Security Boulevard

SmartApeSG Launches Okendo Reviews Supply Chain Attack

IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...
Bleeping Computer

Credit card theft campaign abuses Stripe to host stolen payment info

A new Magecart campaign is using Stripe's API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. The entire malicious activity relies on Google Tag ...
techtimes

SVG Phishing Emails Bypass Email Security: SANS Flags New MIME-Type Evasion

A fresh wave of phishing emails is exploiting a blind spot in enterprise email security tools — one that most organizations have not closed — by disguising executable JavaScript inside SVG image files ...
GitHub

ARM64 ELF Virtual Machine Protection System

VMPacker is a Virtual Machine Protection (VMP) system for ARM64 (AArch64) Linux ELF binaries. It decodes target function's native ARM64 instructions into an intermediate representation, translates ...
Bleeping Computer

GhostPoster attacks hide malicious JavaScript in Firefox addon logos

A new campaign dubbed 'GhostPoster' is hiding JavaScript code in the image logo of malicious Firefox extensions with more than 50,000 downloads, to monitor browser activity and plant a backdoor. The ...
The Hacker News

Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT

Cybersecurity researchers are calling attention to a new campaign dubbed JS#SMUGGLER that has been observed leveraging compromised websites as a distribution vector for a remote access trojan named ...
WeLiveSecurity

DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception

This blogpost introduces our latest white paper, presented at Virus Bulletin 2025, where we detail the operations of the North Korea-aligned threat actor we call DeceptiveDevelopment and its ...
LinkedIn

North Korean Hackers Flood npm Registry with XORIndex Malware: A Deep Dive for Every Developer

In mid-July 2025, security teams discovered 67 malicious JavaScript packages uploaded to the npm registry by North Korean threat actors. These packages delivered a sophisticated loader named XORIndex, ...
SecurityWeek

Threat Actors Use SVG Smuggling for Browser-Native Redirection

Ontinue warns of a newly observed phishing campaign leveraging Scalable Vector Graphics (SVG) files in redirect attacks that evade traditional detection. While considered harmless image formats, SVG ...
WeLiveSecurity

DeceptiveDevelopment targets freelance developers

Cybercriminals have been known to approach their targets under the guise of company recruiters, enticing them with fake employment offers. After all, what better time to strike than when the potential ...
The Hacker News

Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks

The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers. The ...