Dual-RMM phishing hits 80+ orgs, cPanel and MOVEit auth bypasses under active exploit, APT28 keeps hijacking routers for M365 token theft.
supply-chain
BlackCat insiders draw 4-year sentences, ShinyHunters AI-vishes ADT and Medtronic, and Mini Shai-Hulud worms its way into more npm packages.
patch-tuesday
Patch volume was up this week. The louder stories came from attackers abusing trust at the edges of developer workflows, AI tooling, and government portals.
A cross-cutting security digest on geopolitics shaping outages, new APT chains, AI prompt risks, cryptomining, and pragmatic patching guidance.
Weekly security roundup of new malware, exploits, supply-chain tricks, and defense notes across Linux, Windows, and cloud.
A roundup of firewall flaws and edge-security woes: WatchGuard RCE, Zyxel bypasses, eBPF rootkits, and evolving cloud threats.
EvilBit Labs publishes weekly threat digests covering malware analysis, zero-day exploits, ransomware, supply-chain attacks, and defensive strategies for security teams.
Preloaded LunaSpy phones, in-memory ScreenConnect drops, npm typosquats stealing SSH keys, two Cisco ISE 9.9s. Disk is for chumps this week.
Nightmare-Eclipse Defender LPEs land in real intrusions, four Android bankers share 800+ targets, and Claude helps hijack BuddyBoss WordPress.
Developers lured through Slack, macOS users tricked into pasting malware, AI prompt injection in government, and NHS domains hijacked.
Kimsuky's credential playbook, Docker API miners, SystemBC's ransomware empire, RomCom zero-day chains, and why your extensions are someone else's red team.
Operational trust abused at machine speed: Axios, prt-scan, EvilTokens, Storm-1175, PolyShell, ComfyUI. Features, until they're evidence.
Supply chain compromises dominate the week: axios attribution lands, CI/CD blast radius widens, and phishing kits shrug off takedowns.
TeamPCP supply-chain attacks hit PyPI and npm, GlassWorm returns with unkillable Solana C2, and new fileless primitives ForsHops and FlipSwitch raise the stealth bar.
Active RCE in F5 BIG-IP APM, a nation-state npm supply-chain compromise, and macOS ClickFix stealer. April 1, but none of this is a joke.
There is a particular kind of exhaustion that comes from watching the same trust model break in five different ways before Friday. CI/CD credentials as skeleton keys, a Python runtime weaponized for ambient persistence, and phishing that sounds like bureaucracy.
Supply chain cascades, blockchain C2, browser encryption bypasses, and 20-hour exploit weaponization. UncleSp1d3r breaks down the chains.
Wipers riding Kubernetes, supply chains turned inside out, and "trusted" platforms doing the con's heavy lifting. This week's threats hide where you already look.
Trust failures defined the week: poisoned CI tags, stealthy C2, real-time phishing theft, and patch priorities defenders cannot ignore.