Towards the beginning of March, researchers from Sonatype identified hundreds of counterfeit packages in npm and PyPI repositories that were used to execute Remote Access Trojans (RATs).

Hive is a relatively new ransomware outfit that made its appearance in late June 2021. It gained notoriety through over 350 attacks on organizations across several sectors.

GitLab has patched a critical vulnerability that meant static passwords were inadvertently set during OmniAuth-based registration – putting accounts at risk of malicious takeover.

Dubbed REDSPICE, which stands for ‘Resilience, Effects, Defense, Space, Intelligence, Cyber and Enablers,’ it is the biggest single cybersecurity investment in Australian history.

Trend Micro this week announced patches for a high-severity arbitrary file upload vulnerability in Apex Central that has already been exploited in what appear to be targeted attacks.

Anonymous continues to target Russian firms owned by oligarchs. After announcing the hack of the Thozis Corp, the group claimed they had breached the systems of the Marathon Group and released 62,000 emails (a 52GB archive) through DDoSecrets.

In a recent report, email security provider INKY described a recent phishing campaign that took advantage of the Calendly calendar app to harvest sensitive account credentials from unsuspecting victims.

Decentralized lending platform Ola Finance was exploited for over $4.67 million in a “re-entrancy” cyberattack, according to a post-mortem report released by the developers.

Scammers are exploiting the current events in Ukraine especially after the official Ukrainian Twitter account tweeted Bitcoin and Ethereum wallet addresses for donations.

The malware is always injected into the active theme’s footer.php file, and contains obfuscated JavaScript after a long series of empty lines in an attempt to stay hidden.