TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file. [...]
Chinese APT Red Menshen's super-advanced BPFdoor malware defeats traditional cybersecurity protections. All telcos can do, really, is try hunting it down.
Other noteworthy stories that might have slipped under the radar: Heritage Bank data breach, new State Department unit tackles cyber threats, LA Metro disruptions. The post In Other News: Palo Alto Recruiter Scam, Anti-Deepfake Chip, Google Sets 2029 Quantum Deadline appeared first on SecurityWeek.
World Leaks is a cyber extortion operation that steals sensitive data from organizations and threatens to leak it via the dark web if a ransom is not paid. Read more in my article on the Fortra blog.
The United Kingdom's Foreign, Commonwealth and Development Office (FCDO) has sanctioned Xinbi, a Chinese-language cryptocurrency-based online marketplace that sells stolen data and satellite internet equipment to scam networks in Southeast Asia. [...]
The state-sponsored threat actor deployed kernel implants and passive backdoors enabling long-term, high-level espionage. The post Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure appeared first on SecurityWeek.
Russian police arrested a Taganrog resident believed to be the owner of LeakBase, a major online forum used by cybercriminals to buy and sell stolen data and hacking tools. [...]
An Armenian suspect was extradited to the United States to face criminal charges for allegedly helping manage RedLine, one of the most prolific infostealer malware operations in recent years. [...]
Halcyon and Beazley Security track the return of Iranian ransomware group Pay2Key
Hambardzum Minasyan of Armenia has been accused of being involved in the development and administration of the infostealer malware. The post Alleged RedLine Malware Administrator Extradited to US appeared first on SecurityWeek.
A new info-stealing malware called Torg Grabber is stealing sensitive data from 850 browser extensions, more than 700 of them for cryptocurrency wallets. [...]
Organizations disclose attack details, though information may be limited, following a breach, but what if they did the same with close calls?
Python package LiteLLM compromised with credential-stealing malware linked to TeamPCP threat group
The U.S. Department of Justice (DoJ) said a Russian national has been sentenced to two years in prison for managing a botnet that was used to launch ransomware attacks against U.S. companies. Ilya Angelov, 40, of Tolyatti, Russia, was also fined $100,000. Angelov, who went by the online aliases "milan" and "okart," is said to have co-managed a Russia-based cybercriminal group known as TA551 (aka
TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor. Multiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published on March
A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the bring your own vulnerable driver (BYOVD) technique. "The campaign abuses Google Ads to serve rogue ScreenConnect (
An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers. "The campaign uses highly obfuscated VBScript files disguised as resume/CV documents, delivered through phishing emails," Securonix researchers Shikha Sangwan, Akshay Gaikwad, and Aaron Beardslee said in a report shared
Silver Fox pivots from ValleyRAT tax lures to WhatsApp‑style stealers, blending espionage & phishing
Ghost npm campaign fakes install logs to steal sudo passwords and drop RATs that loot crypto and data
Unfortunately, there aren't many options unless you're Starlink Citing national security fears, America is effectively banning any new consumer-grade network routers made abroad.…