Massive npm Supply Chain Attack Hits Red Hat Packages, Steals Cloud and Developer Credentials Credential Access CyberDefenderJune 4, 2026June 4, 202611 mins0 The software supply chain has once again emerged as a critical front line for enterprise security, highlighted…continue reading..
Massive NPM Supply Chain Attack Weaponizes @antv Packages to Hijack GitHub Actions and Cloud Workloads Credential Access CyberDefenderMay 21, 2026May 21, 202612 mins0 Security researchers have identified an active, highly sophisticated supply chain attack targeting the widely used @antv node…continue reading..
Cybercriminals Hide PureLogs Malware Inside Cat Images Using Advanced Steganography Loader “PawsRunner” Credential Access CyberDefenderMay 19, 2026May 19, 20269 mins0 Cybercriminals are increasingly moving away from obvious malware delivery techniques and adopting stealthier methods designed to bypass…continue reading..
Massive npm Supply Chain Attack Uses Tor-Powered Malware to Hijack Developer Accounts and Spread Across Trusted Packages Command and Control CyberDefenderMay 15, 2026May 15, 202611 mins0 The JavaScript and npm ecosystem has become one of the most aggressively targeted software supply chain environments…continue reading..
Cyber Alert: AMOS Infostealer Dominates macOS Threats by Using Deceptive ‘ClickFix’ Lures to Bypass System Defenses Command and Control CyberDefenderMay 15, 2026May 15, 202615 mins0 Modern enterprise security boundaries are increasingly defined by the endpoints navigating them, and macOS environments are no…continue reading..
TeamPCP Exploits CI/CD Trust to Hijack PyPI, Docker Hub, and GitHub Actions in Coordinated Supply Chain Campaign Credential Access CyberDefenderMay 15, 2026May 15, 202613 mins0 TeamPCP, a financially motivated threat cluster tracked as SHADOW-WATER-058, orchestrated a highly coordinated supply chain poisoning campaign…continue reading..
VoidStealer Breaks Chrome Security Barrier, Exposes Millions of Browser Sessions to Theft Credential Access CyberDefenderMay 8, 2026May 8, 20269 mins0 Google introduced Application-Bound Encryption (ABE) in Chrome 127 to strengthen the protection of sensitive browser data on…continue reading..
Cyberespionage Campaign Exposed: Russian-Language Lures Deploy Fileless Python Implant via GitHub Releases Collection CyberDefenderMay 8, 2026May 8, 20267 mins0 A recently uncovered cyberespionage campaign demonstrates the evolving sophistication of threat actors who leverage trusted infrastructure and…continue reading..
Automated Chinese Cybercrime Network ‘Paperclip’ Exposed: Industrial-Scale Exploitation Targets Web3 and Fintech Credential Access CyberDefenderMay 2, 2026May 2, 20268 mins0 Threat Research Team has identified a highly automated Chinese cybercrime infrastructure that blends large-scale exploitation with structured…continue reading..
Global Cyber Espionage Campaign Exposed: SHADOW-EARTH-053 Targets Governments and Critical Infrastructure Using Legacy Exploits Credential Access CyberDefenderMay 2, 2026May 2, 202611 mins0 The cyber threat landscape continues to evolve with increasing sophistication, and the emergence of SHADOW-EARTH-053 highlights how…continue reading..
