2025 IT Sector Cyber Threat Report Highlights Evolving Threat Landscape
The IT ISAC report outlines key cyber threat trends targeting the IT sector, emphasizing the role of collaborative intelligence sharing in identifying and mitigating attacks. The report provides insight into threat actors, techniques, and defensive strategies aimed at strengthening resilience across critical infrastructure ecosystems.
Source: IT-ISAC

Fake npm Install Logs Used to Deliver Remote Access Trojans
A campaign linked to North Korea targets developers through fake job interviews and coding tests, distributing malicious npm packages that deploy remote access trojans. The attack leverages social engineering to compromise developer environments and gain persistent access.
Source: ReversingLabs

GhostClaw Campaign Expands to GitHub and AI Workflows
The GhostClaw malware campaign has expanded beyond npm packages to include GitHub repositories and AI based workflows, delivering macOS infostealers. Researchers identified new infection vectors and infrastructure, showing increased sophistication in targeting developers.
Source: Jamf

Tycoon2FA Phishing Platform Quickly Recovers After Law Enforcement Disruption
The Tycoon2FA phishing as a service platform has resumed operations shortly after a coordinated law enforcement takedown. Despite domain seizures and disruption efforts, the service returned to normal activity levels within days, highlighting the resilience of cybercrime infrastructure.
Source: BleepingComputer

Critical Cisco Firewall Vulnerability Actively Exploited in the Wild
A critical remote code execution vulnerability in Cisco Secure Firewall Management Center, tracked as CVE-2026-20131, is being actively exploited. The flaw allows unauthenticated attackers to execute arbitrary code and gain root privileges, prompting urgent remediation actions including inclusion in CISA’s KEV catalog.
Source: Zscaler ThreatLabz