X-Industry

Infostealers targeting macOS have continued to proliferate over the last two years, with threat actors iterating on successful techniques across related malware families. Researchers at Moonlock, Jamf, and Malwarebytes have previously documented the rise of SHub Stealer, including its use of fake application installers and “ClickFix” social engineering.  SentinelOne recently observed a new SHub variant using the build tag “Reaper.”  Below is their great analysis.

Reaper uses fake WeChat and Miro

In 2026, the question for security leaders is not whether a supply chain attack is coming.  Every serious organization should assume it is.  The question is whether their defense architecture can stop a payload it has never seen before.  It is a question that takes on even more critical implications at a time when trusted agentic automation increasingly becomes the norm.

In three weeks this spring, three threat actors each ran a tier-1 supply-chain attack against widely deployed software: LiteLL

Sentinel Labs has provided yet another great report on: Building an Adversarial Consensus Engine / Multi-Agent LLMs for Automated Malware Analysis.  Large Language Models can perform static malware analysis, but individual tool runs produce unreliable results contaminated by decompiler artifacts, dead code, and hallucinated capabilities.[1]

Researchers built a multi-agent architecture for reversing macOS malware that treats each reverse engineering tool (radare2, Ghidra, Binary Ninja, IDA Pro) a

On 24 March 2026, two versions of the litellm Python package on PyPI were found to contain malicious code.  The packages (versions 1.82.7 and 1.82.8) were published by a threat actor known as TeamPCP after they obtained the maintainer's PyPI credentials through a prior compromise of Trivy, an open source security scanner used in litellm's CI/CD pipeline.

The malicious versions were available for approximately three hours before PyPI quarantined the package. litellm is downloaded roughly 3.4 mill

Throughout early 2026, SentinelOne’s® Digital Forensics & Incident Response (DFIR) team has responded to several incidents in which FortiGate Next-Generation Firewalls (NGFW) have been compromised to establish a foothold in the targeted environment.  Each incident was detected and stopped during the lateral movement phase of the attack.  Fortinet disclosed and issued patches for several high-severity vulnerabilities, allowing unauthorized access during our investigation period.  Successful explo

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t