BlobPhish is a memory-resident phishing campaign that uses browser Blob objects and blob:https:// URLs to steal Microsoft 365, banking, and financial platform credentials. This analysis explains how the attack works, why it bypasses conventional defenses, what risks organizations face, and how security teams can improve detection, incident response, penetration testing, and protection measures.

DPRK linked threat actors are using malicious npm and PyPI packages, AI assisted dependency insertion, fake companies, fake job interviews, and RATs to target developers, crypto wallets, source code, GitHub tokens, AWS keys, and software supply chains. This analysis explains how the campaigns work, why they matter, what risks organizations face, and how penetration testing, incident response, dependency review, and developer security controls can reduce exposure.

Claude Security is now available in public beta for Claude Enterprise customers, bringing AI-powered vulnerability discovery, code review, severity context, scheduled scans, audit exports, and remediation guidance into enterprise software security workflows. This analysis explains how Claude Security works, why AI-assisted vulnerability management matters, what risks organizations should consider, and how penetration testing, incident response, and secure development practices remain essential.

Two Americans were sentenced for their roles in BlackCat ransomware attacks targeting U.S. victims. The case highlights the growing threat of ransomware-as-a-service, cyber extortion, data theft, and the need for stronger incident response, vulnerability management, and penetration testing.

The AccountDumpling phishing campaign abused Google AppSheet, Netlify, Vercel, Google Drive, Canva, and Telegram to compromise about 30,000 Facebook accounts. This analysis explains how attackers used authenticated Google-sent phishing emails, fake Meta warnings, cloud-hosted landing pages, Telegram exfiltration, and real-time operator panels to steal credentials, 2FA codes, identity documents, and business account data.

Email bombing attacks are being combined with fake Microsoft Teams IT support calls to trick employees into granting remote access through Quick Assist, AnyDesk, and similar tools. This analysis explains how the attack works, why it bypasses traditional controls, what risks organizations face, and how penetration testing, incident response, Microsoft Teams hardening, remote access restrictions, and employee verification procedures can reduce exposure.

pnpm 11 enables minimum release age by default, delaying installation of newly published packages for 24 hours to reduce exposure to fast-moving npm supply chain attacks. This analysis explains how the feature works, why dependency cooldowns matter, what risks organizations face, and how penetration testing, incident response, CI/CD hardening, lockfile review, and package manager controls can strengthen software supply chain security.

SHADOW-EARTH-053 is exploiting known Microsoft Exchange and IIS vulnerabilities, including the ProxyLogon chain, to target government, defense, technology, and critical infrastructure organizations. This analysis explains how the China-aligned campaign uses GODZILLA web shells, ShadowPad malware, DLL sideloading, credential tools, WMIC, and proxy utilities, and what organizations should do to improve detection, incident response, penetration testing, and Exchange Server protection.

CloudZ RAT is abusing Microsoft Phone Link through a custom Pheno plugin to potentially steal synced SMS messages, mobile notifications, credentials, and one-time passwords from compromised Windows PCs. This analysis explains how the malware works, why Phone Link synchronization can weaken MFA, what risks organizations face, and how penetration testing, incident response, endpoint monitoring, phishing-resistant MFA, and Phone Link policy controls can reduce exposure.

PCPJack is a cloud-focused credential stealer that exploits five CVEs to compromise exposed infrastructure, steal secrets, and spread across Docker, Kubernetes, Redis, MongoDB, RayML, and vulnerable web applications. This analysis explains how the malware works, why cloud credentials are high-value targets, what risks organizations face, and how penetration testing, vulnerability assessment, incident response, cloud hardening, credential rotation, and monitoring can reduce exposure.

Fake OpenClaw installers are being used to spread Vidar infostealer and GhostSocks proxy malware through malicious GitHub repositories promoted by AI search results. This analysis explains how the campaign works, why GitHub and AI search trust can be abused, what risks organizations face, and how penetration testing, vulnerability assessment, incident response, developer security controls, and stronger software verification can reduce exposure

A data breach at GFN.am, an authorized NVIDIA GeForce NOW regional partner in Armenia, exposed user information while NVIDIA’s own operated services were reportedly not impacted. This analysis explains what data may have been exposed, why third-party cloud service breaches matter, how attackers may abuse personal information for phishing, and what organizations should do to strengthen vendor security, incident response, penetration testing, and cloud service protection.