APT28’s Operation MacroMaze used macro-laced documents and webhook.site to exfiltrate data across Europe from Sept 2025 to Jan 2026.
Get the latest international news and world events from around the world.
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens
Cybersecurity researchers have disclosed what they say is an active “Shai-Hulud-like” supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft.
The campaign has been codenamed SANDWORM_MODE by supply chain security company Socket. As with prior Shai-Hulud attack waves, the malicious code embedded into the packages comes with capabilities to siphon system information, access tokens, environment secrets, and API keys from developer environments and automatically propagate by abusing stolen npm and GitHub identities to extend its reach.
“The sample retains Shai-Hulud hallmarks and adds GitHub API exfiltration with DNS fallback, hook-based persistence, SSH propagation fallback, MCP server injection with embedded prompt injection targeting AI coding assistants, and LLM API Key harvesting,” the company said.
AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries
With Fortinet appliances becoming an attractive target for threat actors, it’s essential that organizations ensure management interfaces are not exposed to the internet, change default and common credentials, rotate SSL-VPN user credentials, implement multi-factor authentication for administrative and VPN access, and audit for unauthorized administrative accounts or connections.
It’s also recommended to isolate backup servers from general network access, ensure all software programs are up-to-date, and monitor for unintended network exposure.
“As we expect this trend to continue in 2026, organizations should anticipate that AI-augmented threat activity will continue to grow in volume from both skilled and unskilled adversaries,” Moses said. “Strong defensive fundamentals remain the most effective countermeasure: patch management for perimeter devices, credential hygiene, network segmentation, and robust detection for post-exploitation indicators.”
Predator spyware hooks iOS SpringBoard to hide mic, camera activity
Intellexa’s Predator spyware can hide iOS recording indicators while secretly streaming camera and microphone feeds to its operators.
The malware does not exploit any iOS vulnerability but leverages previously obtained kernel-level access to hijack system indicators that would otherwise expose its surveillance operation.
Apple introduced recording indicators on the status bar in iOS 14 to alert users when the camera or microphone is in use, displaying a green or an orange dot, respectively.
Android mental health apps with 14.7M installs filled with security flaws
Several mental health mobile apps with millions of downloads on Google Play contain security vulnerabilities that could expose users’ sensitive medical information.
In one of the apps, security researchers discovered more than 85 medium-and high-severity vulnerabilities that could be exploited to compromise users’ therapy data and privacy.
Some of the products are AI companions designed to help people suffering from clinical depression, multiple forms of anxiety, panic attacks, stress, and bipolar disorder.
Spain arrests suspected hacktivists for DDoSing govt sites
Spanish authorities have arrested four alleged members of a hacktivist group believed to have carried out cyberattacks targeting government ministries, political parties, and various public institutions.
The group, which called itself “Anonymous Fénix” and claimed they were affiliated with the Anonymous hacker collective, conducted distributed denial-of-service (DDoS) attacks against targets in Spain and several South American countries, according to the Spanish Civil Guard.
The first attacks occurred in April 2023 and peaked after the flash floods that struck Valencia in late October 2024, when the group’s members attacked multiple government websites, claiming Spanish authorities were responsible for the deaths and destruction caused by the storm.
Microsoft says bug in classic Outlook hides the mouse pointer
Microsoft is investigating a known issue that causes the mouse pointer to disappear in the classic Outlook desktop email client for some users.
This bug has been acknowledged almost two months after the first reports started surfacing online, with users saying that Outlook became unusable after the mouse pointer vanished while using the app.
“My mouse just stopped being visible while I am using Outlook, and this is very, very, frustrating because my permission wasn’t given to make these changes, and now I can’t find anything, can’t open emails, can’t copy and paste, and the list goes on and on,” one customer noted.
Connecting two opposite realities: How one heavy particle can reshape an entire Quantum world
Physicists have earlier debated about exotic electrons or atoms interacting with large numbers of surrounding particles. In terms of the Quasiparticle Model, a single particle travels through a sea of fermions, which include electrons, protons, or neutrons, and interacts persistently with its neighbours, according to a report in the SciTech daily.
When the particles travel, they attract neighbouring particles surrounded with it, forming an entity identified as a Fermi polaron. In fact, it reflects the coordinated motion of the impurity and the particles near it. A doctoral candidate at Heidelberg University’s Institute for Theoretical Physics, Eugen Dizer, explained that this idea has become vital for strongly interacting systems that range from ultracold atomic gases to solid materials and even nuclear matter.