17 Jul, 2026

North Korean hackers exploit React2Shell flaw in EtherRAT malware attacks

A new malware implant called EtherRAT, deployed in a recent React2Shell attack, runs five separate Linux persistence mechanisms and leverages Ethereum smart contracts for communication with the attacker. Researchers at cloud security company Sysdig believe that the malware aligns with North Korea’s tools used in Contagious Interview campaigns. They recovered EtherRAT from a compromised Next.js application […]

4 mins read

Ransomware IAB abuses EDR for stealthy malware execution

An initial access broker tracked as Storm-0249 is abusing endpoint detection and response solutions and trusted Microsoft Windows utilities to load malware, establish communication, and persistence in preparation for ransomware attacks. The threat actor has moved beyond mass phishing and adopted stealthier, more advanced methods that prove effective and difficult for defenders to counter, even if well documented. In […]

2 mins read

Ransomware gangs turn to Shanya EXE packer to hide EDR killers

Multiple ransomware gangs are using a packer-as-a-service platform named Shanya to help them deploy payloads that disable endpoint detection and response solutions on victim systems. Packer services provide cybercriminals with specialized tools to package their payloads in a way that obfuscates malicious code to evade detection by most known security tools and antivirus engines. The Shanya packer […]

3 mins read

Malicious VSCode extensions on Microsoft’s registry drop infostealers

Two malicious extensions on Microsoft’s Visual Studio Code Marketplace infect developers’ machines with information-stealing malware that can take screenshots, steal credentials, crypto wallets, and hijack browser sessions. The marketplace hosts extensions for the popular VSCode integrated development environment (IDE) to extend functionality or add customization options. The two malicious extensions, called Bitcoin Black and Codo […]

3 mins read

FinCEN says ransomware gangs extorted over $2.1B from 2022 to 2024

A new report by the Financial Crimes Enforcement Network (FinCEN) shows that ransomware activity peaked in 2023 before falling in 2024, following a series of law enforcement actions targeting the ALPHV/BlackCat and LockBit ransomware gangs. From thousands of Bank Secrecy Act filings, the report documents 4,194 ransomware incidents between January 2022 and December 2024. These reports […]

2 mins read

Poland arrests Ukrainians utilizing ‘advanced’ hacking equipment

The police in Poland arrested three Ukrainian nationals for allegedly attempting to damage IT systems in the country using hacking equipment and for obtaining “computer data of particular importance to national defense.” The three men, aged between 39 and 43, could not explain why they were carrying the electronic devices. They now face charges of fraud, computer […]

2 mins read

Google Chrome adds new security layer for Gemini AI agentic browsing

Google is introducing in the Chrome browser a new defense layer called ‘User Alignment Critic’ to protect upcoming agentic AI browsing features powered by Gemini. Agentic browsing is an emerging mode in which an AI agent is configured to autonomously perform for the user multi-step tasks on the web, including navigating sites, reading their content, […]

3 mins read

Portugal updates cybercrime law to exempt security researchers

Portugal has modified its cybercrime law to establish a legal safe harbor for good-faith security research and to make hacking non-punishable under certain strict conditions. First spotted by Daniel Cuthbert, a new provision in Article 8.o-A, titled “Acts not punishable due to public interest in cybersecurity,” provides a legal exemption for actions that previously were classified as illegal system […]

2 mins read

React2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerable

Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now confirming that attackers have already compromised over 30 organizations across multiple sectors. React2Shell is an unauthenticated remote code execution vulnerability that can be exploited via a single HTTP request and affects all frameworks that implement React […]

5 mins read

New wave of VPN login attempts targets Palo Alto GlobalProtect portals

A campaign has been observed targeting Palo Alto GlobalProtect portals with login attempts and launching scanning activity against SonicWall SonicOS API endpoints. The activity started on December 2nd and originated from more than 7,000 IP addresses from infrastructure operated by the German IT company 3xK GmbH, which runs its own BGP network (AS200373) and operates as […]

2 mins read