#0240
Recorded Futureabout 2 months ago5 min▣LLM reporthigh In 2025, the Latin America and the Caribbean (LAC) region faced escalating cybercriminal activity driven by rapid digital adoption and economic instability. Threat actors heavily utilized Telegram and dark web forums to distribute ransomware, banking trojans, and infostealers, increasingly targeting the healthcare, manufacturing, and government sectors while adapting to law enforcement disruptions.
#0239
Cisco Talosabout 2 months ago4 min▣LLM reporthigh Advancements in AI have democratized Business Email Compromise (BEC) attacks, allowing threat actors to efficiently target smaller organizations with tailored social engineering. Concurrently, attackers are exploiting the React2Shell vulnerability (CVE-2025-55182) in Next.js applications to harvest cloud and database credentials, while Qilin ransomware has been observed deploying a sophisticated EDR-killing payload.
#0238
Elastic Security Labsabout 2 months ago5 min▣LLM reportcritical Suspected DPRK state actors compromised the highly popular Axios npm package by taking over a maintainer's account and publishing malicious versions that deployed a cross-platform RAT via a phantom dependency. Concurrently, a threat group named TeamPCP conducted a cascading supply chain attack affecting Trivy, LiteLLM, and Telnyx to harvest CI/CD credentials. These incidents underscore the critical need for automated package monitoring, rapid credential rotation, and delayed dependency updates.
#0237
Elastic Security Labsabout 2 months ago5 min▣LLM reporthigh This article details behavioral detection engineering strategies for Linux rootkits, emphasizing the failure of static signatures against trivial binary modifications. It provides actionable detection logic for userland and kernel-space rootkits, including emerging threats leveraging eBPF and io_uring, alongside common persistence and defense evasion techniques.
#0236
Akamaiabout 2 months ago2 min▣LLM reportlow This article is a high-level overview of digital transformation trends in Africa, focusing on the need for secure, scalable, and flexible cloud architectures. It highlights Akamai's solutions and upcoming presence at GITEX AFRICA 2026, containing no specific threat intelligence or technical indicators.
#0235
Canadian Centre for Cyber Securityabout 2 months ago4 min▣LLM reporthigh The Canadian Centre for Cyber Security issued two security advisories. Apple released extensive updates across its operating systems to mitigate vulnerabilities, specifically targeting web attacks from the DarkSword iOS exploit kit. WatchGuard patched an Arbitrary File Write via Path Traversal vulnerability affecting the Fireware Web UI in multiple versions of Fireware OS.
#0234
CISAabout 2 months ago3 min▣LLM reporthigh CISA has added CVE-2026-3502, a vulnerability in TrueConf Client involving the download of code without integrity checks, to its Known Exploited Vulnerabilities (KEV) Catalog due to active exploitation. Organizations are strongly urged to prioritize timely remediation to reduce their exposure to potential cyberattacks.
#0233
Recorded Futureabout 2 months ago2 min▣LLM reportinfo The article introduces the concept of 'Quantum Geopolitics' to describe the current fluid and interconnected state of international relations. It emphasizes that cybersecurity is now a core enterprise risk, requiring organizations to adopt continuous scenario planning, invest in operational resilience, and improve cross-functional communication to navigate geopolitical uncertainties.
#0232
Recorded Futureabout 2 months ago4 min▣LLM reporthigh The payment fraud ecosystem has industrialized through Malware-as-a-Service e-skimmer kits, automated card testing, and scalable purchase scams. This standardization allows defenders to proactively detect and map fraudulent infrastructure upstream before monetization occurs, rather than relying solely on reactive transaction monitoring.
#0231
Trail of Bitsabout 2 months ago3 min▣LLM reportlow Trail of Bits has introduced MuTON and mewt, advanced mutation testing tools designed to identify untested code paths in smart contracts and blockchain applications. These tools leverage Tree-sitter for accurate syntax parsing and integrate with AI agents to optimize testing configurations and triage results, addressing the historical performance limitations of mutation testing.
#0230
Microsoftabout 2 months ago7 min▣LLM reportcritical On March 31, 2026, the popular Axios npm package was compromised in a supply chain attack attributed to North Korean threat actor Sapphire Sleet. Malicious versions 1.14.1 and 0.30.4 included a fake dependency that silently executed a post-install script to download and install OS-specific Remote Access Trojans (RATs) on Windows, macOS, and Linux systems.
#0229
ANY.RUNabout 2 months ago7 min▣LLM reporthigh March 2026 saw a surge in sophisticated, multi-stage cyber attacks designed to evade early detection. Key threats included OAuth device code phishing (EvilTokens) for M365 account takeover, registry-hidden RAT staging (RUTSSTAGER), macOS backdoors delivered via ClickFix lures, and resilient botnets utilizing Dead Drop Resolvers.
#0228
Elastic Security Labsabout 2 months ago6 min▣LLM reportcritical A compromised maintainer account for the widely used axios npm package published backdoored versions that deliver a cross-platform Remote Access Trojan (RAT). The malicious payload, triggered via a postinstall hook in a decoy dependency, deploys identical C2 frameworks across Windows, macOS, and Linux systems while employing anti-forensic techniques to hide its tracks.
#0227
Elastic Security Labsabout 2 months ago6 min▣LLM reportcritical A critical supply chain attack compromised the popular Axios npm package, utilizing a malicious transitive dependency to execute cross-platform payloads during installation. The attack targets Linux, Windows, and macOS systems, deploying OS-specific Remote Access Trojans (RATs) capable of host profiling, command execution, and follow-on payload delivery. Detection engineering efforts should focus on anomalous process ancestry, such as Node.js spawning native OS shells to retrieve and background remote payloads.
#0226
Canadian Centre for Cyber Securityabout 2 months ago3 min▣LLM reportcritical The Canadian Centre for Cyber Security issued an advisory regarding a critical vulnerability in Google Chrome (CVE-2026-5281) that is currently being exploited in the wild. Organizations are urged to update Chrome for Desktop to the latest stable versions to mitigate this active threat.
#0225
CISAabout 2 months ago3 min▣LLM reporthigh CISA has added CVE-2026-5281, a Use-After-Free vulnerability in Google Dawn, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Organizations are strongly urged to prioritize timely remediation to reduce exposure to cyberattacks.
#0224
Zscaler ThreatLabzabout 2 months ago4 min▣LLM reporthigh Anthropic accidentally leaked the source code for its Claude Code CLI tool via an npm package source map. Threat actors are exploiting the high interest in this leak by creating fake GitHub repositories that distribute a Rust-based dropper, which subsequently installs Vidar infostealer and GhostSocks proxy malware on developer workstations.
#0223
Varonisabout 2 months ago5 min▣LLM reporthigh Storm is a new Windows-based infostealer that evades endpoint detection by offloading browser credential decryption to attacker-controlled servers. It features an automated session hijacking capability that restores stolen cookies via SOCKS5 proxies, granting attackers immediate authenticated access to enterprise SaaS and cloud environments while bypassing MFA.
#0222
Trend Microabout 2 months ago3 min▣LLM reportinfo TrendAI presented research at RSAC 2026 highlighting the dual emergence of autonomous, agentic AI-driven cybercrime and systemic vulnerabilities in cyber-physical systems like EV charging infrastructure. The findings emphasize the necessity for organizations to adopt machine-speed, AI-driven defenses and comprehensive frameworks like NIST IR 8473 to mitigate these rapidly evolving threats.
#0221
Socketabout 2 months ago6 min▣LLM reportcritical The official Telnyx Python SDK on PyPI was compromised by the threat actor TeamPCP, who published malicious versions (4.87.1 and 4.87.2) containing credential-harvesting malware. The malware executes upon module import, utilizing audio steganography to deliver OS-specific payloads: a fileless in-memory harvester for Linux/macOS and a persistent binary for Windows, with exfiltrated data secured via hybrid encryption.