PyPI
TRENDING TOPICS SEPT 18, 2025 PyPI Tokens Revoked After GhostAction Supply Chain Attack The Python Software Foundation has confirmed that all PyPI publishing tokens stolen in early September's GhostAction supply chain attack have been invalidated, with no evidence that they were used to publish malicious packages. The incident
EventFilter Defines the trigger condition using WQL queries. Monitors for system events like startup, logon, or specific process launches to ensure predictable activation. → EventConsumer Executes malicious payload when triggered. Includes CommandLineEventConsumer for process execution and ActiveScriptEventConsumer for fileless VBScript/JScript. → FilterToConsumerBinding Links filters to consumers, activating the subscription. Without this
FileFix
TRENDING TOPICS SEPT 17, 2025 FileFix Campaign Expands Fix Attack Family With StealC Delivery Acronis’ Threat Research Unit has documented the first real-world deployment of FileFix, a successor to the ClickFix social engineering technique. Unlike ClickFix, which tricks users into pasting malicious commands into the Windows Run dialog, FileFix abuses
AWSDoor
TRENDING TOPICS SEPT 16, 2025 AWSDoor: Post-Compromise Persistence Tool in AWS AWSDoor is a post-compromise tool first identified in recent years, designed to help attackers maintain access inside AWS environments after an initial breach. It does not directly break into accounts but instead abuses AWS-native services and permissions to remain
UNC6395
TRENDING TOPICS SEPT 15, 2025 Update: FBI Warns of Salesforce Data Theft by UNC6040 and UNC6395 The FBI has issued a FLASH advisory warning that two active threat clusters, UNC6040 and UNC6395, are breaching Salesforce environments to steal sensitive data and extort victims. UNC6040, first reported by Mandiant in June
C2 Channels ZynorRAT uses Telegram bots to relay commands and results; CHILLYHELL communicates with hardcoded IPs over HTTP or DNS. Both approaches exploit widely used services to bypass perimeter monitoring. File Access and Exfiltration ZynorRAT supports targeted file retrieval and streaming back to Telegram; CHILLYHELL can download payloads and upload
Apple
CVE-2025-48539 High Android Operating System USE-AFTER-FREE A use-after-free flaw in acl_arbiter.cc (SendPacketToPeer) can trigger an out-of-bounds read, enabling remote or adjacent attackers to achieve code execution without requiring user interaction or elevated privileges on Android devices. Mitigation: Update to the latest Android patch level immediately and enable runtime
EggStreme
TRENDING TOPICS SEPT 11, 2025 EggStreme: Fileless APT Framework Burrows into Philippine Defense EggStreme is a new, multi-stage toolkit tied to a Chinese state-aligned group that breached a Philippine military company to stay hidden and collect intelligence over time. After gaining initial access to the victim’s environment, the attack
Adversaries frequently abuse the Windows Run and RunOnce registry keys to establish persistence, ensuring payload execution at logon or startup while blending in with legitimate autostart behavior. This technique, long used by both commodity malware and APTs, offers stealth, durability, and low privilege requirements, making detection difficult without strong baselining
Apt41
TRENDING TOPICS SEPT 10, 2025 China-Linked APT41 Hackers Target U.S. Trade Officials Amid 2025 Negotiations The House Select Committee on China has issued a formal advisory warning of an ongoing cyber espionage campaign attributed to the China-linked threat group APT41, surfacing during a period of heightened U.S.–China
npm Packages
TRENDING TOPICS SEPT 09, 2025 Largest NPM Supply-Chain Attack Targets Crypto Transactions Hackers have hijacked 18 widely used npm packages, with a combined weekly download volume exceeding two billion, and injected them with obfuscated malware that directly targets cryptocurrency users and developers. The breach was traced to a phishing campaign
macOS
TRENDING TOPICS SEPT 08, 2025 Hackers Exploit Fake Microsoft Teams Site to Spread Odyssey macOS Stealer Security researchers have uncovered a large-scale campaign abusing a fraudulent Microsoft Teams download site to distribute the newly identified Odyssey stealer, a macOS malware family with extensive data theft capabilities. Hosted on the domain