The Akira ransomware group has demonstrated a highly efficient attack lifecycle, significantly reducing the time from initial network compromise to data encryption to under four hours, according to findings released by cybersecurity firm Halcyon. This rapid approach allows the group to maximize disruption and pressure victims into paying ransoms. Active…

A sophisticated supply chain attack targeting the widely adopted JavaScript library Axios has been detailed, with Microsoft Threat Intelligence analysts attributing the compromise to North Korean state-sponsored actors. The attack, which came to light on March 31, 2026, involved malicious code embedded in two versions of the Axios npm package,…

A sophisticated Android rootkit, identified as NoVoice, has infiltrated over 50 applications on Google Play, impacting more than 2.3 million devices globally. This stealthy malware, tracked as Operation NoVoice, leverages 22 exploits to gain full control of infected devices without triggering any immediate alarms, marking it as a significant threat…

A sophisticated new malware campaign is actively leveraging WhatsApp to distribute malicious files directly to Windows users, exploiting the platform’s widespread trust and familiarity. Threat actors are sending Visual Basic Script (VBS) files through WhatsApp messages, preying on the likelihood that recipients will open attachments from seemingly safe sources. Once…

The sophisticated hacking group TA416 has escalated its espionage operations across Europe, employing a multi-stage approach that combines subtle web bug reconnaissance with insidious malware delivery. The China-aligned threat actor has been actively targeting government and diplomatic entities, particularly those affiliated with the EU and NATO, since mid-2025. This renewed…

Millions of Americans use mobile apps daily without thinking much about where their data actually goes. The Federal Bureau of Investigation has stepped forward to address that, issuing a stark warning about the potential security risks associated with mobile applications developed by foreign companies, particularly those based in China. The…

Cybersecurity researchers have identified a sophisticated campaign leveraging the Remcos RAT (Remote Control and Surveillance) that employs multi-stage obfuscation and trusted Windows binaries to achieve a stealthy, in-memory system compromise. This advanced attack chain begins with a deceptive phishing email and culminates in a deep system infiltration with minimal on-disk…

A sophisticated piece of malware, recently identified as EtherRAT, is employing the Ethereum blockchain to conceal its command-and-control (C2) infrastructure. This novel approach significantly complicates detection and disruption efforts by cybersecurity professionals. Identified by researchers, EtherRAT’s ability to leverage a decentralized ledger for its operational backbone poses a novel challenge…

A sophisticated software supply chain attack has compromised the widely used axios NPM package, leading to the distribution of the WAVESHAPER.V2 backdoor across Windows, macOS, and Linux systems. Released in versions 1.14.1 and 0.30.4, the poisoned package exploited the installation process to deliver malware, impacting numerous developers and downstream applications.…

Travelers are increasingly falling victim to a sophisticated online scam that exploits legitimate hotel booking workflows. Cybercriminals are hijacking reservation systems to send guests fake payment requests, often delivered through trusted communication channels. This emerging threat, dubbed the Reservation Hijack Scam, leverages accurate booking details to create convincing fraudulent messages,…

A sophisticated new Malware-as-a-Service (MaaS) platform, dubbed CrystalX, is being actively marketed to cybercriminals through private Telegram channels. This multifaceted threat combines a potent remote access trojan (RAT) with a suite of data-stealing and surveillance tools, making it a significant concern for cybersecurity professionals. Discovered in March 2026, CrystalX exemplifies…

A new sophisticated npm supply chain attack has been discovered, targeting Node.js developers with a malicious package masquerading as the official HTTP client library, undici. The package, named undicy-http, deceives developers into installing it, leading to potent compromises including screen streaming, remote access trojans, and browser credential theft. Researchers from…