ALL POSTS

Key Findings: Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have targeted the defense industrial base (DIB) sector. The adversarial targeting is centered around four key themes: striking defense entities in the Russia-Ukraine War, approaching employees and exploiting the hiring process, using edge devices/appliances for initial access, and supply chain risk from manufacturing breaches. Notable threat actors

Key Findings A vulnerability in the AWS Console supply chain, dubbed "CodeBreach," could have allowed attackers to seize control of critical AWS infrastructure. The flaw stemmed from a seemingly minor misconfiguration in a regular expression (regex) used to filter pull requests in AWS CodeBuild pipelines. The lack of "start ^ and end $ anchors" in the regex pattern enabled malicious actors to bypass the filter and trigger privileged builds. Wiz researchers were able to exploi

Here is the article with the key findings in bullet point format, the background as the first major point, and the headers formatted with ##: Key Findings Threat actors uploaded 8 malicious packages on the npm registry masquerading as n8n workflow automation integrations to steal OAuth credentials One such package, "n8n-nodes-hfgjf-irtuinvcm-lasdqewriit", mimicked a Google Ads integration and prompted users to link their advertising account to siphon the credentials This atta

Key Findings China-linked APT24 group used supply-chain attacks and multiple techniques over three years to deploy the BadAudio downloader and additional malware payloads The group shifted from broad web compromises to more advanced techniques targeting Taiwan, including repeated supply-chain attacks through a compromised marketing firm and spear-phishing attacks BadAudio is a custom C++ first-stage downloader that pulls an AES-encrypted payload from a fixed C2 server and run

Key Findings Seven npm packages published by a threat actor using the alias "dino_reborn" were found to be part of a highly coordinated malware campaign The packages use Adspect-powered cloaking, anti-analysis JavaScript, and fake CAPTCHA interfaces to funnel unsuspecting victims toward malicious payloads while hiding their activity from security researchers The threat actor built an entire fake website to serve security researchers while real victims are redirected through a