Microsoft attributes a supply chain attack compromising 140+ npm packages to North Korea's Sapphire Sleet (BlueNoroff), targeting the Mastra AI ecosystem. The operation extends Lazarus-cluster tradecraft into AI developer tooling, expanding Pyongyang's software supply chain attack surface.
BleepingComputer
· 18h ago
· Read full article →
๐ฐ๐ต Lazarus ยท North Korea
A new ransomware strain dubbed Prinz Eugen encrypts recently modified files first and deploys no ransom note, departing from standard extortion playbooks.
BleepingComputer
· 17h ago
· Read full article →
Unidentified threat actors are actively exploiting CVE-2026-4020, a patched information-disclosure flaw in the Gravity SMTP WordPress plugin, extracting API keys, OAuth tokens, and secrets from up to 100,000 sites.
The Hacker News
· 22h ago
· Read full article →