DPRK FAMOUS CHOLLIMA OPSEC failure exposes npm publisher IPs through public disposable inboxes
Affected ecosystem: npm registry and developer tooling supply chainPrimary issue: OPSEC leakage from disposable email inbox exposure combined with npm publish notification metadataExploitation status: Observed in the wild (malicious npm…
FAMOUS CHOLLIMA: DPRK employment fraud and developer-lure intrusion set
Metadata Executive Summary FAMOUS CHOLLIMA is a DPRK-aligned activity cluster that multiple vendors associate with job-themed social engineering, developer targeting, and monetisation that can include cryptocurrency theft and credential collection.…
Akamai SIRT Identifies Zerobot Botnet Exploiting n8n and Tenda Vulnerabilities
Akamai SIRT identifies Mirai variant campaign actively targeting critical RCE flaws in automation platforms and routers Mirai #Zerobot #Botnet #n8n #Tenda #CVE-2025-68613 #CVE-2025-7544 Affected productsn8n workflow automation platform (versions 0.211.0…
AirSnitch: Client isolation in Wi-Fi is not delivering the security most defenders expect
NDSS 2026 research shows practical injection and machine-in-the-middle paths across WPA2/WPA3, guest SSIDs, and enterprise multi-AP deployments Network security | Wi-Fi | WPA2 | WPA3 | Passpoint | MitM |…
Vshell (VShell): a Mandarin-language C2 framework surfacing alongside Cobalt Strike on exposed infrastructure
Censys has reported on Vshell (often stylised “VShell”), a Go-based command-and-control (C2) platform used for post-compromise host management, pivoting, and proxying, and increasingly visible on internet-facing infrastructure, sometimes alongside Cobalt…
Preventing the Access That Powers Ransomware Lateral Movement (Part 2/2)
Designing upstream controls that cut off access brokers, endpoint breakout, and perimeter device exploitation before T1021 starts Download MITRE ATT&CK Navigator TTPs as as JSON Layer / Excel Executive Summary…
Ransomware Lateral Movement in 2026: Detection Opportunities (Part 1/2)
TLP:CLEAR | 27 February 2026 Ransomware lateral movement techniques in 2026 are increasingly identity-led, cloud-aware, and executed through legitimate admin channels, forcing defenders to prioritise high-fidelity telemetry, behavioural analytics, and…
Security debt surges as legacy vulnerabilities accumulate
Veracode’s 2026 State of Software Security finds remediation capacity falling behind development velocity, with third-party components driving the longest-lived high-risk exposure. Enterprise application portfolios are carrying record levels of long-standing…
Scattered Lapsus$ Hunters recruits women for paid helpdesk vishing
Executive Summary Scattered Lapsus$ Hunters (SLH, also styled SLSH in some reporting) is advertising for female callers to conduct vishing against IT helpdesks, offering $500 to $1,000 per call and…
Scattered Spider threat actor profile
Scattered Spider is a financially motivated eCrime collective best known for high-success social engineering against enterprise IT help desks, often enabling account takeover in SSO and hybrid environments and progressing…