Security Boulevard

SmartApeSG Launches Okendo Reviews Supply Chain Attack

IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...
techtimes

SVG Phishing Emails Bypass Email Security: SANS Flags New MIME-Type Evasion

A fresh wave of phishing emails is exploiting a blind spot in enterprise email security tools — one that most organizations have not closed — by disguising executable JavaScript inside SVG image files ...
GitHub

PolinRider / DEV#POPPER — Verification & Reusable Sandbox Technique

Prior work — please read and cite these first. The original attribution of this campaign belongs to the research teams below. This repo is a cross-validation and methodology contribution, not original ...
Windows Report

Axios Hack Bypasses GitHub Protections and Installs Hidden Malware on Systems

The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through malicious npm releases. Security researchers from StepSecurity identified ...
Infosecurity-magazine.com

New BeaverTail Malware Variant Linked to Lazarus Group

A newly observed variant of the BeaverTail malware has been tied to hackers associated with North Korea. The findings come from Darktrace’s latest The State of Cybersecurity report, which links ...
Bleeping Computer

GhostPoster attacks hide malicious JavaScript in Firefox addon logos

A new campaign dubbed 'GhostPoster' is hiding JavaScript code in the image logo of malicious Firefox extensions with more than 50,000 downloads, to monitor browser activity and plant a backdoor. The ...
Coingape

Bitwise XRP ETF Moves Closer to Launch as Firm Submits Final S-1 Filing

CoinGape has covered the cryptocurrency industry since 2017, aiming to provide informative insights to our readers. Our journal analysts bring years of experience in market analysis and blockchain ...
CSOonline

North Korean threat actors turn blockchains into malware delivery servers

‘EtherHiding’: Nation-state and cybercriminal groups are leveraging smart contracts as command-and-control servers for deliveing malicious payloads hidden on blockchains. Nation-state threat actors ...
CSOonline

How phishers are weaponizing SVG images in zero-click, evasive campaigns

Threat actors are shifting from conventional phishing tricks, which used malicious links and document macros, to benign-looking image files embedded with stealthy browser redirects. According to an ...
Infosecurity-magazine.com

Threat Actors Exploit SVG Files in Stealthy JavaScript Redirects

A new phishing campaign leveraging SVG files to deliver JavaScript-based redirect attacks has been uncovered by cybersecurity researchers. The attack utilizes seemingly benign image files to conceal ...
SecurityWeek

Threat Actors Use SVG Smuggling for Browser-Native Redirection

Ontinue warns of a newly observed phishing campaign leveraging Scalable Vector Graphics (SVG) files in redirect attacks that evade traditional detection. While considered harmless image formats, SVG ...
Bleeping Computer

Tycoon2FA phishing kit targets Microsoft 365 with new tricks

Phishing-as-a-service (PhaaS) platform Tycoon2FA, known for bypassing multi-factor authentication on Microsoft 365 and Gmail accounts, has received updates that improve its stealth and evasion ...