Latest Threat Intel

The U.S. Treasury Department imposed sanctions on two North Korean financial institutions and eight individuals involved in laundering cryptocurrency stolen in cybercrime and fraudulent IT worker schemes. The Treasury’s Office of Foreign Assets Control (OFAC) designated Ryujong Credit Bank, a North Korea-based financial institution linked to sanctions-evasion activities between North Korea and China, including money

The Apache Software Foundation disputes claims that its OpenOffice project suffered an Akira ransomware attack, after the threat actors claimed to have stolen 23 GB of corporate documents. Apache OpenOffice is a free, open-source office suite that includes word processing, spreadsheets, presentations, graphics, and database tools. It’s compatible with major file formats, such as Word

Threat actors are actively exploiting a critical vulnerability in the Post SMTP plugin installed on more than 400,000 WordPress sites, to take complete control by hijacking administrator accounts. Post SMTP is a popular email delivery solution marketed as a feature-rich and more reliable replacement of the default ‘wp_mail()’ function. On October 11, WordPress security firm

Hundreds of malicious Android apps on Google Play were downloaded more than 40 million times between June 2024 and May 2025, notes a report from cloud security company Zscaler. During the same period, the company observed a 67% year-over-year growth in malware targeting mobile devices, with spyware and banking trojans being a prevalent risk. Telemetry data

The Swedish Authority for Privacy Protection (IMY) is investigating a cyberattack on IT systems supplier Miljödata that exposed data belonging to 1.5 million people. Miljödata is an IT systems supplier for roughly 80% of Sweden’s municipalities. The company disclosed the incident on August 25, saying that the attackers stole data and demanded 1.5 Bitcoin to

Threat actors are targeting a critical vulnerability in the JobMonster WordPress theme that allows hijacking of administrator accounts under certain conditions. The malicious activity was detected by Wordfence, a WordPress security firm, after blocking multiple exploit attempts against its clients over the past 24 hours. JobMonster, created by NooThemes, is a premium WordPress theme used

Threat actors are targeting freight brokers and trucking carriers with malicious links and emails to deploy remote monitoring and management tools (RMMs) that enable them to hijack cargo and steal physical goods. Researchers tracked the activity to June, but they found evidence of these types of campaigns delivering NetSupport and ScreenConnect since January.  According to email security

Three former employees of cybersecurity incident response companies DigitalMint and Sygnia have been indicted for allegedly hacking the networks of five U.S. companies in BlackCat (ALPHV) ransomware attacks between May 2023 and November 2023. 28-year-old Kevin Tyler Martin of Roanoke, Texas (who pleaded not guilty), 33-year-old Ryan Clifford Goldberg of Watkinsville, Georgia (in federal custody

A remote access trojan dubbed SleepyDuck, and disguised as the well-known Solidity extension in the Open VSX open-source registry, uses an Ethereum smart contract to establish a communication channel with the attacker. Open VSX is a community-driven registry for extensions compatible with VS Code, which are popular with AI-powered integrated development environments (IDEs) like Cursor and Windsurf.

Microsoft security researchers have discovered a new backdoor malware that uses the OpenAI Assistants API as a covert command-and-control channel. The company’s Detection and Response Team (DART) discovered the new malware, named SesameOp, during an investigation into a July 2025 cyberattack, which revealed that the malware allowed attackers to gain persistent access to the compromised