Credential theft, phishing, and fake downloads remain the main path to compromise
Attackers continued to rely on phishing, fake installers, and stolen credentials as their most reliable access methods. Reports covered trojanized Webex, Zoom, and MobaXterm instal
RedHook, LabubaRAT, and other mobile malware families widen Android abuse
Several mobile malware reports this week showed attackers expanding their Android tradecraft. RedHook was observed using Wireless ADB to gain shell access without a computer connec
AsyncAPI npm supply-chain compromise spreads malware through trusted packages
Attackers compromised the AsyncAPI npm organization and injected malicious code into multiple widely used packages, including generator and specs packages with more than two millio

