Kirsten Doyle

A newly identified threat actor, Void Blizzard, is emerging as a major player in Russian-linked cyberespionage, according to a detailed report by Microsoft Threat Intelligence. Active since at least April 2024, Void Blizzard is now on the radar of global security agencies for its highly targeted campaigns against government, defense, healthcare, and media organizations, primarily in NATO member states and Ukraine. Backed by evidence and collaboration from the Netherlands’ General and Defence Intelligence and Security Services (AIVD and MIVD), as well as the FBI, the report describes Void Blizzard (also known as LAUNDRY BEAR) as a determined and opportunistic actor,…

A recent investigation by ReversingLabs (RL) has uncovered a new malicious attack method targeting machine learning (ML) models distributed via the Python Package Index (PyPI). This expands on earlier threats that abused the Pickle file format to distribute malware through ML models hosted on platforms like Hugging Face. Threat actors uploaded three malicious PyPI packages—aliyun-ai-labs-snippets-sdk, ai-labs-snippets-sdk, and aliyun-ai-labs-sdk—posing as Python SDKs for interacting with Alibaba AI Labs services. In reality, these packages had no legitimate functionality and were designed solely to exfiltrate reconnaissance information from infected systems. Once installed, the packages delivered an infostealer payload hidden inside a PyTorch model,…

Cellcom, a regional telecom provider that serves Michigan and Wisconsin has confirmed that a cyberattack was the cause of text and voice service outages that began last week. Calls between Cellcom customers and some SMS text services have since been restored, and the company confirmed that the incident was concentrated on a network where customer data is not held. As of yesterday, Cellcom could not say when services will be fully restored. The company’s CEO Brighid Riordan said in a brief video statement, that the company has been dealing with a cyber incident but “simply don’t have a lot of…

Sportswear giant Adidas has reported a data breach following a cyberattack on one of its customer service providers, which resulted in the theft of certain customer data.  “Adidas recently became aware that an unauthorized external party obtained certain consumer data through a third-party customer service provider. We immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts,” the company said in a statement. The company said the affected data contains no passwords, credit card or any other payment-related information. “It mainly consists of contact information relating to consumers who had contacted our…

A fresh supply chain attack is quietly unfolding in the JavaScript ecosystem, and it’s already compromising developer environments and enterprise networks. Socket’s Threat Research Team has identified 60 malicious npm packages actively siphoning off sensitive host and network information during installation, leaving no trace except for a webhook ping to a Discord-controlled endpoint. A quiet, targeted recon campaign Unlike smash-and-grab malware that wreaks instant havoc, this campaign is surgical. Each package contains a post-install script that activates automatically during npm install. The script gathers internal and external IPs, hostnames, DNS server lists, and user directories, then exfiltrates everything to a…

A recent data breach involving TeleMessage, a messaging platform used by several U.S. government agencies, has exposed communications metadata from more than 60 federal officials. They include disaster response teams, diplomatic staff, and even a White House employee. Experts warn it could pose a significant counterintelligence risk.  First reported by Reuters, the breach first surfaced on the leak site Distributed Denial of Secrets (a U.S. nonprofit whose stated mission is to archive hacked and leaked documents in the public interest). It was initially linked to a communication used by former Trump national security adviser Mike Waltz. But a deeper look…

Let’s face it: most companies are drowning in vulnerabilities and struggling to patch even a fraction of them. The question has never been how many flaws exist, it’s which ones matter most. Now, NIST thinks it may have an answer, or at least a better guess. In a white paper released on 19 May, researchers Peter Mell and Jonathan Spring introduced a new metric called Likely Exploited Vulnerabilities (LEV). The idea is bold: estimate, not confirm, which vulnerabilities have probably been used in the wild, based on historical trends in exploit prediction data. It’s not perfect. But in a world…

Cybercriminals have been dealt a major blow as global law enforcement agencies, coordinated by Europol and Eurojust, dismantled critical components of the infrastructure behind some of the world’s most disruptive ransomware operations.  Between 19 and 22 May 2025, authorities conducted a sweeping takedown of the digital backbone enabling initial access malware; tools routinely used by bad actors to gain a foothold in victims’ systems. Operation Endgame neutralised over 300 servers across multiple countries, took down 650 malicious domains, and seized more than €3.5 million in cryptocurrency. This brings the total assets confiscated under the Operation Endgame banner to more than…

Streaming credentials are the new gold in the cyber underground, and cybercriminals are cashing in, by using your favorite shows, anime, and blockbuster films as bait. A new report from Kaspersky reveals a troubling spike in phishing and malware campaigns that exploit pop culture to lure users, especially Gen Z, into compromising their devices and handing over credentials.   Attackers are using familiar entertainment brands to drop malware, steal login details, and resell streaming accounts on the dark web at bargain-bin prices. In 2023 alone, Kaspersky blocked nearly 10 million phishing attacks related to streaming services and 4.2 million attempts to…

Operation Endgame has successfully disrupted the infrastructure behind the Latrodectus malware, a sophisticated loader often used by ransomware groups to infiltrate enterprise networks.   According to Expel’s researchers, if history is any guide, this isn’t the end of the story. The developers behind Latrodectus are known for resilience and reinvention. They’ve reemerged before, and odds are, they’ll do it again. So when they return (and they will) here’s what to watch for. Click-Fix: The Deceptive Path to Infection One of the more devious tactics the researchers have seen from the Latrodectus operators is the so-called Click-Fix technique. This method relies on…