All news in category “Incidents and Data Breaches”

🔒 The LiteLLM PyPI package was compromised by the TeamPCP group, which pushed malicious releases (1.82.7 and 1.82.8) that execute a hidden payload on import. Version 1.82.8 also installed a litellm_init.pth so the code runs at Python interpreter startup. The payload deploys a credential stealer, establishes persistence, and exfiltrates encrypted archives to attacker infrastructure. Users should immediately check installations and rotate secrets.

🔔 Unit 42 reports a targeted phishing campaign where attackers impersonate Palo Alto Networks talent acquisition staff to lure senior professionals. Adversaries use scraped LinkedIn data, company logos, and look-alike email domains to claim candidates’ resumes fail applicant tracking systems and pressure them into paid 'ATS alignment' services. Recipients are advised to verify sender domains, refuse payment requests, avoid suspicious attachments, and report incidents to corporate security and Unit 42 for assistance.

⚠️ Security researchers report that TeamPCP published backdoored litellm packages (v1.82.7 and v1.82.8) to PyPI on March 24, 2026, likely leveraging a Trivy compromise in the project's CI/CD. The malicious wheels included a three-stage payload: a credential harvester, a Kubernetes lateral-movement toolkit, and a persistent systemd backdoor executed at import or interpreter startup. Vendors removed the tainted releases and urge immediate audits, isolation of affected hosts, credential rotation, and inspection of Kubernetes clusters for rogue pods and persistence.

⚠️ A large-scale malvertising campaign since January 2026 uses Google Ads to deliver rogue installers for ConnectWise ScreenConnect, ultimately installing a BYOVD EDR killer named HwAudKiller that disables security tools. The actor stacks commercial cloaking services (Adspect and JustCloakIt) and abuses a legitimately signed Huawei audio driver to terminate AV processes from kernel mode. Huntress observed over 60 malicious ScreenConnect sessions and multiple RMM backdoors, indicating pre-ransomware or initial access broker behavior.

📄 A targeted phishing campaign leverages fake French-language resumes containing heavily obfuscated Visual Basic Script droppers to steal enterprise credentials and deploy a Monero miner. The operation, tracked as FAUX#ELEVATE by Securonix, abuses legitimate services including Dropbox, compromised WordPress sites in Morocco for C2 configuration, and mail[.]ru SMTP accounts for exfiltration. The dropper uses sandbox-evasion techniques, a domain-join gate, and a persistent UAC loop to obtain admin privileges, disable defenses and execute its multi-stage toolkit rapidly.

🦊 Sekoia has identified a series of Silver Fox campaigns from 2025–2026 that blend espionage and financially motivated cybercrime. Attackers used tax- and payroll-themed phishing lures, SEO poisoning and malicious ads to deliver tools such as ValleyRAT, HoldingHands and a custom Python credential stealer disguised as a WhatsApp app. Targets included organizations across Taiwan, Japan and multiple Southeast Asian countries. Researchers say the group’s modular approach enables rapid tool changes while preserving persistence in compromised networks.

🔍 Security researchers at ReversingLabs uncovered a malicious npm campaign, dubbed the 'Ghost campaign', that uses fabricated installation logs to conceal downloader behavior. Malicious packages impersonate legitimate installs—displaying fake dependency downloads, progress bars and random delays—and prompt users for their sudo password under false pretenses. That credential is then used to fetch and execute a final-stage remote access trojan capable of stealing crypto wallets and sensitive data; researchers advise verifying package authors, monitoring install scripts and avoiding sudo prompts during installs.

🔒 HackerOne is notifying employees that their personal data was exposed after a compromise of benefits administrator Navia. The company reported a Broken Object Level Authorization (BOLA) vulnerability allowed an unknown actor to access Navia records between December 22, 2025 and January 15, 2026, affecting 287 employees. Exposed fields include Social Security numbers, names, contact details, dates of birth, and plan enrollment information. HackerOne advised monitoring accounts, changing passwords tied to exposed data, and using the 12‑month identity protection and credit monitoring Navia is offering.

🔒 Infinite Campus warned customers of a data breach following an extortion claim from a threat actor who said they accessed an employee's Salesforce account. The company says the exposed information appears to be primarily public directory data for school staff and that no customer databases were accessed. Infinite Campus declined to engage with the attacker and has disabled certain customer-facing services while scanning potentially affected records and notifying impacted districts.

🔒 A Russian national, 26-year-old Aleksey Olegovich Volkov (aliases "chubaka.kor" and "nets"), was sentenced to 81 months in U.S. federal prison after pleading guilty to acting as an initial access broker for the Yanluowang ransomware operation. Between July 2021 and November 2022 he sold corporate network access to at least eight U.S. companies, enabling affiliates to deploy ransomware and demand payments. The FBI recovered chat logs, stolen data, victim credentials, and evidence of ransom negotiations after seizing a server tied to the gang, and traced Volkov through Apple iCloud, cryptocurrency exchange records, and social media. He was arrested in Italy in January 2024, extradited to the U.S., and ordered to pay over $9.16 million in restitution and forfeit equipment used in the crimes.

🛡️ The Dutch Ministry of Finance confirmed unauthorized access to some of its systems after being notified by a third party on March 19. ICT security detected the intrusion and access to affected systems has been blocked while an investigation is ongoing. The incident disrupted work for a portion of employees but, the ministry says, did not affect systems that manage tax collection, customs, or income-linked subsidies. Officials have not disclosed the number of employees impacted, whether data was stolen, or an attribution for the attack.

🛡️Security researchers at ReversingLabs have uncovered a set of malicious npm packages published by user mikilanjillo that phish for sudo credentials and deploy a multi-stage downloader to steal cryptocurrency wallets and other sensitive data. The packages display fake npm install logs and inject delays to mask their actions, then prompt for elevated privileges to retrieve a remote payload via Telegram. The final stage installs a remote access trojan capable of harvesting browser credentials, wallets, SSH keys, and developer tokens.

🔐 NTT Security warns of a newly disclosed malware strain called StoatWaffle that automatically executes when developers open and trust weaponized Visual Studio Code folders. The threat leverages a crafted .vscode/tasks.json with a runOn: folderOpen setting to trigger a Node.js-based loader, credential stealer and RAT without explicit user action. Operators attributed to WaterPlum are evolving the long-running Contagious Interview campaign to target developer workflows and toolchains.

🔒 Aleksei Volkov, a Russian initial access broker tied to dozens of ransomware incidents that produced more than $9m in documented victim losses, has been sentenced to 81 months in a US federal prison. He pleaded guilty to offenses including trafficking in access information, access device fraud and aggravated identity theft. Volkov was linked to Yanluowang and other cybercrime groups, and has agreed to pay at least $9.2m in restitution.

🛡️ The FBI has attributed a sustained campaign of targeted malware and hack-and-leak operations to the Iranian-linked threat actor Handala, noting activity against dissidents, journalists and opposition groups dating to autumn 2023. The group claimed responsibility for a wiper attack on US medtech firm Stryker and used a multi-stage payload that disguises itself as legitimate Windows applications. Investigators observed social engineering lures, PowerShell-based evasion, and a Telegram-based command-and-control channel enabling remote access and data exfiltration, and urged standard hardening and reporting measures.

🔒 Two GitHub Actions maintained by Checkmarx — ast-github-action and kics-github-action — were compromised by the credential-stealing operation TeamPCP. The malware harvests CI and cloud credentials and exfiltrates encrypted archives named tpcp.tar.gz to a vendor-typosquat domain. Actors also create a fallback repository (docs-tpcp) using stolen GITHUB_TOKENs and have trojanized Open VSX extensions. Organizations are advised to rotate secrets, audit runner logs, and pin Actions to full commit SHAs.

🔒 Aleksei Olegovich Volkov, a 26-year-old Russian national, was sentenced in the U.S. to 81 months in prison after pleading guilty to facilitating dozens of ransomware attacks as an initial access broker. Authorities say he helped breach networks and sell access to ransomware groups, resulting in over $9 million in actual losses and more than $24 million in intended losses. He was arrested in Italy in January 2024, extradited to the U.S., and agreed to pay restitution and forfeit tools used in the crimes.

🔒 Mazda Motor Corporation disclosed unauthorized access to a warehouse management system used for parts procured from Thailand, affecting 692 records containing employee and business partner information. The exposed data types included user IDs, full names, email addresses, company names and business partner IDs, and Mazda says no customer data was involved. The company reported the incident to the Personal Information Protection Commission and implemented security patches, reduced internet exposure, increased monitoring and stricter access controls while investigating with external specialists.

🔁 Tycoon2FA, a phishing-as-a-service platform disrupted by Europol and Microsoft on March 4, has returned to pre-takedown activity levels within days. CrowdStrike observed a brief decline to about 25% of normal volumes on March 4–5, 2026, before activity rebounded and cloud compromise remediations returned to early-2026 levels. The service continues to use similar TTPs targeting Microsoft 365 and Gmail, exploiting redirection, URL shorteners, and compromised domains. CrowdStrike warns that without arrests or physical seizures, operators can quickly recover and replace impacted infrastructure.

🧨 The TeamPCP group is deploying a geopolitically targeted wiper that seeks out Iranian systems and either destroys host data or implants a persistent backdoor on Kubernetes nodes. Aikido researchers link the campaign to the earlier CanisterWorm and Trivy supply-chain incidents, noting identical C2 infrastructure and the same /tmp/pglog drop path. When Iran indicators (timezone/locale) and Kubernetes are detected, the malware creates a privileged DaemonSet named Host-provisioner-iran that mounts the host root and runs Alpine containers called "kamikaze" to delete top-level directories and force a reboot. If Kubernetes is present but the host is not identified as Iranian, it deploys host-provisioner-std to write a Python backdoor and install it as a systemd service; variants also propagate via SSH or unauthenticated Docker APIs.