Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

12/02/2026 0 Comments 0 tags

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked

Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support

12/02/2026 0 Comments 0 tags

Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various

ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories

12/02/2026 0 Comments 0 tags

Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead of flashy new exploits, many operations are built around quiet misuse of

The CTEM Divide: Why 84% of Security Programs Are Falling Behind

12/02/2026 0 Comments 0 tags

A new 2026 market intelligence study of 128 enterprise security decision-makers (available here) reveals a stark divide forming between organizations – one that has nothing to do with budget size

83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure

12/02/2026 0 Comments 0 tags

A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) can be traced back to a single IP address on bulletproof

Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices

12/02/2026 0 Comments 0 tags

Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks. The vulnerability,

First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials

12/02/2026 0 Comments 0 tags

Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild. In this unusual supply chain attack detailed by Koi Security, an

APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities

11/02/2026 0 Comments 0 tags

Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows and Linux environments with remote access trojans capable of stealing sensitive data

Over 60 Software Vendors Issue Security Fixes Across OS, Cloud, and Network Platforms

11/02/2026 0 Comments 0 tags

It’s Patch Tuesday, which means a number of software vendors have released patches for various security vulnerabilities impacting their products and services. Microsoft issued fixes for 59 flaws, including six

Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments

11/02/2026 0 Comments 0 tags

Intentionally vulnerable training applications are widely used for security education, internal testing, and product demonstrations. Tools such as OWASP Juice Shop, DVWA, Hackazon, and bWAPP are designed to be insecure