ALL POSTS

Key Findings * FBI investigating malware spread through eight Steam games * Timeframe of infection: May 2024 to January 2026 * Games include BlockBlasters, Chemia, Dashverse/DashFPS, Lampy, Lunara, PirateFi, and Tokenova * Investigation focuses on cryptocurrency theft and account hijacking * Victims invited to voluntarily provide information to aid investigation Background The FBI's Seattle Division has launched a comprehensive investigation into malicious Steam games that ha

Here's the article in the requested format: Key Findings * Android 17 Beta 2 blocks non-accessibility apps from using Accessibility Services API * Advanced Protection Mode (AAPM) automatically revokes permissions for non-accessibility tools * Only verified accessibility tools can use the API when AAPM is enabled * Targets malware that has historically abused accessibility services for data theft Background Android's Accessibility Services API has long been a double-edged swor

Key Findings Payload Ransomware claims to have breached Royal Bahrain Hospital (RBH) 110 GB of data allegedly stolen Threat to release data if ransom not paid by March 23, 2026 Attack targets a healthcare facility serving multiple Middle Eastern countries Background Royal Bahrain Hospital, established in 2011, is a 70-bed healthcare facility providing comprehensive medical services including surgery, maternity care, and diagnostics. Located in Bahrain, the hospital serves pat

Here's the markdown-formatted article based on the source material: Key Findings OpenClaw AI agent has multiple critical security vulnerabilities Prompt injection attacks can lead to data exfiltration and unauthorized system access Chinese authorities have moved to restrict OpenClaw usage in government and military environments Malicious actors are exploiting the platform's popularity to distribute malware Background OpenClaw is an open-source, self-hosted autonomous AI agent

Key Findings * Divine Skins data breach exposed 105,814 user accounts * Unauthorized third party accessed systems and deleted all skins from database * Exposed data included email addresses, usernames, and purchase history * Breach disclosed via Discord server in March 2026 Background Divine Skins is a custom League of Legends skin service that allows players to modify their in-game character appearances. The platform has been operating for several years, providing unique cos

Key Findings * GlassWorm campaign identified targeting developers through 72 malicious Open VSX extensions * Uses sophisticated supply-chain attack technique exploiting extension dependencies * Targets development environments to steal secrets and compromise systems * Employs advanced obfuscation and evasion techniques * Spans multiple platforms including Open VSX, GitHub, and npm registries Background The GlassWorm campaign represents an evolving threat in software supply ch

Key Findings * ShinyHunters claims to have stolen approximately 1 petabyte of data from Telus Digital * Breach discovered through stolen Google Cloud Platform credentials from a previous Salesforce-related hack * Telus confirms unauthorized access to internal systems * No disruption to customer services reported * Investigations and forensic analysis are ongoing Background Telus Digital, a subsidiary of Canadian telecommunications giant Telus, provides business process outsou

Key Findings Hive0163 uses AI-assisted Slopoly malware for persistent access in ransomware attacks PowerShell backdoor likely generated using a large language model (LLM) Malware maintains C2 access, collects system data, and executes remote commands Part of a broader attack framework involving NodeSnake and Interlock RAT Initial access achieved through social engineering and malvertising Background Hive0163 is a financially motivated threat actor specializing in post-comprom

Key Findings * Nine critical vulnerabilities discovered in Linux AppArmor security module * Enables root escalation and container isolation bypass * Affects Linux kernels since version 4.11 * Impacts over 12.6 million enterprise Linux instances * Allows unprivileged users to manipulate security profiles * Can trigger denial-of-service attacks * Enables arbitrary code execution within kernel * No CVE identifiers assigned yet * Vulnerabilities exist since 2017 Background AppArm

Key Findings * Attackers are exploiting Cloudflare's human verification system to hide phishing pages * Custom virtual machine function used to obfuscate malicious code * Targets Microsoft 365 login credentials * Employs sophisticated evasion techniques against security scanners * Uses location-based filtering to block security researchers Background Cybercriminals have developed an innovative method of hiding phishing websites by leveraging Cloudflare's Turnstile verificatio

Key Findings Apple released security updates for older iOS and iPadOS versions to address vulnerabilities in the Coruna exploit kit Updates cover devices that cannot upgrade to the latest iOS versions Patches address multiple vulnerabilities, including WebKit and kernel-related issues Coruna exploit kit targets iOS versions 13.0 through 17.2.1 with 23 total exploits Background The Coruna exploit kit, also known as CryptoWaters, was first identified by Google's Threat Intellig

Key Findings * International law enforcement dismantled SocksEscort proxy network * Network compromised approximately 369,000 IP addresses worldwide * Cybercriminals used service to route fraudulent activities and hide identity * $3.5 million in cryptocurrency seized * Infected over 8,000 home and small business routers * Caused millions in financial losses across multiple victims Background SocksEscort operated as a malicious proxy service from 2009, systematically infecting

Key Findings * Bell Ambulance experienced a data breach affecting 237,830 individuals * Unauthorized network access occurred in February 2025 * Medusa ransomware group claimed responsibility for the attack * Exposed data includes personal, financial, and medical information * Company offered 12 months of free credit monitoring to affected individuals Background Bell Ambulance is an emergency medical services provider based in Milwaukee, Wisconsin. The organization offers ambu

Key Findings * Critical remote code execution vulnerability in n8n workflow platform * CVE-2025-68613 added to CISA's Known Exploited Vulnerabilities (KEV) catalog * 24,700 unpatched instances exposed online * Vulnerability allows authenticated attackers to execute arbitrary code * FCEB agencies ordered to patch by March 25, 2026 Background n8n is an open-source workflow automation platform that allows users to connect different applications and services. The vulnerability ex

Key Findings * UNC6426 breached a victim's cloud environment within 72 hours * Supply chain attack compromised nx npm package in August 2025 * Stolen GitHub token used to gain unauthorized cloud access * Threat actor created new AWS administrator role * Exfiltrated data from S3 buckets and destroyed production environments * AI-assisted attack leveraged LLM tools for credential theft Background The incident originated from a supply chain vulnerability in the nx npm package di

Key Findings * Iran-linked Handala Hack Team claims cyberattacks against Stryker Corporation and Verifone on March 11 * Stryker confirms a network disruption; Verifone denies any breach * Handala claims to have wiped 200,000 systems and extracted 50 terabytes of data from Stryker * The group alleges the attack was retaliation for a missile strike on an Iranian school * Verification of claims is ongoing and independent confirmation is pending Background The Handala Hack Team,

Key Findings BeatBanker is an Android malware that combines banking trojan capabilities with cryptocurrency mining. It spreads through fake Starlink apps distributed on websites imitating the Google Play Store. Once installed, BeatBanker hijacks devices, steals login credentials, and tampers with cryptocurrency transactions. The malware uses a silent audio loop to maintain persistence and avoid being shut down by the system. In newer versions, BeatBanker has replaced the bank

Key Findings Microsoft released patches for 84 new security vulnerabilities affecting various software components 8 vulnerabilities are rated Critical, and 76 are rated Important in severity 46 of the patched vulnerabilities relate to privilege escalation, followed by 18 remote code execution, 10 information disclosure, 4 spoofing, 4 denial-of-service, and 2 security feature bypass flaws 2 publicly disclosed zero-days are included: CVE-2026-26127 (CVSS 7.5) - Denial-of-servic

Key Findings APT28, a Russian state-sponsored hacking group, has been observed using a pair of custom malware implants called BEARDSHELL and COVENANT for long-term surveillance of Ukrainian military personnel since April 2024. The malware families showcase the group's continued capabilities in developing advanced custom tools for espionage operations. BEARDSHELL is a C++ backdoor that downloads and executes PowerShell scripts, sending results via the Icedrive cloud storage se

Key Findings Microsoft released its monthly security update for March 2026, addressing 79 vulnerabilities 3 vulnerabilities were marked as "critical" by Microsoft Remaining vulnerabilities were classified as "important" Microsoft assessed that exploitation of the "critical" vulnerabilities is "less likely" Background CVE-2026-26110 and CVE-2026-26113 are "critical" Microsoft Office Remote Code Execution Vulnerabilities CVE-2026-26144 is a "critical" information disclosure vul