Today > 13 Critical | 40 High | 37 Medium vulnerabilities - You can now download lists of IOCs here!
4 attack reports | 32 vulnerabilities
A sophisticated scam targeting Web3 professionals has been identified, involving the Realst crypto stealer malware with variants for both macOS and Windows. The threat actors have created fake companies using AI-generated content to appear legitimate, cycling through various names like Meetio, Clus…
A malicious version of the popular AI library ultralytics was published on PyPI, containing downloader code for the XMRig coinminer. The compromise was achieved by exploiting a known GitHub Actions script injection. Two versions, 8.3.41 and 8.3.42, were affected before a clean version 8.3.43 was re…
The Termite ransomware, a rebranded version of Babuk, recently targeted supply chain management platform Blue Yonder. This new strain employs advanced tactics, including double extortion, to maximize its impact. Upon execution, it terminates services, deletes shadow copies, empties the recycle bin,…
Threat actors exploit high-profile events like global sporting championships to launch attacks through phishing and scams. The analysis focuses on trends in domain registrations, DNS traffic, URL traffic, active domains, verdict change requests, and domain textual patterns. Case studies include obs…