Blog

Executive Summary A Cyber Security News report published on 27 May 2026 detailed an ongoing Glassworm malware campaign targeting software developers through trusted development platforms, including npm, PyPI, OpenVSX, and GitHub. The campaign first surfaced in October 2025 through malicious Visual Studio Code and OpenVSX extensions and has since expanded into Python repositories, React Native npm packages,…

Account fraud isn’t a one-off event, it’s an industry. Operators run shops, set prices, manage stock and respond to customers. They specialize, collaborate, and follow the money into whichever industries are paying out. For a retailer, it is a customer’s account quietly emptied of points, gift card credit and stored payment value. For a quick…

Executive Summary According to a report from the Microsoft Defender security research team published on 6 May 2026,an active “ClickFix” campaign is targeting macOS users through fake utility and troubleshooting lures. The campaign uses deceptive prompts masquerading as system fixes or macOS utilities to trick users into manually executing malicious terminal commands. In the past two…

Executive Summary On 5 May 2026, ESET researchers reported that a North Korea-aligned threat group known as ScarCruft executed a supply chain attack against a video gaming platform serving ethnic Koreans in China’s Yanbian region, planting backdoors in both Windows and Android versions of the platform’s games to turn a trusted service into a covert espionage tool. Key Takeaways…

Executive Summary  On 20 April 2026 Wiz Research uncovered a critical vulnerability (CVE-2026-3854) in GitHub’s internal git infrastructure affecting both GitHub.com and GitHub Enterprise Server. By exploiting an injection flaw in GitHub’s internal protocol, any authenticated user could execute arbitrary commands on GitHub’s backend servers with a single git push command – using nothing but a standard git client.   Affected…

Executive Summary According to a report from Xint published on 29 April 2026, a Linux kernel vulnerability named “Copy Fail” has affected multiple major Linux distributions released since 2017. The flaw, designated CVE-2026-31431, allows a local, unprivileged user to escalate privileges to root by exploiting improper handling of data copying within the kernel. The vulnerability enables potential threat actors…

Executive Summary Security researchers from Socket have discovered that version 2026.4.0 of Bitwarden CLI has been compromised through a poisoned GitHub Actions workflow. This incident is part of the broader Checkmarx supply chain campaign and specifically impacts the npm distribution used by developers and automated build environments. The malicious payload executes credential-harvesting routines targeting cloud service providers, SSH…

Executive Summary Unit 42 has responded to numerous incidents since February 2026 involving data theft and extortion across various industries. We attribute a specific portion of this financially-motivated activity with moderate confidence to the activity cluster CL-CRI-1116, which overlaps with public reporting on BlackFile, UNC6671 and Cordial Spider.  This blog is designed to provide RH-ISAC…

Executive Summary ESET Researchers discovered a new variant of the NGate malware family that abuses a legitimate Android application called HandyPay, instead of the previously leveraged NFCGate tool. The malicious code allows attackers to transfer NFC data from the victim’s payment card to their own device and use it for contactless ATM cash-outs and unauthorized payments, while also capturing the victim’s payment…

A New Class of Digital Operator Retail organizations are moving quickly to operationalize agentic AI to streamline customer service, create self-serve customer workflows, enable shopping bots, and improve internal employee productivity. This is not just an internal transformation. Your customers will use agents to browse, compare, and buy. Your employees will create their own “mini…