New from @threatinsight.proofpoint.com! North Korean actor UNK_DeadDrop (possibly overlapping with Contagious Interview) conducts a high volume phishing campaign targeting developers with a new technique abusing VSIX extensions and new open source payload Overlord www.proofpoint.com/us/blog/thre...
This seems to be a prevalent issue now: People vibe code security applications and the LLM generates real malware for testing.
The generated test files rely on real threat actor infrastructure to download or exfiltrate.
hxxps://github.com/DataDog/guarddog/blob/main/tests
@volexity.com has published details from an incident response engagement in September 2025 involving multiple #BRICKSTORM variants deployed by a threat actor that Volexity tracks as VerdantBamboo.
[1/4]
I only know of this one, maybe that's the one?
lolrmm.io
Daniel Gordon
Saher
Volexity
My name is Daniel Gordon and I am writing to let you know that you have a serious problem.
Next week I will be speaking at FirstCon about The Art of Notification. Distilled lessons learned from hundreds of victim notifications I’ve done over the years.
www.first.org/conference/2...
38th Annual FIRST Conference - Denver (US), June 14-19, 2026.
www.first.org
Such an interesting report from Poland's CERT. Looks like Ghostwriter is now targeting the personal Gmail accounts of high-profile Polish citizens.
Some of the attacks are random, with them trying to guess the victim's Gmail, ending up phishing random people
cert.pl/en/posts/202...
Daniel Gordon
Our new @threatinsight report is a comprehensive overview of TA4922, a newly designated Chinese-speaking, financially motivated threat actor that largely targets East Asia.
It currently conducts more unique campaigns than any other cybercriminal we track. www.proofpoint.com/us/blog/thre...
lolrmm.io
Dltd
Catalin Cimpanu
Npm will block all auto-running installation scripts starting next month with the release of version 12.0.
The change is meant to counter the rising number of supply-chain attacks taking place on the platform
github.blog/changelog/20...
By Saher Naumaan, Carlos Rubio, and the Proofpoint Threat Research Team Key Findings Between April and May 2026, Proofpoint Threat Research observed a likely North Korean threat actor
Recently, we have been observing attacks by the UNC1151/Ghostwriter group targeting Gmail accounts. This group has been regularly attacking the mailboxes of Polish citizens for several years, although...
In September 2025, Volexity conducted an incident response engagement that began after suspicious network traffic was observed from a Linux-based virtual machine appliance on a customer’s network. The...
Our next npm major version, v12, introduces security-related default changes to npm install. All these changes are available behind warnings in npm today on 11.16.0 or newer, so you can…
Key Findings: TA4922 is a highly sophisticated threat actor demonstrating a rapid operational tempo and continually evolving malware arsenal. The group has been
