North Korea's ScarCruft APT has infiltrated a niche gaming platform serving ethnic Koreans in China, embedding a novel backdoor into its software. The operation, running since late 2024, targets users of traditional card and board games hosted on sqgame[.]net.
Vimeo users' personal data has been compromised, exposing over 119,000 individuals to potential risks. The ShinyHunters extortion gang is behind the latest data heist.
Who knew your favorite mobile game could be a gateway to North Korean surveillance? ScarCruft's latest play uses a compromised game platform to deliver an Android variant of their notorious BirdCall malware.
Critical flaws in Google's Gemini CLI and the AI-powered Cursor IDE have been patched, closing doors to widespread code execution. The vulnerabilities, affecting CI/CD pipelines and developer workflows, carried severe risk.
The digital world is in overdrive this week, from nation-state hackers being nabbed to sophisticated scams sweeping social media. But the real shocker? A supply chain attack targeting developers.
The world of AI development just got a bit scarier. A critical vulnerability in LiteLLM, the popular LLM gateway, has been weaponized by hackers, and they're going straight for the jugular – your API keys.
The cybersecurity world braced for another supply chain assault, but GlassWorm's latest move in the OpenVSX ecosystem is a quiet, insidious evolution. They're no longer just dropping malware; they're planting seeds.
In a blistering 84-minute window on April 22, 2026, attackers turned Checkmarx's KICS tool against its users, siphoning secrets from Docker pulls and VSCode extensions. This isn't just another breach—it's a blueprint for how supply-chain attacks are evolving.
Two hours. That's all it took for attackers to slip malicious code into Bitwarden's CLI npm package, turning a trusted password tool against developers. Credentials flew out—npm tokens, SSH keys, cloud secrets—and self-propagated to other projects.
Imagine downloading your trusty CPU-Z to check your rig's specs—only to hand attackers your entire desktop. That's what hit over 150 users when CPUID's site got pwned, serving STX RAT malware in trojanized installers.
Imagine installing a logging library for your side project. Boom—North Korean spies snag your passwords and crypto. That's the nightmare unfolding right now.
A quick download for CPU specs just infected thousands with sophisticated malware. CPUID's API breach shows how even trusted diagnostics become hacker bait.