 100+ Cryptocurrency Wallets

A sophisticated malicious npm package disguised as a UI component library has been discovered deploying a multi-stage infostealer that targets browser credentials, over 100 cryptocurrency wallet extensions, cloud credentials, and messaging tokens, according to research published by Aikido Security. The package, named ansi-universal-ui, describes itself as "a lightweight, modular

By Zero Day Wire
Mustang Panda Upgrades CoolClient Backdoor with Clipboard Monitoring and Credential Theft Capabilities

Threats

Mustang Panda Upgrades CoolClient Backdoor with Clipboard Monitoring and Credential Theft Capabilities

The China-linked advanced persistent threat group HoneyMyte, also known as Mustang Panda or Bronze President, has significantly upgraded its CoolClient backdoor with new surveillance capabilities including clipboard monitoring, HTTP proxy credential sniffing, and browser credential theft, according to research published by Kaspersky. The group continues to actively target government entities

By Zero Day Wire