Threat Analyst
Artem specializes in analyzing large-scale data breaches and social engineering methods. He believes that the primary vulnerability in any system isn't code-it's human behavior. In his articles, he deconstructs complex cybercriminal schemes and transforms them into actionable security guidelines.
Hijacked maintainer account pushed two poisoned Axios versions to npm, delivering a cross-platform RAT to macOS, Windows, and Linux. The library has 100 million weekly downloads. Both versions have been …
Read more →
A denial-of-service bug patched five months ago turned out to be unauthenticated RCE with CVSS 9.8. F5 confirmed nation-state exploitation of CVE-2025-53521 in BIG-IP APM, and CISA gave federal agencies …
Read more →
Blockchain forensics analysts traced the $625 million Ronin bridge hack to North Korea's Lazarus Group. A breakdown of timing correlation, address clustering, and the exchange records that connected 12,000 addresses …
Read more →
Three days after LiteLLM, TeamPCP hit the Telnyx Python SDK on PyPI. Malicious versions 4.87.1 and 4.87.2 hid a credential stealer inside WAV audio files. The RSA-4096 key is byte-for-byte …
Read more →
Eight days after a $10 million bounty, Iran-linked Handala published 300+ emails and photos from FBI Director Patel's Gmail. The FBI called the data "historical." Metadata shows the breach predates …
Read more →
One compromised AWS key, 80 million unbacked stablecoins, $23 million extracted in minutes. The Resolv protocol had 18 security audits. None examined whether a single off-chain key could authorize unlimited …
Read more →
A CVSS 10.0 path traversal in ORY Oathkeeper bypasses all three layers of access control at once. Squid 7.5 patches a heap use-after-free in ICP handling, and a 12-year-old Perl …
Read more →
Two CVSS 9.4 vulnerabilities turn n8n workflow nodes into remote code execution vectors. AlaSQL sandbox escape in the Merge node and prototype pollution in GSuiteAdmin/XML nodes both allow authenticated attackers …
Read more →
Open a project folder in VS Code, click "Trust," and North Korean malware executes instantly. Sophos documents how NICKEL ALLEY weaponised tasks.json to target crypto and Web3 developers through fake …
Read more →
Twenty-one Apple CVEs across every platform in active support, including two macOS sandbox escapes and a Stolen Device Protection bypass. Cisco's semiannual IOS XE bundle adds three unauthenticated DoS flaws. …
Read more →
Third memory overread in NetScaler in three years. CVE-2026-3055 (CVSS 9.3) leaks session tokens from appliances configured as SAML IDP. The two predecessors, CitrixBleed and CitrixBleed2, both led to ransomware. …
Read more →
Stolen Trivy credentials gave TeamPCP a PyPI publishing token for LiteLLM, the most popular LLM proxy in Python. Malicious versions ran on every Python process, not just LiteLLM imports, exfiltrating …
Read more →