The first version of the AdaptixC2 post-exploitation framework, which can be considered an alternative to the well-known Cobalt Strike, was made publicly available in early 2025. In spring of 2025, the framework was first observed being used for malicious means.
In October 2025, Kaspersky experts found that the npm ecosystem contained a malicious package with a fairly convincing name: https-proxy-utils. It was posing as a utility for using proxies within projects. At the time of this post, the package had already been taken down. The name of the package closely resembles popular legitimate packages: http-proxy-agent, which has approximately 70 million weekly downloads, and https-proxy-agent with 90 million downloads respectively.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Russian hacking group targets home and small office routers to spy on users
April 8, 2026
British security officials found that a group linked to the Russian military is spying on users of compromised Small Office/Home Office (SOHO) routers in a broad cyber espionage campaign. A Microsoft blog goes into the technical details of these attacks. The group, which researchers will refer to as APT28, but is also known under names like ...
- Hack-for-hire group caught targeting Android devices and iCloud backups
April 8, 2026
Security researchers say they have identified a hack-for-hire group targeting journalists, activists, and government officials across the Middle East and North Africa. The hackers used phishing attacks to access targets’ iCloud backups and messaging accounts on Signal, and deployed Android spyware capable of taking over the targets’ devices. This hacking campaign highlights a growing trend of ...
- Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
April 7, 2026
Iran-affiliated advanced persistent threat (APT) actors are conducting exploitation activity targeting internet-facing operational technology (OT) devices, including programmable logic controllers (PLCs) manufactured by Rockwell Automation/Allen-Bradley. This activity has led to PLC disruptions across several U.S. critical infrastructure sectors through malicious interactions with the project file and manipulation of data on human machine interface (HMI) and supervisory ...
- Attackers exploited critical FortiClient EMS bug as a 0-day
April 6, 2026
Fortinet released an emergency patch over the weekend for a critical FortiClient Enterprise Management Server (EMS) bug believed to be under attack since at least March 31. The flaw, tracked as CVE-2026-35616, is an improper access control vulnerability that allows unauthenticated attackers to execute unauthorized code or commands via crafted requests. It earned a critical 9.1 ...
- Watch how job interviewer exposes North Korean fake IT worker
April 6, 2026
For the last few years, North Koreans have gotten remote jobs at hundreds of Western companies pretending to be from somewhere else, using fake resumes, and sometimes with the help of American collaborators. It’s been a major problem for years, as North Korea remains highly sanctioned by the U.S. and European governments because of the regime’s ...
- New “BrowserGate” report claims LinkedIn secretly scans user browsers for installed extensions and collects device data
April 6, 2026
A new report is alleging LinkedIn uses hidden JavaScript to scan its visitors’ browsers for installed extensions, looks for those that compete with its own sales tools, and then twists its users’ arms until they stop using those and pick LinkedIn’s products, instead. However the social network says this is a smear campaign run by a ...