Recent research has highlighted concerning vulnerabilities within GitHub Codespaces, specifically the potential for threat actors to exploit its legitimate features to distribute malware. GitHub Codespaces, a cloud-based development environment, allows users to write, debug, and commit code changes from a browser or integrated within Visual Studio Code. Among its functionalities…
A recent data breach involving Hello Gym has unveiled over 1.6 million audio recordings of its gym members, raising serious concerns about potential risks such as spear-phishing, deepfake impersonation, and identity theft. In an alarming cybersecurity incident, Hello Gym, a technology service provider for the fitness industry based in Minnesota,…
Bitdefender has detected a new fileless malware dubbed EggStreme, employed by a China-based advanced persistent threat (APT) group, targeting the Philippine military and various organizations across the Asia-Pacific region. Researchers from Bitdefender discovered the EggStreme malware framework during an investigation into a breach at a Philippine military contractor. The malware…
The group known as Silk Typhoon—previously referred to as Hafnium—has shifted its focus from exploiting vulnerabilities in Microsoft Exchange servers to targeting the information technology (IT) supply chain. This change in strategy aims to gain initial access to corporate networks, according to the Microsoft Threat Intelligence team’s recent report. Silk…
Ransomware Attack Strikes Highlands Oncology, Compromising Over 113,000 Patient Records Highlands Oncology, a healthcare provider based in the United States, has recently fallen victim to a significant ransomware attack that has compromised the personal information of more than 113,000 patients. This incident raises urgent concerns regarding the security of sensitive…
Recent findings from cybersecurity experts reveal a vulnerability in Google’s Quick Share data transfer tool for Windows, which can be manipulated to cause denial-of-service (DoS) issues or transmit files to users’ devices without their consent. This flaw underscores serious security concerns for users relying on this peer-to-peer file-sharing utility. Categorized…
A new cyber campaign known as Earth Bogle has emerged, showcasing the use of geopolitical themes to distribute the NjRAT remote access trojan across the Middle East and North Africa. This initiative underscores the evolving strategies employed by threat actors to exploit current events for malicious purposes. According to a…
Relevant topics include Third Party Risk Management, Cryptocurrency Fraud, and Fraud Management & Cybercrime. Developer Compromised by Phishing Attack Involving a Malicious Email Authored by Akshaya Asokan (asokan_akshaya), David Perera (@daveperera) • September 9, 2025 Image: Shutterstock An attacker compromised 18 widely-used npm packages by embedding cryptocurrency theft malware after…
The recent report emphasizes the significant yet often overlooked role of resellers and brokers in the spyware supply chain, describing this group as “a notably under-researched set of actors.” These intermediaries are said to obscure the relationships among vendors, suppliers, and buyers, frequently facilitating connections to emerging regional markets. Sarah…
