FBI: Cyber Criminal Group TeamPCP

The Federal Bureau of Investigation (FBI) is releasing this FLASH to highlight the tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with the cyber criminal group TeamPCP. TeamPCP actors have conducted large-scale software supply chain compromises by Read More …

Nissan says Oracle PeopleSoft break-in may have spilled payroll records, SSNs

Nissan has joined the growing list of Oracle customers cleaning up after a cyberattack, warning employees that payroll records, bank details, Social Security numbers, and other personal data may have been stolen. In a filing submitted to the California Attorney General on Read More …

No fix yet for critical RCE bug in open-source Git service Gogs – exploit module is out

There’s a huge hole and no one is patching it thus far. A critical, remote code execution (RCE) bug in Gogs, a popular open-source self-hosted Git service, can be exploited by any authenticated user – no special privileges required – Read More …

OpenAI caught in TanStack npm supply chain chaos after employee devices compromised

OpenAI says attackers behind the TanStack npm supply chain compromise stole internal credentials after reaching two employee devices, forcing the company to rotate signing certificates for several desktop products. The company disclosed this week that it had been caught up in the Read More …

Cache-poisoning caper turns TanStack npm packages toxic

An attacker has published 84 malicious versions of official TanStack npm packages, with the impact including credential theft, self-propagation, and complete disk wipe of an infected host. The attack is part of a wave of attacks across npm and PyPI, Read More …

Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access

Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights Read More …

Canvas maker Instructure reveals data breach — confirms user personal information leaked

Instructure, the edtech giant behind the popular Canvas learning system, has confirmed suffering a cyberattack and losing sensitive customer data. The company issued a brief statement, confirming the hit, “While our investigation continues alongside our outside forensics experts, at this Read More …

Quasar Linux (QLNX) – Inside a Full-Featured Linux RAT

In previous research, Trend Micro have demonstrated how AI can be used to improve detection accuracy when new malware families emerge, particularly those that reuse or share code from open-source repositories. In this blog entry, Trends Micro researchers present another Read More …

Void Dokkaebi uses fake job interview lure to spread malware via code repositories

Void Dokkaebi, also tracked as Famous Chollima, is a North Korea-aligned intrusion set that systematically targets software developers who hold cryptocurrency wallet credentials, signing keys, and access to continuous integration/continuous delivery (CI/CD) pipelines and production infrastructure. As previously documented by Read More …