NICKEL TAPESTRY expands fraudulent worker operations
The North Korean IT worker scheme grows to include organizations in Europe and Asia and industries beyond the technology sector
Similar Posts
New MacSync macOS Stealer Uses Signed App to Bypass Apple Gatekeeper
Bys sCybersecurity researchers have discovered a new variant of a macOS information stealer called MacSync that’s delivered by means of a digitally signed, notarized Swift application masquerading as a messaging app installer to bypass Apple’s Gatekeeper checks. “Unlike earlier MacSync Stealer variants that primarily rely on drag-to-terminal or ClickFix-style techniques, this sample adopts a more
Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
Bys sA China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver. Forescout Vedere Labs, in a report published today, said it uncovered a malicious infrastructure likely associated with the hacking group weaponizing CVE-2025-31324 (CVSS score: 10.0) since April 29, 2025. CVE-2025-31324 refers to a critical SAP NetWeaver…
GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites
Bys sThe malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress. The cybersecurity company said it observed three GootLoader infections since October 27, 2025, out of which two resulted in hands-on keyboard intrusions with domain controller compromise taking place within 17 hours…
Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks
Bys sApple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the wild. The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300, resides in the ImageIO framework that could result in memory corruption when processing a malicious image. “Apple is aware of a…
Jaguar Land Rover issues update on job safety after cyber attack
Bys sJames Rodger reports: Jaguar Land Rover has issued an update on job security in the wake of the crippling cyber attack. JLR has extended its production shut down in the wake of the cyber attack, with the Birmingham car giant hit by a debilitating cyber security incident last month. JLR said: “Today we have informed colleagues,……
New evidence links long-running hacking group to Indian government
Bys sDaryna Antoniuk reports: Researchers say they have uncovered new evidence linking a long-running threat actor known as Bitter to the Indian government…. In a two-part report released this week, researchers from U.S.-based Proofpoint and Switzerland-based Threatray said their new findings are based on a series of campaigns conducted between October 2024 and April 2025. During this period, Bitter —…