Malware

Qilin ransomware group claims attack on German political party Die Linke, threatening to leak 1.5 terabytes of internal data in what the party calls a hybrid warfare operation.

An incident response manager at Sygnia and a ransomware negotiator at DigitalMint admitted to moonlighting as ALPHV/BlackCat affiliates, targeting five US companies and causing over $9.5 million in losses.

Attackers hijacked the primary Axios maintainer's npm account and published two malicious versions that installed a cross-platform remote access trojan, exposing one of the JavaScript ecosystem's most downloaded packages.

Threat actor TeamPCP used credentials stolen in the Trivy compromise to backdoor LiteLLM versions 1.82.7 and 1.82.8 on PyPI, deploying a multi-stage credential stealer across an estimated 500,000 environments.

A coordinated operation led by Europol, Microsoft, and law enforcement agencies across six countries seized 330 domains powering the Tycoon 2FA phishing-as-a-service platform, which had accounted for 62 percent of all phishing attempts Microsoft blocked by mid-2025.

Threat actor TeamPCP compromised the widely used Trivy vulnerability scanner through a retained access token from an earlier incomplete remediation, injecting credential-stealing payloads into official releases and GitHub Actions while defacing 44 Aqua Security repositories.

A dormant malicious script planted on Russian Wikipedia in 2024 was inadvertently activated during a Wikimedia security review, modifying thousands of pages and 85 user scripts before engineers locked down editing across all projects.

IBM's annual threat index finds vulnerability exploitation now causes 40% of breaches, with 109 ransomware groups active and over 300,000 AI platform credentials stolen.