Technology

New GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware

Microsoft has taken apart a destructive Windows backdoor it calls GigaWiper. What stands out is how it is built: not one tool but three older destructive programs bolted into one, offered as commands the operator can choose from. Each is a different way to break a machine: wipe the whole disk, overwrite the Windows drive, […]

New GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware Read More »

Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs

Datadog Security Labs is warning of “several overlapping campaigns” that are systematically enumerating corporate GitHub organizations, repositories, and user accounts through the GitHub API. “Operators rely on automated scraping tooling with custom or legitimate-sounding user agents, leveraging GitHub ‘ghost’ accounts that are often years old, or compromised OAuth tokens and personal

Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs Read More »

ThreatsDay: Cloud Bucket Hijacking, Windows LPE Chain, Global Fraud Bust + 17 More Stories

Most security mess starts as admin work. A link gets clicked. A tool gets trusted. A bucket name gets reused. A setting stays loose because nobody wants to touch it. This week is full of that kind of damage. Not loud. Not clever. Just small gaps doing big jobs. The worst part is how normal it

ThreatsDay: Cloud Bucket Hijacking, Windows LPE Chain, Global Fraud Bust + 17 More Stories Read More »

npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk

GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access tokens (GATs) designed to bypass two-factor authentication (2FA). The Microsoft-owned subsidiary noted that the following npm install behaviors that used to run automatically before have been made opt-in – allowScripts defaults to off, meaning

npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk Read More »

AI Attacks Move in Minutes. Join This Webinar on Building a Defense That Keeps Up

AI has changed how fast attacks move. Work that once took an attacker days now takes minutes. Using models like Mythos, attackers write tailored bait, pick targets, test what lands, and jump to the next host before your team clears the first alert. That is the gap, and it is not your fault. The tools

AI Attacks Move in Minutes. Join This Webinar on Building a Defense That Keeps Up Read More »

New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware

AI coding assistants have a habit of making things up. Ask one to fetch a popular tool, and it will sometimes hand back a real-sounding name for a project that does not exist. New research, which its authors call HalluSquatting, turns that habit into an attack: work out the fake names an AI reliably invents, register

New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware Read More »

AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers

Sophos looked at a week of its own endpoint data and found that AI coding agents such as Claude Code, Cursor, and OpenAI Codex are setting off detection rules written to catch human intruders. The agents are not malicious. They just do a lot of things that, to a behavioral engine, look exactly like an

AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers Read More »

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

Ubiquiti has shipped updates to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation and arbitrary command execution. The list of vulnerabilities is as follows – CVE-2026-50746 (CVSS score: 10.0) – An improper access control vulnerability in UniFi Connect Application that

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS Read More »

New Ghost Phishing Wave Is Breaking Traditional Email Security

A recent EvilTokens campaign targeting businesses across the US and Europe is exposing a new email security blind spot. This “ghost phishing” technique keeps the malicious page hidden until it decrypts and comes to life inside the victim’s browser. For security leaders, the risk is clear: traditional URL checks may miss the attack while Microsoft

New Ghost Phishing Wave Is Breaking Traditional Email Security Read More »

SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users

A new banking fraudulent operation is targeting customers of Mexican banks, fintech, payment processors, and cryptocurrency exchanges using ClickFix lures. The activity cluster, tracked by Elastic Security Labs under the moniker REF6045, involves infecting victims through fake CAPTCHA verification pages that deceive them into running a malicious command that installs a PowerShell toolkit dubbed

SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users Read More »

Scroll to Top