FISA

Security researchers have uncovered a serious supply chain attack affecting Bitwarden CLI , the command-line version of the popular open-source password manager. The compromised package was published to npm as part of a broader ongoing campaign linked to the threat actor group TeamPCP , previously connected to the Checkmarx supply chain attacks. What Happened? According to application security firm Socket, the affected package version was @bitwarden/cli@2026.4.0 , where malicious code was injected into a file called bw1.js included in the published package. The attackers managed to push this rogue version by exploiting a compromised GitHub Actions workflow within Bitwarden's own CI/CD pipeline, the same attack vector identified in earlier Checkmarx campaign incidents. Security firm JFrog confirmed that the malicious version was designed to steal a wide range of sensitive data, including GitHub and npm authentication tokens, SSH keys, environment files, shell history, GitHub Act...

A significant security incident emerged involving unauthorized access to Anthropic’s highly restricted AI model, Claude Mythos. The model, designed as an advanced cybersecurity tool capable of identifying software vulnerabilities, was intended to be accessible only to a limited number of trusted organizations under a controlled testing initiative. However, reports revealed that a small group of individuals operating through a private Discord community managed to gain access to the system, raising serious concerns about the security and governance of high-risk artificial intelligence technologies. The unauthorized access reportedly occurred on the same day the model was introduced to selected partners. Instead of exploiting a traditional vulnerability in Anthropic’s core infrastructure, the group leveraged weaknesses in a third-party vendor environment connected to the system. By analyzing Anthropic’s existing URL structures and conventions, the attackers were able to guess or discover...

Cybersecurity researchers at Kaspersky have uncovered a previously unknown data wiper malware, dubbed Lotus Wiper , that was used in a targeted destructive campaign against Venezuela's energy and utilities sector in late 2025 and early 2026. What Is a Wiper? Unlike ransomware, which locks data and demands payment, a wiper malware has one purpose: to permanently destroy data and render systems completely inoperable. Notably, Lotus Wiper contains no ransom demands or payment instructions, meaning the attack was not financially motivated, it was purely destructive. How the Attack Unfolded The attack chain begins with two batch scripts that work together to prepare the environment and deploy the wiper payload. The first script attempts to stop a Windows service related to background process alerts, checks for a NETLOGON network share, and retrieves a remote XML file — a step that researchers believe is used to confirm the machine is part of an Active Directory domain before proceed...

Cybersecurity researchers revealed a large-scale compromise linked to the SystemBC malware infrastructure, uncovering a command-and-control server associated with more than 1,570 infected victims worldwide. The activity is tied to a rapidly growing ransomware-as-a-service operation known as “The Gentlemen,” which has emerged as a significant threat actor since mid-2025. The discovery provides rare visibility into the internal scale and operational reach of a modern ransomware ecosystem. SystemBC is a proxy-based malware that plays a critical role in advanced intrusion campaigns by establishing covert communication channels between compromised systems and attacker-controlled infrastructure. It operates by creating SOCKS5 tunnels, allowing attackers to route traffic through infected machines while maintaining anonymity and persistence. The malware communicates with its command-and-control servers using encrypted protocols and is capable of downloading and executing additional payloads d...

  Ukraine’s Computer Emergency Response Team (CERT-UA) disclosed a sophisticated cyber campaign attributed to a threat cluster tracked as UAC-0247. The operation specifically targeted government entities and municipal healthcare institutions, including clinics and emergency hospitals, with the primary objective of stealing sensitive data and establishing persistent access within compromised systems. The campaign was observed between March and April 2026, and its origin remains unknown, raising concerns about ongoing espionage activity. The attack begins with a carefully crafted phishing email, often disguised as a humanitarian aid proposal to exploit trust during wartime conditions. Victims are lured into clicking a link that redirects either to a compromised legitimate website exploiting cross-site scripting vulnerabilities or to a convincingly generated fake website. This initial step is designed to appear credible while initiating the infection chain in a stealthy manner. Once...

In April 2026, a cybersecurity-focused webinar highlighted one of the fastest-growing and often overlooked risks in modern enterprise environments: orphaned non-human identities. The session focused on how organizations can identify, prioritize, and eliminate gaps in identity security, particularly those involving machine-driven accounts such as service accounts, API keys, tokens, and AI agents. The findings presented are based on recent research indicating that even mature identity programs continue to struggle with visibility and control over these identities. Non-human identities represent digital credentials assigned to systems, applications, and automated processes rather than human users. These identities are essential for modern infrastructure, enabling automation across cloud platforms, DevOps pipelines, and AI-driven environments. However, their rapid growth has introduced significant security challenges, as they often outnumber human identities and operate with elevated priv...

 In April 2026, a significant cybersecurity exposure was identified involving more than 25,000 endpoints affected by software distributed by Dragon Boss Solutions. What initially appeared to be a relatively low-risk adware issue quickly escalated into a critical supply chain security concern after researchers discovered a fundamental weakness in the application’s update mechanism. The flaw stemmed from an insecure update infrastructure tied to an unregistered domain, which could have been acquired by any attacker for a minimal cost and used to distribute malicious updates at scale. The affected software, characterized as aggressive adware, was commonly installed through deceptive advertisements or bundled installations, often without the user’s full awareness. Once present on a system, it functioned as a browser hijacker, redirecting user traffic and generating monetization through search manipulation. However, the real risk extended far beyond nuisance-level behavior. The insecur...