Threat Intelligence - RH-ISAC Blog

Executive Summary A report published by The Hacker News on 17 June 2026 detailed a software supply chain attack impacting 144 npm packages associated with the Mastra ecosystem after threat actors compromised a maintainer account through a phishing attack. The attackers leveraged the compromised account to publish malicious package versions to the npm registry. According to the…

Executive Summary In June 2026, D3 lab researchers reported on a new banking trojan. NFCShare is an Android banking trojan initially distributed as a malicious Android Package file (APK) through a phishing flow impersonating Deutsche Bank. The malware presents a fake card-verification interface, prompts the victim to place a payment card near the phone, collects the card…

Executive Summary On 10 June 2026, BleepingComputer reported that Oracle PeopleSoft servers are allegedly being targeted in ongoing data theft attacks by the ShinyHunters extortion gang, which claims to have stolen data from over 100 organizations. PeopleSoft is an enterprise business software suite used by large organizations to manage HR, payroll, finance, supply chain, procurement, and student…

Executive Summary On 9 June 2026, ServiceNow disclosed an incident in which unknown threat actors exploited a flaw to gain deeper unauthorized access to susceptible customer instances. On 5 June 2026, ServiceNow applied a security update to hosted customer instances to address an issue that could allow an unauthenticated user, under certain circumstances, to gain greater access to ServiceNow instances…

Executive Summary A Proofpoint Threat Research report published on 8 June 2026 detailed a phishing campaign tracked as UNK_DeadDrop targeting software developers across multiple organizations. The campaign uses fake recruitment and code review lures to convince developers to download malicious project files from GitHub repositories. Once executed, the malware is designed to compromise developer workstations and facilitate…

Executive Summary A Cyber Security News report published on 27 May 2026 detailed an ongoing Glassworm malware campaign targeting software developers through trusted development platforms, including npm, PyPI, OpenVSX, and GitHub. The campaign first surfaced in October 2025 through malicious Visual Studio Code and OpenVSX extensions and has since expanded into Python repositories, React Native npm packages,…

Account fraud isn’t a one-off event, it’s an industry. Operators run shops, set prices, manage stock and respond to customers. They specialize, collaborate, and follow the money into whichever industries are paying out. For a retailer, it is a customer’s account quietly emptied of points, gift card credit and stored payment value. For a quick…

Executive Summary According to a report from the Microsoft Defender security research team published on 6 May 2026,an active “ClickFix” campaign is targeting macOS users through fake utility and troubleshooting lures. The campaign uses deceptive prompts masquerading as system fixes or macOS utilities to trick users into manually executing malicious terminal commands. In the past two…

Executive Summary On 5 May 2026, ESET researchers reported that a North Korea-aligned threat group known as ScarCruft executed a supply chain attack against a video gaming platform serving ethnic Koreans in China’s Yanbian region, planting backdoors in both Windows and Android versions of the platform’s games to turn a trusted service into a covert espionage tool. Key Takeaways…

Executive Summary  On 20 April 2026 Wiz Research uncovered a critical vulnerability (CVE-2026-3854) in GitHub’s internal git infrastructure affecting both GitHub.com and GitHub Enterprise Server. By exploiting an injection flaw in GitHub’s internal protocol, any authenticated user could execute arbitrary commands on GitHub’s backend servers with a single git push command – using nothing but a standard git client.   Affected…