Lazarus Group used Medusa ransomware in Middle East and U.S. healthcare attacks, with average $260,000 demands and 366 claimed incidents.
Category: cybercrime/malcode – Page 3
Phishing campaign targets freight and logistics orgs in the US, Europe
A financially motivated threat group dubbed “Diesel Vortex” is stealing credentials from freight and logistics operators in the U.S. and Europe in phishing attacks using 52 domains.
In a campaign that has been running since September 2025, the threat actor has stolen 1,649 unique credentials from platforms and service providers critical in the freight industry.
Some of the Diesel Vortex victims include DAT Truckstop, TIMOCOM, Teleroute, Penske Logistics, Girteka, and Electronic Funds Source (EFS).
1Campaign platform helps malicious Google ads evade detection
A newly identified cybercrime service known as 1Campaign is enabling threat actors to run malicious Google Ads that remain online for extended periods while evading scrutiny from security researchers.
1Campaign is a cloaking service that passes Google’s screening process and shows malicious content only to real potential victims. Security researchers and automated scanners are served benign white pages.
The operation has been active for at least three years and is managed by a developer using the name ‘DuppyMeister,’ according to a report from data security company Varonis.
Securing the Cyber Supply Chain in an AI Era
Supply chain attacks are now a top cyber threat—SolarWinds and Colonial Pipeline showed how one weak link can cascade across entire sectors.
In my latest article, I examine how AI, 5G, IoT, and quantum computing are expanding both risks and defenses, and share practical steps: zero trust, SBOMs, supplier audits, public-private collaboration, and board-level ownership.
Cyber supply chain security is no longer optional—it’s essential for resilience, innovation, and national security.
Read the full piece: The Cybersecurity Challenges of the Supply Chain https://www.govconwire.com/articles/chuck-brooks-govcon-expe…hain-risks.
#cybersecurity #technology #supplychain
By Chuck Brooks, president of Brooks Consulting International and one of Executive Mosaic’s GovCon Experts
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens
Cybersecurity researchers have disclosed what they say is an active “Shai-Hulud-like” supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft.
The campaign has been codenamed SANDWORM_MODE by supply chain security company Socket. As with prior Shai-Hulud attack waves, the malicious code embedded into the packages comes with capabilities to siphon system information, access tokens, environment secrets, and API keys from developer environments and automatically propagate by abusing stolen npm and GitHub identities to extend its reach.
“The sample retains Shai-Hulud hallmarks and adds GitHub API exfiltration with DNS fallback, hook-based persistence, SSH propagation fallback, MCP server injection with embedded prompt injection targeting AI coding assistants, and LLM API Key harvesting,” the company said.
Predator spyware hooks iOS SpringBoard to hide mic, camera activity
Intellexa’s Predator spyware can hide iOS recording indicators while secretly streaming camera and microphone feeds to its operators.
The malware does not exploit any iOS vulnerability but leverages previously obtained kernel-level access to hijack system indicators that would otherwise expose its surveillance operation.
Apple introduced recording indicators on the status bar in iOS 14 to alert users when the camera or microphone is in use, displaying a green or an orange dot, respectively.
Spain arrests suspected hacktivists for DDoSing govt sites
Spanish authorities have arrested four alleged members of a hacktivist group believed to have carried out cyberattacks targeting government ministries, political parties, and various public institutions.
The group, which called itself “Anonymous Fénix” and claimed they were affiliated with the Anonymous hacker collective, conducted distributed denial-of-service (DDoS) attacks against targets in Spain and several South American countries, according to the Spanish Civil Guard.
The first attacks occurred in April 2023 and peaked after the flash floods that struck Valencia in late October 2024, when the group’s members attacked multiple government websites, claiming Spanish authorities were responsible for the deaths and destruction caused by the storm.