The Containment Era is here. →Explore

aviatrix logoAviatrix
Under Active Attack
Industry Category

Cybersecurity

Breach intelligence, attack campaigns, and threat reports targeting the Cybersecurity sector.

3 threat reports
Page 1 of 1

Explore Other Sectors

Accounting
Aerospace/Aviation
Agriculture
Airlines/Aviation
Animation
Apparel/Fashion
Architecture/Planning
Artificial Intelligence
Artificial Intelligence/Machine Learning
Arts/Crafts
Automotive
Aviation/Aerospace
Banking/Mortgage
Biotechnology/Greentech
Blockchain/Cryptocurrency
Broadcast Media
Broadcasting Media
Broadcasting/Media
Building Materials
Business Supplies/Equipment
Capital Markets/Hedge Fund/Private Equity
Chemical
Chemicals
Civic/Social Organization
Civil Engineering
Cloud Computing
Cloud Computing/SaaS
Cloud Services
Commercial Facilities
Commercial Real Estate
Computer Games
Computer Hardware
Computer Networking
Computer Software/Engineering
Computer/Network Security
Construction
Consulting
Consumer Electronics
Consumer Goods
Consumer Services
Cosmetics
Cosmetics
Critical Manufacturing
Cryptocurrencies
Customer Services
Cybersecurity
Dairy
Dating/Personal Services
Defense/Space
Design
E-Learning
Education Management
Electrical/Electronic Manufacturing
Emergency Services
Energy
Energy/Oil/Solar/Greentech
Entertainment/Movie Production
Environmental Services
Events Services
Facilities Services
Farming
Fashion/Apparel
Financial Services
Fine Art
Fishery
Food Production
Food/Beverages
Fortune 500 companies
Franchising
Fundraising
Gambling/Casinos
Gaming
Gaming/Casinos
Government Administration
Government Facilities
Government Relations
Graphic Design/Web Design
Health Care / Life Sciences
Higher Education/Acadamia
Hospitality
Human Resources/HR
Import/Export
Individual/Family Services
Industrial Automation
Information Services
Information Technology/IT
Insurance
International Affairs
International Trade/Development
Internet
Investment Banking/Venture
Investment Management/Hedge Fund/Private Equity
Judiciary
Law Enforcement
Law Practice/Law Firms
Legal Services
Legislative Office
Leisure/Travel
Logistics/Procurement
Luxury Goods/Jewelry
Machinery
Management Consulting
Manufacturing
Maritime
Marketing/Advertising/Sales
Mechanical or Industrial Engineering
Media Production
Medical Equipment
Medical Practice
Military Industry
Mining/Metals
Mobile
Museums/Institutions
Music
Newspapers/Journalism
Non-Profit/Volunteering
Oil/Energy/Solar/Greentech
Online Publishing
Outsourcing/Offshoring
Package/Freight Delivery
Parking
Pharmaceuticals
Philanthropy
Photography
Plastics
Political Organization
Primary/Secondary Education
Professional Training
Public Relations/PR
Public Safety
Publishing Industry
Railroad Manufacture
Real Estate/Mortgage
Recreational Facilities/Services
Religious Institutions
Renewables/Environment
Research Industry
Restaurants
Retail Industry
Robotics
Rural Healthcare
Security/Investigations
Semiconductors
Sporting Goods
Sports
Staffing/Recruiting
Supermarkets
Technology
Technology/IT
Telecommunications
Think Tanks
Toys and Games
Transportation
Travel/Tourism
Trucking/Freight
Utilities
Venture Capital/VC
Warehousing
Water and Wastewater
Water and Wastewater Systems
Water and Wastewater Treatment
Water, Waste, Steam, and Air Conditioning Services
Water/Wastewater Management
Water/Wastewater/Utilities
Wholesale
Wireless

Cybersecurity Threat Reports

Showing 13 / 3 reports
GlassWorm Malware: A 2026 Supply Chain Attack on Developer Ecosystems
Impact· HIGH
Computer Software/Engineering

GlassWorm Malware: A 2026 Supply Chain Attack on Developer Ecosystems

In early 2026, the GlassWorm malware resurfaced, compromising the Open VSX Registry by infiltrating trusted developer accounts. Attackers published malicious updates to widely used VS Code extensions, embedding loaders that executed encrypted payloads to steal sensitive information, including developer credentials and cryptocurrency wallets. The malware employed advanced evasion techniques, such as using invisible Unicode characters and leveraging the Solana blockchain for command-and-control communication, making detection and mitigation challenging. This incident underscores the escalating sophistication of supply chain attacks targeting developer ecosystems. The use of decentralized infrastructures and obfuscation methods highlights the need for enhanced vigilance and security measures within software development communities to prevent similar breaches.

3 months ago

Kill Chain

IC
Initial Compromise(high)
PE
Privilege Escalation(high)
LM
Lateral Movement(high)
C&C
Command & Control(high)
E
Exfiltration(high)
I
Impact(high)
Read Report
Malicious Next.js Repositories Exploit Developers via Fake Job Interviews
Impact· HIGH
Computer Software/Engineering

Malicious Next.js Repositories Exploit Developers via Fake Job Interviews

In February 2026, a sophisticated cyberattack campaign was identified targeting software developers through malicious Next.js repositories. Attackers, linked to North Korean state-sponsored groups, posed as recruiters offering fake job interviews. They lured developers into cloning and executing compromised repositories, leading to remote code execution and establishing persistent command-and-control channels on infected machines. This method allowed attackers to access sensitive assets such as source code, environment secrets, and cloud resources. ([darkreading.com](https://www.darkreading.com/cyberattacks-data-breaches/malicious-nextjs-repos-developers-fake-job-interviews?utm_source=openai)) This incident underscores a growing trend of targeting developers through social engineering tactics, exploiting routine workflows to infiltrate development environments. The use of legitimate platforms like Next.js and GitHub in these attacks highlights the need for heightened vigilance and robust security measures within the software development community. ([microsoft.com](https://www.microsoft.com/en-us/security/blog/2026/02/24/c2-developer-targeting-campaign/?utm_source=openai))

4 months ago

Kill Chain

IC
Initial Compromise(high)
PE
Privilege Escalation(medium)
LM
Lateral Movement(medium)
C&C
Command & Control(high)
E
Exfiltration(medium)
I
Impact(low)
Read Report
Rogue NuGet Impersonates Tracer.Fody, Orchestrates Multi-Year Crypto Wallet Theft
Impact· medium
Computer Software/Engineering

Rogue NuGet Impersonates Tracer.Fody, Orchestrates Multi-Year Crypto Wallet Theft

Between February 2020 and December 2025, a malicious NuGet package named "Tracer.Fody.NLog" posed as the legitimate .NET tracing library, Tracer.Fody, and was covertly distributed via typosquatting and mimicking developer identities. The package, uploaded by a threat actor under the handle "csnemess," evaded detection for almost six years, collecting over 2,000 downloads. Instead of offering legitimate functionality, this package deployed a wallet stealer: scanning the default Stratis wallet directory on Windows systems, exfiltrating wallet data and passwords to threat actor infrastructure hosted in Russia, with attackers leveraging crafted code and hidden routines to bypass superficial code reviews. The prolonged success of this attack underscores the persistent risk supply chain threats pose to open-source ecosystems, especially for developer tools and libraries. It highlights attackers’ sophistication in mimicking trusted maintainers, the difficulty of detecting such manipulation, and ongoing regulatory and security pressures to improve package repository hygiene and detection.

5 months ago

Kill Chain

IC
Initial Compromise(high)
PE
Privilege Escalation(medium)
LM
Lateral Movement(low)
C&C
Command & Control(high)
E
Exfiltration(high)
I
Impact(medium)
Read Report
[ INCIDENT RESPONSE // UNDER ATTACK? ]

Stop Active Cloud Data Exfiltration

Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.

Under Attack

Looking for threats in a different sector?

Browse All Threat Reports