Check Point’s look inside The Gentlemen ransomware operation is a useful reminder for SMBs and government contractors: exposed edge appliances, weak identity controls, and unmanaged remote access paths still drive real ransomware risk.
Attackers swapped selected JDownloader website download links with malicious installers. Here is what SMB and government-contractor defenders should do about trusted-download risk.
A fake OpenAI Privacy Filter repository on Hugging Face delivered Windows infostealer malware. Here is what SMB and gov-contractor defenders should take from it.
SentinelLabs reported PCPJack, a cloud-focused worm that evicts TeamPCP artifacts, steals credentials from exposed infrastructure, and spreads across cloud systems.
Kaspersky researchers have uncovered CrystalX RAT, a sophisticated new malware-as-a-service (MaaS) platform that combines remote access trojan capabilities with data theft, keylogging, and uniquely disturbing prankware features designed to psychologically torment victims. From Webcrystal to CrystalX: The Evolution First observed in January 2026 as Webcrystal RAT, the malware was initially promoted through private Telegram groups….
A sophisticated supply chain attack has compromised LiteLLM, the widely-used Python library for interfacing with large language models, delivering multi-stage credential-stealing malware to systems downloading over 95 million packages per month. The attack, attributed to TeamPCP—the same threat group behind the recent Trivy supply chain compromises—targeted LiteLLM versions 1.82.7 and 1.82.8 on PyPI. According to…
On March 31, 2026, the cybersecurity landscape was shaken by a significant supply chain attack targeting Axios, one of the most widely used HTTP client libraries in the JavaScript ecosystem with over 83 million weekly downloads. Attackers compromised a maintainer account to inject a cross-platform remote access trojan (RAT) into two malicious package versions. Attack…
A sophisticated new malware campaign dubbed “DeepLoad” has emerged targeting enterprise environments, combining ClickFix social engineering delivery with AI-generated obfuscation techniques that defeat traditional security controls. ReliaQuest researchers discovered the threat after observing it achieve persistent, credential-stealing access through a single user action. What Makes DeepLoad Different DeepLoad isn’t notable for any single technique—it’s the…
A sophisticated new info-stealing malware named Infinity Stealer is targeting macOS systems using an innovative attack chain that combines ClickFix social engineering with Python payloads compiled using the open-source Nuitka compiler. Attack Overview According to Malwarebytes researchers, this marks the first documented macOS campaign combining ClickFix delivery with a Python-based infostealer compiled using Nuitka. The…
A sophisticated new information-stealing malware named Infinity Stealer has emerged targeting macOS systems, combining the increasingly popular ClickFix social engineering technique with advanced evasion capabilities through Nuitka compilation. According to Malwarebytes research, this represents the first documented macOS campaign combining ClickFix delivery with a Python-based infostealer compiled using Nuitka—a technique that produces native binaries far…
