Cybercrime/malcode – Lifeboat News: The Blog

Feb 28
2026

ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks

North Korea-linked ScarCruft’s Ruby Jumper uses Zoho WorkDrive C2 and USB malware to breach air-gapped systems for surveillance.

Feb 27
2026

Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown

Researchers detail Aeternum C2 storing botnet commands on Polygon blockchain, while DSLRoot operates 300 residential proxy devices across U.S.

Feb 27
2026

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

Fake Next.js repos abuse VS Code and npm to run in-memory JavaScript C2; GitLab banned 131 accounts.

Feb 26
2026

Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal sensitive data.

The campaign, discovered by Socket, exfiltrates ASP.NET Identity data, including user accounts, role assignments, and permission mappings, as well as manipulates authorization rules to create persistent backdoors in victim applications.

Feb 25
2026

UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware

Russia-linked UAC-0050 targeted a European financial institution using a spoofed Ukrainian domain to deploy RMS remote access malware.

Feb 25
2026

Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks

Lazarus Group used Medusa ransomware in Middle East and U.S. healthcare attacks, with average $260,000 demands and 366 claimed incidents.

Feb 25
2026

Phishing campaign targets freight and logistics orgs in the US, Europe

A financially motivated threat group dubbed “Diesel Vortex” is stealing credentials from freight and logistics operators in the U.S. and Europe in phishing attacks using 52 domains.

In a campaign that has been running since September 2025, the threat actor has stolen 1,649 unique credentials from platforms and service providers critical in the freight industry.

Some of the Diesel Vortex victims include DAT Truckstop, TIMOCOM, Teleroute, Penske Logistics, Girteka, and Electronic Funds Source (EFS).

Feb 25
2026

1Campaign platform helps malicious Google ads evade detection

A newly identified cybercrime service known as 1Campaign is enabling threat actors to run malicious Google Ads that remain online for extended periods while evading scrutiny from security researchers.

1Campaign is a cloaking service that passes Google’s screening process and shows malicious content only to real potential victims. Security researchers and automated scanners are served benign white pages.

The operation has been active for at least three years and is managed by a developer using the name ‘DuppyMeister,’ according to a report from data security company Varonis.

Feb 25
2026

CarGurus data breach exposes information of 12.4 million accounts

The ShinyHunters extortion group has published personal information in more than 12 million records allegedly stolen from CarGurus, a U.S.-based digital auto platform.

Feb 24
2026

Securing the Cyber Supply Chain in an AI Era

Supply chain attacks are now a top cyber threat—SolarWinds and Colonial Pipeline showed how one weak link can cascade across entire sectors.

In my latest article, I examine how AI, 5G, IoT, and quantum computing are expanding both risks and defenses, and share practical steps: zero trust, SBOMs, supplier audits, public-private collaboration, and board-level ownership.

Cyber supply chain security is no longer optional—it’s essential for resilience, innovation, and national security.

Read the full piece: The Cybersecurity Challenges of the Supply Chain https://www.govconwire.com/articles/chuck-brooks-govcon-expe…hain-risks.

#cybersecurity #technology #supplychain

By Chuck Brooks, president of Brooks Consulting International and one of Executive Mosaic’s GovCon Experts

Continue reading “Securing the Cyber Supply Chain in an AI Era” | >