Topic: threat actor
-
Libraesva ESG Zero-Day Exploited in Active Attacks (CVE-2025-59689)
A critical zero-day vulnerability (CVE-2025-59689) in the Libraesva Email Security Gateway is being actively exploited by a suspected state-sponsored actor, allowing arbitrary command execution on affected systems. The flaw is a command injection vulnerability caused by improper input sanitizatio...
Read More » -
Insight Partners Warns Thousands Following Ransomware Attack
Insight Partners suffered a cybersecurity breach due to a sophisticated social engineering attack, exposing sensitive personal and financial data of thousands. The breach occurred from October 2024 to January 2025, compromising banking details, employee records, and information on partners and po...
Read More » -
Malicious npm Code Infiltrated 10% of Cloud Environments
A supply chain attack using malicious npm packages has compromised about 10% of cloud environments, initiated by a threat actor who hijacked a developer's account to publish trojanized packages. The malicious code, which embedded crypto-stealing malware to intercept and reroute cryptocurrency tra...
Read More » -
Fake npm 2FA Reset Email Used to Hijack Popular Code Packages
A phishing campaign compromised at least 18 widely used JavaScript npm packages, injecting malicious code to hijack cryptocurrency transactions and highlighting supply chain vulnerabilities. The attack began when a developer fell for a convincing phishing email, allowing the threat actor to take ...
Read More »