Poisoned npm WhatsApp API package steals messages, credentials and accounts
TL;DR A malicious npm package called lotusbail, downloaded over 56,000 times and available for roughly six months, impersonated a WhatsApp…
Pen testers say Eurostar accused them of ‘blackmail’ after chatbot flaws
TL;DR Security researchers at Pen Test Partners reported four vulnerabilities in Eurostar's public AI chatbot that could enable prompt injection,…
PRC-Nexus UNC6384 Campaign Hijacks Browsers, Delivers PlugX to Diplomats
TL;DR Google Threat Intelligence Group linked a multi-stage espionage campaign to PRC-nexus actor UNC6384 that targeted diplomats in Southeast Asia…
Mass Data Theft Hits Salesforce Instances Through Salesloft Drift Integration
TL;DR Google Threat Intelligence Group and Mandiant say an actor tracked as UNC6395 used compromised OAuth tokens tied to the…
ViewState Deserialization Zero-Day in Sitecore Products — CVE-2025-53690
TL;DR Mandiant discovered an active ViewState deserialization attack against Sitecore instances that relied on a sample ASP.NET machine key published…
BRICKSTORM Backdoor Targeting Tech and Legal Sectors, Google and Mandiant Warn
TL;DR Google Threat Intelligence Group and Mandiant report renewed BRICKSTORM backdoor activity used to maintain long-term access in U.S. organizations,…
UNC6040 vishing attacks: Proactive hardening and detection for SaaS
TL;DR Google Threat Intelligence Group profiles UNC6040 as a financially motivated cluster using voice phishing to trick employees into granting…
Oracle E-Business Suite Zero-Day Used in Large-Scale Extortion Campaign
TL;DR Google Threat Intelligence Group and Mandiant tracked a mass extortion campaign beginning Sept. 29, 2025, in which an actor…
North Korea’s UNC5342 Uses EtherHiding to Deliver Malware via Blockchains
TL;DR Google Threat Intelligence Group reports that the DPRK-linked threat cluster UNC5342 has been using EtherHiding since February 2025 to…
UNC5142 Abuses BNB Smart Chain and EtherHiding to Spread Infostealers
TL;DR Mandiant Threat Defense and Google Threat Intelligence Group have tracked UNC5142 since late 2023; the financially motivated group compromises…