SteganoAmor: TA558’s image-hidden malware targets oil, gas & maritime

TA558’s “SteganoAmor” campaign leverages steganography to deliver commodity malware across oil, gas, maritime, and industrial targets. The group’s use of image-embedded payloads and compromised infrastructure...

PoisonSeed: supply-chain phish, seed-phrase theft, MFA bypass

If your bulk email or CRM gets popped, PoisonSeed rides your good reputation straight past filters and users’ instincts. Here’s the fast path to detect and blunt it—without boiling the ocean.

Slopsquatting: AI Hallucinations Fueling a New Class of Software Supply Chain Attacks

Your code assistant invents a “helpful” package; an attacker registers it; your pipeline installs it. As of Aug 27, 2025, this is moving from edge case to repeatable tactic. Here’s how to spot it fast and force your builds to fail-closed.