Mercor’s recruiting platform was breached after attackers slipped malicious code into a published LiteLLM package, turning a widely reused open‑source proxy into a broad data exfiltration channel. The incident — detected and removed from distribution within hours but still exploited — exposed terabytes of sensitive material and has forced immediate, industry‑wide dependency audits and credential […]
CareCloud disclosed a March 16, 2026 intrusion that specifically hit its cloud-based EHR environment; the company said it contained the incident the same day, filed a Form 8‑K with the SEC, and is still investigating the scope of exposed patient records. Providers who run clinical workflows on that EHR face operational choices now — from […]
Infiniti Stealer is a recently documented macOS infostealer that relies on a fake CAPTCHA (the ClickFix technique) and a Nuitka-compiled Python payload to evade detection — it succeeds because it manipulates users, not by exploiting a software vulnerability. How the attack actually reaches a user In observed samples the initial lure is a Cloudflare-style CAPTCHA […]
On March 11, 2026, an Iran-linked group calling itself Handala used compromised Microsoft Entra ID and Intune administrative access to remotely wipe more than 200,000 devices in 79 countries. The incident demonstrates a specific danger: legitimate MDM capabilities can be weaponized through stolen admin credentials, producing destruction without any endpoint malware. How a single admin […]
BlackSanta is a focused, kernel‑level intrusion campaign that has quietly targeted HR teams for more than a year, using resume‑themed ISO files and signed but vulnerable drivers to disable endpoint defenses and siphon sensitive data without triggering normal alerts. What makes BlackSanta different This is not opportunistic commodity malware. BlackSanta combines spear‑phishing aimed at recruitment […]
