Massive "Megalodon" Supply Chain Attack Hits 5,000 GitHub Repos; Lazarus Group & Iranian APTs Deploy New Malware

PureLogs Malware Variant Delivered via Multi-Stage Phishing Attack

Security researchers at FortiGuard Labs have uncovered a new phishing campaign distributing a variant of the PureLogs data-stealing malware. The attack begins with a deceptive email containing a malicious RAR archive. The attack chain involves obfuscated JavaS...

GlassWorm Malware Infrastructure Dismantled in Coordinated Takedown

A collaborative effort by CrowdStrike, Google, and the Shadowserver Foundation has successfully disrupted the command-and-control (C2) infrastructure of the GlassWorm malware campaign. Active since early 2025, GlassWorm targeted software developers using troja...

Taiwan's Government Issues Warning on Cybersecurity Risks of Chinese Mobile Apps

Taiwan's Ministry of Digital Affairs (MODA) has issued a public warning about the significant cybersecurity and data privacy risks associated with four popular Chinese-made mobile apps: Amap, bilibili, iQIYI, and BIMOBIMO. An investigation by the Administratio...

The Oncology Institute Confirms Patient Data Exposed in Vendor Supply Chain Breach

The Oncology Institute, a major US provider of cancer care, has confirmed that patient data was exposed due to a cybersecurity incident at one of its IT software vendors. The breach was first hinted at in an SEC filing in November 2025, but the vendor, through...

FBI Links "First VPN Service" to Ransomware Gangs and Dark Web Activity

The FBI has issued a public advisory linking the "First VPN Service" with a wide range of malicious cyber activities, including its use by ransomware gangs, botnet operators, and criminals on the dark web. The agency is urging organizations to implement a seri...

Israel's State Comptroller Report Reveals "Severe" Cybersecurity Gaps in Emergency Agencies

A damning report from Israel's State Comptroller, Matanyahu Englman, has exposed significant and widespread cybersecurity vulnerabilities across the country's emergency agencies and critical government bodies. The report highlights compromised databases, vulne...

Krispy Kreme Reaches $1.6M Settlement for 2024 Data Breach

Krispy Kreme has agreed to a $1.6 million class-action settlement following a 2024 cyberattack that exposed customer data, including names, Social Security numbers, and financial account information. Under the settlement, customers who can document financial l...

CISO Role Crisis: Demands, Legal Risks, and Shortages Make Position Untenable

Update:A recent report from Cybersecurity Ventures and Sophos quantifies the CISO crisis, revealing the average tenure for a CISO in a large enterprise has plummeted to just 18-26 months, significantly shorter than other C-suite roles. This high turnover is driven by...

Instructure Pays Off ShinyHunters to Delete Data of 275M Canvas Users

Update:Ed-tech giant Instructure is now facing multiple class-action lawsuits in the U.S. District Court in Utah. These legal actions allege negligence in protecting user data following the two data breaches on April 29 and May 7, 2026, which targeted the 'Free for T...

Iranian APT Screening Serpens Unleashes New RATs in Espionage Campaign Against US, Israel, and UAE

Update:Further analysis of the Screening Serpens campaign reveals additional methods for detecting AppDomainManager hijacking. Security teams should monitor for modifications to the registry key HKLM\SOFTWARE\Microsoft\.NETFramework\appDomainManagerAssembly and the e...

Megalodon Attack: 5,561 GitHub Repos Compromised in Automated CI/CD Onslaught

Update:Further analysis of the Megalodon supply chain attack reveals that the threat actor, TeamPCP, primarily utilized fake pull requests to inject malicious GitHub Actions workflows into over 5,500 public repositories. This method allowed the attackers to integrate...

Lazarus Group Unleashes 'RemotePE' Memory-Only RAT in Attacks on Financial and Crypto Firms

Update:Further details on the Lazarus Group's RemotePE campaign reveal new fraudulent domains, `calendly[.]live` and `picktime[.]live`, used in social engineering attacks. Attackers are impersonating trading firm employees on Telegram to lure victims to these malicio...