The first version of the AdaptixC2 post-exploitation framework, which can be considered an alternative to the well-known Cobalt Strike, was made publicly available in early 2025. In spring of 2025, the framework was first observed being used for malicious means.
In October 2025, Kaspersky experts found that the npm ecosystem contained a malicious package with a fairly convincing name: https-proxy-utils. It was posing as a utility for using proxies within projects. At the time of this post, the package had already been taken down. The name of the package closely resembles popular legitimate packages: http-proxy-agent, which has approximately 70 million weekly downloads, and https-proxy-agent with 90 million downloads respectively.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Iran-linked hackers launch cyberattack against U.S. medtech company Stryker
March 11, 2026
U.S. medical technology company Stryker is currently experiencing a massive cyberattack, which has shut down their computer systems and, as a result, even closed the company’s offices. An Iran-linked digital activist collective known as Handala is claiming credit for the cyberattack against Stryker. This would be the first major cyberattack carried out in the wake of the ...
- Russian hackers target HR departments with vicious new ‘BlackSanta’ malware
March 11, 2026
Russian hackers have been targeting Human Resources (HR) departments at various organizations around the world with a never-before seen piece of malware called BlackSanta. The campaign was spotted by cybersecurity researchers Aryaka, who said the attacks have been going on for at least a year, and include a rather sophisticated infection chain. It most likely starts ...
- BeatBanker: A dual‑mode Android Trojan
March 10, 2026
Recently, Kaspersky researchers uncovered BeatBanker, an Android‑based malware campaign targeting Brazil. It spreads primarily through phishing attacks via a website disguised as the Google Play Store. To achieve their goals, the malicious APKs carry multiple components, including a cryptocurrency miner and a banking Trojan capable of completely hijacking the device and spoofing screens, among other ...
- Ericsson US reveals employee and customer data breach after third-party hack
March 10, 2026
The US arm of Ericsson has confirmed suffering a third-party data breach which saw it lose sensitive data on an undisclosed number of its customers. In a data breach notification letter sent out to affected individuals, Ericsson US said it spotted “a suspicious event” and potential unauthorized access to its systems on April 28, 2025. The ...
- DOGE employee stole Social Security data and put it on a thumb drive
March 10, 2026
A former employee of Elon Musk’s Department of Government Efficiency reportedly stole Americans’ personal data from the U.S. Social Security Administration and stored it on a thumb drive, according to a whistleblower complaint reported by The Washington Post. The former DOGE software engineer told co-workers at his new job that he “possessed two tightly restricted databases ...
- Critical Microsoft Excel bug weaponizes Copilot Agent for zero-click information disclosure attack
March 10, 2026
After a whopper of a Patch Tuesday last month, with six Microsoft flaws exploited as zero-days, March didn’t exactly roar in like a lion. Just two of the 83 Microsoft CVEs released on Tuesday are listed as publicly known, and none is under active exploitation, which we’re sure is a welcome change to sysadmins. Another eight ...