Security researchers have uncovered a large-scale malware campaign distributing an infostealer dubbed TamperedChef through fake PDF editing applications. The campaign relied on Google ads to drive victims to fraudulent websites hosting malicious downloads, blending legitimate branding with carefully timed activation of hidden payloads. How the Campaign Works According to researchers,…
Security analysts from JFrog have identified eight malicious NPM packages designed to steal sensitive information from Google Chrome users on Windows systems. The discovery highlights a growing risk in the software supply chain, where attackers weaponize widely used developer tools to target unsuspecting users. How the Attack Worked JFrog researchers…
Security researchers uncovered a supply chain attack targeting macOS developers that compromised thousands of credentials. The campaign, dubbed “s1ngularity,” exploited versions 20.9.0 to 21.8.0 of Nx, a popular open-source build framework, according to analysis from GitGuardian. The breach highlights the growing overlap between macOS attacks and the broader ecosystem of…
Security researchers just dropped a bombshell about ChatGPT’s newest feature – the AgentFlayer exploit can silently steal your sensitive data from Google Drive, SharePoint, and other connected services without you even knowing it happened. This zero-click attack uses “poisoned” documents loaded with hidden prompt injections that trick ChatGPT into exfiltrating…
The Chaos RaaS operation has emerged from the ashes of the BlackSuit ransomware takedown, with former gang members launching a fresh wave of attacks targeting American businesses. Law enforcement’s seizure of BlackSuit’s dark web infrastructure didn’t eliminate the threat – it just forced these cybercriminals to rebrand and adapt their…
Google’s threat intelligence team dropped alarming details this week about a massive Scattered Spider attack campaign targeting VMware ESXi hypervisors across American corporate networks. The notorious cybercriminal group has been systematically launching ransomware attacks against retail chains, airlines, and insurance companies, using nothing more than smooth-talking phone calls to IT…
On July 27, 2025, researchers uncovered Soco404, a stealthy crypto mining malware abusing AWS and Azure misconfigurations to hijack cloud resources. By embedding malicious scripts in fake 404 error pages, the Soco404 crypto miner quietly mines Monero using stolen computing power. This campaign adds to the growing wave of crypto…
Gunra ransomware has drawn the attention of cybersecurity researchers for its alarming resemblance to Conti, a now-defunct ransomware-as-a-service (RaaS) operation dismantled in 2022. Experts believe Gunra’s developers may be repurposing Conti’s leaked codebase, long circulated across cybercrime forums. Its behavior—automated encryption, shadow copy deletion, and nearly identical ransom notes—mirrors Conti’s…
An investigation on July 26, 2025 uncovered a widespread campaign involving fake GitHub repositories distributing malware strains such as RedLine and DeerStealer, designed to harvest cryptocurrency wallet credentials. The open source malware operation infiltrated developers and investors seeking blockchain tools—and leveraged open source software security gaps to propagate the malware.…
On July 26, 2025, Allianz Life’s 1.4M customers hit by a vendor CRM breach via social engineering. PII stolen, raising cyber insurance concerns.
