Information

18 Jun

‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm

Information, Insights

For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to NetNut, a “residential proxy” provider operated by the publicly-traded Israeli firm Alarum Technologies Ltd [NASDAQ: ALAR]. Malicious streaming devices sold online that enroll the user’s home Internet address…

Read More
18 Jun

FishMonger’s arsenal upgraded: SprySOCKS for Windows

Information

ESET researchers have discovered two as-yet undocumented Windows variants of SprySOCKS, a previously Linux-only backdoor reportedly used by FishMonger, the group believed to be operated by a Chinese contractor named I‑SOON. While we initially discovered the malware samples on VirusTotal, ESET telemetry shows real activity between 2023 and 2024, with several victims in Honduras, Taiwan, Thailand, and Pakistan, targeting mostly government organizations. The Windows variants discovered are internally marked as WIN_DRV and WIN_PLUS. Both come…

Read More
18 Jun

Protecting legacy OT systems against modern cyberthreats

Information

Critical Infrastructure Many manufacturing plants depend on OT systems that stay in service for many years. That long run can hide significant cybersecurity risks. Tomáš Foltýn 17 Jun 2026  •  , 5 min. read In a manufacturing plant built around uptime, a machine that has run the same physical process for years with barely a hiccup earns something less commonly discussed than a track record of throughput: institutional trust. Over time, such quiet reliability has…

Read More
17 Jun

Webinar Today: How Modern Breaches Bypass MFA and Evade Detection

Information, News

Live Webinar: June 17, 2026 at 1PM ET – Register to Attend Today’s attackers are no longer breaking in — they’re logging in. Threat actors are increasingly using sophisticated social engineering, MFA fatigue attacks, session hijacking, credential theft, and help desk impersonation to bypass traditional security controls and move undetected across enterprise environments. In this webinar, we’ll break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification,…

Read More
16 Jun

iRhythm Confirms Data Stolen in Hack

Data Breaches, Information, News

iRhythm, a health company specializing in wearable cardiac monitoring technology, has been targeted in a cyberattack that resulted in the theft of information. The data breach was disclosed by iRhythm, known for its Zio wearable ECG monitor, in a Monday filing with the SEC. The company said it detected “unauthorized activity involving data maintained on certain third-party-hosted business applications” on June 8. iRhythm noted that the attack involved social engineering, but the targeted application has…

Read More
16 Jun

EvilTokens: A phishing attack that doesn’t steal your password

Information

Cybercrime A phishing kit subverting Microsoft’s legitimate authentication flow lets attackers break into accounts without stealing passwords or creating fake login pages Christian Ali Bravo 15 Jun 2026  •  , 5 min. read Much has been written about how the days of phishing emails laden with broken grammar and crude design are numbered, largely thanks to AI. Meanwhile, EvilTokens offers a somewhat different example of how far the phishing craft has moved. EvilTokens is a…

Read More
15 Jun

Ransomware Attack Shuts Down Mills of Australia’s Second-Largest Sugar Producer

Information, News

Mackay Sugar, a major Australian sugar producer, has been targeted in a ransomware attack that forced it to shut down some of its mills. The hacker attack came to light on June 10, when Mackay Sugar announced it was responding to a cybersecurity incident affecting some of its operations. “Interim processes are in place to support critical business functions and minimise disruption where possible,” the company said at the time. Mackay Sugar operates three cane-processing…

Read More
13 Jun

NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks

Information, News

In response to a recent wave of supply chain attacks targeting the NPM ecosystem, GitHub announced that scripts from dependencies will no longer be executed by default. Multiple major incidents that occurred over the past several months, mainly associated with TeamPCP and the Shai-Hulud self-replicating worm, have been abusing the default, automatic execution of scripts from dependencies during npm install to infect thousands of developers with malware. To better protect users, starting with NPM version…

Read More
13 Jun

Anthropic Says It Has Taken Its Latest AI Models Offline to Comply With New Export Controls

Information, News

AI giant Anthropic said Friday it has taken its latest artificial intelligence models, known as Fable 5 and Mythos 5, offline to comply with a directive from the Trump administration to prevent their use by foreign nationals. The export controls mark the U.S. government’s most significant step to date to restrict access to the most advanced AI models. Anthropic released Fable widely this week. That model is a limited version of the even more advanced…

Read More
12 Jun

OceanLotus: From external espionage to domestic targeting

Information

Our tracking of OceanLotus activities from 2024–2026 reveals a shift in operational focus. During this period, the Vietnam-aligned OceanLotus adopted a more selective approach to external operations while placing increasing emphasis on domestic espionage. We identified two distinct campaigns involving the SPECTRALVIPER backdoor: a supply-chain attack targeting stock investors in Vietnam and a prolonged espionage operation against a Vietnamese infrastructure and transport construction company. Whether the shift represents a temporary adjustment or a long-term strategic…

Read More