Latest news

HazyBeacon APT Campaign Weaponizes AWS Lambda to Hide Command-and-Control Traffic
Cybercrime

HazyBeacon APT Campaign Weaponizes AWS Lambda to Hide Command-and-Control Traffic

22 June 2026 dark6

Qualys researchers have exposed HazyBeacon, a stealthy APT campaign targeting Southeast Asian governments that uses AWS Lambda Function URLs as...
Read more 0
OceanLotus APT (APT32) Compromises FireAnt MetaKit in Targeted Supply-Chain Attack on Vietnamese Stock Investors
Cybercrime

OceanLotus APT (APT32) Compromises FireAnt MetaKit in Targeted Supply-Chain Attack on Vietnamese Stock Investors

12 June 2026 dark6

The Vietnamese state-aligned threat group OceanLotus (APT32) hijacked the update server of popular investment software FireAnt MetaKit to deliver the...
Read more 0
UNC3753 (Luna Moth) Escalates Campaign Against US Law Firms: Vishing, RMM Tools, and Now Physical Intrusion
Cybercrime

UNC3753 (Luna Moth) Escalates Campaign Against US Law Firms: Vishing, RMM Tools, and Now Physical Intrusion

10 June 2026 dark6

Google Cloud Mandiant has documented a sustained UNC3753 (Luna Moth) campaign targeting US law firms from January–May 2026. The group...
Read more 0
Meet Pink: The New Extortion Group Using Vishing and Microsoft 365 Tools to Drain Enterprise Cloud Storage
Cybercrime

Meet Pink: The New Extortion Group Using Vishing and Microsoft 365 Tools to Drain Enterprise Cloud Storage

10 June 2026 dark6

A new extortion group called Pink (CL-CRI-1147) has emerged, targeting enterprise organizations through voice phishing to steal Microsoft 365 credentials...
Read more 0
China-Linked OP-512 Uses Cryptographically Unique Web Shells in Patient IIS Server Espionage Campaign
Cybercrime

China-Linked OP-512 Uses Cryptographically Unique Web Shells in Patient IIS Server Espionage Campaign

9 June 2026 dark6

ReliaQuest has uncovered OP-512, a new China-linked threat cluster targeting IIS servers with a custom web shell framework that generates...
Read more 0
Hackers Can Hijack Claude Code MCP Traffic to Steal OAuth Tokens — No Patch Coming
Cybercrime

Hackers Can Hijack Claude Code MCP Traffic to Steal OAuth Tokens — No Patch Coming

8 June 2026 dark6

Researchers at Mitiga Labs demonstrated a five-step npm supply chain attack that rewrites ~/.claude.json to redirect Claude Code MCP traffic...
Read more 0
Iran-Linked Black Shadow Group Obliterates IT, Backups and Recovery Systems Across US and Middle East
Cybercrime

Iran-Linked Black Shadow Group Obliterates IT, Backups and Recovery Systems Across US and Middle East

5 June 2026 dark6

Operating under the cover name Ababil of Minab, Iran-linked APT group Black Shadow launched a wave of destructive attacks against...
Read more 0
Threat Actors Use AI Agents and Cursor IDE to Automate Active Directory Attacks and Beat EDR
Cybercrime

Threat Actors Use AI Agents and Cursor IDE to Automate Active Directory Attacks and Beat EDR

4 June 2026 dark6

Sophos has uncovered a Russian-speaking threat actor using AI-assisted tools, Cobalt Strike, and a purpose-built automated lab to develop EDR...
Read more 0
Critical Supply Chain Attack: 31 Red Hat Cloud Services npm Packages Backdoored to Steal Cloud and Dev Credentials
Cybercrime

Critical Supply Chain Attack: 31 Red Hat Cloud Services npm Packages Backdoored to Steal Cloud and Dev Credentials

2 June 2026 dark6

A sophisticated supply chain attack dubbed "Miasma: The Spreading Blight" has backdoored over 30 official @redhat-cloud-services npm packages, deploying credential-stealing...
Read more 0
Massive Supply Chain Attack: Poisoned VS Code Extension and “Megalodon” Campaign Steal Credentials from Millions of Developers
Cybercrime

Massive Supply Chain Attack: Poisoned VS Code Extension and “Megalodon” Campaign Steal Credentials from Millions of Developers

1 June 2026 dark6

Two coordinated supply chain attacks poisoned the Nx Console VS Code extension (2.2M installs) and backdoored 5,561 GitHub repositories simultaneously,...
Read more 0
GREYVIBE: Russian-Aligned Hackers Use ChatGPT and Google Gemini to Build Cyberweapons Targeting Ukraine
Cybercrime

GREYVIBE: Russian-Aligned Hackers Use ChatGPT and Google Gemini to Build Cyberweapons Targeting Ukraine

30 May 2026 dark6

A newly tracked threat actor called GREYVIBE is using generative AI tools including ChatGPT and Google Gemini to develop malware,...
Read more 0
Seedworm (MuddyWater) APT Abuses Signed Security Binaries in Global Espionage Campaign Across 9 Countries
Cybercrime

Seedworm (MuddyWater) APT Abuses Signed Security Binaries in Global Espionage Campaign Across 9 Countries

28 May 2026 dark6

Iran-linked Seedworm (MuddyWater) APT has been caught running a broad espionage campaign against at least 9 organizations across 9 countries...
Read more 0