top of page
ALL POSTS
Google Attributes Axios npm Supply Chain Attack to North Korean APT UNC1069
Key Findings Google Threat Intelligence Group attributed the Axios npm supply chain attack to UNC1069, a financially motivated North Korean threat group active since at least 2018 Attackers compromised maintainer Jason Saayman's npm account and published two malicious Axios versions (1.14.1 and 0.30.4) within an hour The attack injected a malicious dependency called "plain-crypto-js" that deployed a cross-platform remote access trojan targeting Windows, macOS, and Linux Given
Apr 13 min read
TrueConf Zero-Day Vulnerability Exploited in Targeted Attacks Against Southeast Asian Government Infrastructure
Key Findings High-severity zero-day vulnerability CVE-2026-3502 (CVSS 7.8) in TrueConf video conferencing software exploited against Southeast Asian government networks in campaign dubbed TrueChaos Flaw allows attackers controlling on-premises TrueConf servers to distribute tampered updates and execute arbitrary code on all connected endpoints Patched in TrueConf Windows client version 8.5.3 released earlier this month Campaign attributed with moderate confidence to Chinese-n
Mar 312 min read
Lloyds Group to Compensate 450,000 Customers Following Data App Glitch
Key Findings Software defect during routine overnight app update on 12 March exposed financial data for 447,936 customers across Lloyds, Halifax, and Bank of Scotland Privacy barriers between accounts failed for several hours, allowing customers to see strangers' transactions or have their own data exposed Over 114,000 users clicked on rogue transactions and may have viewed sensitive information including National Insurance numbers, payment references, and account details Dat
Mar 293 min read
European Commission Data Breach: ShinyHunters Claims 350GB Hack of AWS Cloud Infrastructure
Key Findings ShinyHunters claims to have breached European Commission systems and stolen over 350GB of data Alleged data includes mail server dumps, databases, confidential documents, and contracts The European Commission confirmed detecting a cyberattack on March 24 affecting cloud infrastructure hosting Europa.eu websites Internal systems were not compromised according to the Commission's investigation AWS denies any security incident occurred within its cloud environment N
Mar 283 min read
Triangulation Operation: the framework known as Coruna
Key Findings Coruna iOS exploit kit uses an updated version of the kernel exploit from Operation Triangulation, a sophisticated 2023 iOS APT campaign The exploit kit includes five full exploit chains and 23 total exploits, targeting iOS 13.0 through 17.2.1 Coruna contains four additional kernel exploits not seen in Triangulation, two developed after the original campaign's discovery Code analysis reveals Coruna was designed with unified architecture rather than patchworked co
Mar 264 min read
AI-Powered Phishing Campaign Breaches Hundreds of Organizations Worldwide
Key Findings Hundreds of organizations compromised through AI-generated phishing campaign leveraging Railway cloud platform Attackers achieved massive scale increase starting March 3, with 50+ new compromises daily as of late March Campaign exploits Microsoft device authentication flow, granting 90-day OAuth tokens without passwords or MFA Affected sectors include construction, law, nonprofits, real estate, manufacturing, finance, healthcare, and government Huntress identifie
Mar 243 min read
Russian Intelligence Suspected in WhatsApp and Signal Phishing Campaign Targeting Mass Users
Key Findings Russian Intelligence Services-linked actors are conducting phishing campaigns targeting Signal and WhatsApp accounts of high-value targets including U.S. government officials, military personnel, politicians, and journalists Thousands of accounts have already been compromised worldwide through these operations Attackers bypass encryption by hijacking accounts rather than breaking encryption itself, using phishing to trick users into sharing verification codes or
Mar 223 min read
Trivy Security Scanner GitHub Actions Breach: 75 Tags Hijacked for CI/CD Secret Theft
Key Findings * Trivy GitHub Actions repositories compromised for second time in a month * 75 out of 76 version tags force-pushed with malicious payload * Attacker aims to steal CI/CD secrets including cloud credentials, cryptocurrency wallets * Likely perpetrated by TeamPCP threat actor group * Compromise stems from incomplete mitigation of previous security incident Background The Trivy vulnerability scanner, maintained by Aqua Security, has experienced a significant securit
Mar 202 min read
DoJ Dismantles Massive IoT Botnet Network Responsible for Global DDoS Attacks
Key Findings DoJ disrupted command-and-control infrastructure for 4 IoT botnets Botnets infected approximately 3 million devices worldwide Attacks measured up to 31.4 Tbps, causing potential massive internet disruption Botnets launched hundreds of thousands of DDoS attack commands Potential suspects include a 23-year-old Canadian and a 15-year-old German Multiple international law enforcement agencies and tech companies collaborated on the operation Background The botnet disr
Mar 202 min read
Telus Data Breach: ShinyHunters Claims 1 Petabyte Theft Confirmed
Key Findings * ShinyHunters claims to have stolen approximately 1 petabyte of data from Telus Digital * Breach discovered through stolen Google Cloud Platform credentials from a previous Salesforce-related hack * Telus confirms unauthorized access to internal systems * No disruption to customer services reported * Investigations and forensic analysis are ongoing Background Telus Digital, a subsidiary of Canadian telecommunications giant Telus, provides business process outsou
Mar 142 min read
Weekly Update 488
Key Findings: A new cybersecurity incident involving a dating website called WhiteDate has been reported. Instagram has experienced a data breach where user information, including passwords, was scraped and made publicly available. Troy Hunt is currently in Oslo, Norway. Background The WhiteDate Breach WhiteDate is a dating website that has experienced a security breach. Details of the breach, including the extent of the data exposed, are still being investigated. The inciden
Jan 181 min read
Coupang Data Breach Exposes 33.7 Million South Korean Accounts
Key Findings Coupang, a major e-commerce company in South Korea, has suffered a massive data breach affecting over 33.7 million accounts - more than half of the country's population. The breach was initially detected on November 18, 2025, when suspicious activity was observed on around 4,500 accounts. Further investigation revealed that the breach actually dated back to late June 2025 and had compromised the personal information of nearly the entire Coupang user base. Exposed
Dec 2, 20253 min read
OpenAI Assures Customers After Mixpanel Breach Exposes Some API User Data
Key Findings OpenAI confirmed a data breach involving its third-party analytics provider Mixpanel The breach exposed limited API user metadata like names, emails, locations, and browser info No passwords, API keys, chat content, or payment data were involved Regular ChatGPT users were not affected, only those interacting with the OpenAI API Background OpenAI, the company behind the popular AI assistant ChatGPT, has confirmed a data breach involving Mixpanel, a third-party ana
Nov 27, 20252 min read
Zoom Accuses State-Sponsored Hackers for Recent Cybersecurity Incident
Background In September 2025, SonicWall, a cybersecurity firm, disclosed a security breach that exposed firewall configuration files tied to MySonicWall accounts. The company initially claimed that less than 5% of customers were impacted, and no files were leaked. However, in October, SonicWall confirmed that threat actors had accessed the preference files of all firewalls using its MySonicWall cloud backup service. Key Findings The stolen files contained encrypted credential
Nov 6, 20252 min read
bottom of page
