A cyber-espionage campaign attributed to Iranian threat actor UNC1549 has compromised 34 devices across 11 telecommunications companies, according to new research from Swiss cybersecurity firm PRODAFT. The group, also tracked as Subtle Snail, used LinkedIn recruitment-themed lures to deliver a custom backdoor called MINIBIKE, bypassing detection through infrastructure proxied via…
A long-dormant macOS backdoor called ChillyHell has resurfaced, according to new research from Jamf Threat Labs. The malware, first documented in 2023, is once again active and evolving, showing signs that threat actors are refining their tactics to bypass Apple’s defenses. ChillyHell’s History ChillyHell was first uncovered in 2023 by…
Salesloft has confirmed that its GitHub account was the initial entry point in the supply chain breach tied to its Drift application, an incident that has already impacted at least 22 companies. The campaign has been attributed to UNC6395, the same threat actor linked to recent high-profile cloud and SaaS…
A new supply chain attack called GhostAction has compromised 817 GitHub repositories, stealing at least 3,325 secrets including npm, PyPI, and DockerHub tokens. Researchers at GitGuardian linked the incident to malicious commits designed to harvest CI/CD credentials from open-source projects. How the Attack Started On September 2, 2025, a GitHub…
Amazon’s threat intelligence team has disrupted a watering hole campaign conducted by APT29, the Russian state-linked threat group also known as Midnight Blizzard. The operation used compromised websites to redirect visitors into a phishing scheme designed to hijack Microsoft accounts through the device code authentication flow. How the Campaign Worked…
The Chaos RaaS operation has emerged from the ashes of the BlackSuit ransomware takedown, with former gang members launching a fresh wave of attacks targeting American businesses. Law enforcement’s seizure of BlackSuit’s dark web infrastructure didn’t eliminate the threat – it just forced these cybercriminals to rebrand and adapt their…
Google’s threat intelligence team dropped alarming details this week about a massive Scattered Spider attack campaign targeting VMware ESXi hypervisors across American corporate networks. The notorious cybercriminal group has been systematically launching ransomware attacks against retail chains, airlines, and insurance companies, using nothing more than smooth-talking phone calls to IT…
On July 21, 2025, security researchers uncovered three malicious Arch Linux AUR packages deploying the remote access trojan known as CHAOS RAT, targeting both mobile and desktop systems. These packages, disguised as legitimate tools, covertly install backdoors enabling attackers to hijack user systems remotely. This article explores the exploit’s technical mechanics, widespread…
In May 2025, the decentralized finance (DeFi) world was rocked by a massive smart contract breach that saw $223 million in crypto assets stolen from Cetus Protocol, a leading decentralized exchange (DEX) on the Sui blockchain. The attack, which exploited a critical vulnerability in the protocol’s liquidity pool smart contracts,…
Recent research from CloudSEK reveals the growing sophistication of the Androxgh0st botnet, which is now targeting academic institutions such as UC San Diego. The malware uses remote code execution (RCE) vulnerabilities and web shells to infiltrate systems. Learn how this evolving threat operates — and what steps you can take…
