« Reports in 2026

416 reports

2026-05-14 • Kaspersky

Kimsuky has expanded its PebbleDash and AppleSeed-related operations with newly documented tooling, including the Rust-based HelloDoor backdoor, httpMalice, MemLoad/httpTroy, AppleSeed, HappyDoor, VSCode Remote Tunneling, and DWAgent. The campaigns use sp…

#Kimsuky #Phishing #AppleSeed #PebbleDash #BlackBanshee #VelvetChollima #GitHub #ADS #APT43 #RubySleet #Springtail #HappyDoor #JSE #SparklingPisces #HttpTroy #VSCode #T1059.003 #T1005 #T1041 #T1113 #T1071.001 #T1056.001 #T1027 #T1566.001 #T1547.001 #T1053.005 #T1059.001 #T1105 #T1219 #T1543.003
2026-05-14 • Krypt3ia

Krypt3ia assesses that enterprise AI systems are becoming high-value operational infrastructure because they ingest sensitive data, connect to internal workflows, and increasingly act with delegated authority. The North Korea-focused section argues that D…

#Trend
2026-05-12 • nambrot

An attacker attributed by LayerZero to the DPRK drained about $292 million in rsETH from KelpDAO's LayerZero-powered OFT bridge on April 18, 2026. The excerpt says the attacker compromised Unichain RPC infrastructure used by LayerZero Labs' Gasolina DVN s…

#KelpDAO
2026-05-11 • meowmfer

A suspected DPRK IT worker allegedly gained employment at THORSwap and submitted eight pull requests to the official swapkit/SwapKit repository between July and September 2024, with at least three merged. The merged PRs changed wallet integration code for…

#ITWorker
2026-05-09 • Layer Zero

LayerZero said the Lazarus Group attacked internal RPCs used by the LayerZero Labs DVN and poisoned their source of truth while an external RPC provider was simultaneously DDoS’d. The protocol itself was described as unaffected, but the incident impacted …

#Lazarus #KelpDAO