Tag
CrowdStrike 2026 Technology Threat Landscape Report: China's Ambitions Fuel Attacks
2 rules 6 TTPsThe CrowdStrike 2026 Technology Threat Landscape Report highlights the pervasive targeting of the technology sector by China-nexus and eCrime adversaries, employing tactics like password spraying, vulnerability exploitation, supply chain compromises (e.g., Axios npm package, GitHub repositories), and malware distribution (macOS info stealers via OpenClaw lures) to achieve intelligence collection, intellectual property theft, and financial extortion.
You do surprise me.exe: Unexpected Crypto-Miner in Hola Browser
3 rules 5 TTPs 4 IOCsSophos X-Ops discovered that Hola Browser version 1.251.91.0 was distributed with an undeclared crypto-mining executable, me.exe, due to a supply chain compromise, leading to resource hijacking on affected Windows systems.
Arcane Git Repository Authentication Bypass Leads to Credential Exfiltration and GitOps Tampering (CVE-2026-45625)
2 rules 5 TTPs 1 IOCArcane's REST API lacks proper admin authorization checks on Git repository management endpoints, allowing any authenticated user to exfiltrate stored Git credentials and tamper with GitOps configurations by redirecting credential requests to an attacker-controlled host.
Compromised OpenSearch Pre-Release npm Packages in Supply Chain Attack
2 rules 1 TTPMultiple npm and PyPi packages, including OpenSearch pre-release packages, were compromised in a supply chain attack, potentially leading to arbitrary code execution on developer or user systems.
Suspicious Execution from VS Code Extension
2 rules 9 TTPsMalicious VS Code extensions can execute arbitrary commands, leading to initial access and subsequent payload deployment on Windows systems.