Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT
Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access trojan (RAT). The lis…
Massive anti-cybercrime operation leads to over 1,200 arrests in Africa
Law enforcement authorities in Africa have arrested over 1,200 suspects as part of ‘Operation Serengeti 2.0,’ an INTERPOL-led…
MCP vulnerability case study: SQL injection in the Postgres MCP server
Key points and observations We found a SQL injection vulnerability in Anthropic’s reference Postgres MCP server that allowed us to…
Enumerating AWS the quiet way: CloudTrail-free discovery with Resource Explorer
As security researchers, we strive to ideate, identify, and document new methods of attacking cloud services and resources. We build…
Datadog threat roundup: Top insights for Q2 2025
As a leading provider in observability and cloud security, Datadog has unique insight into threat actor behavior that targets cloud…
Vulnerabilities Identified in Dahua Hero C1 Smart Cameras
Whitepapers IoT Research min read Vulnerabilities Identified in Dahua Hero C1 Smart Cameras Bitdefender July 30, 2025 Promo Protect all your…
Backdoors & Breaches gameplay guide
At DASH 2025, we released a Datadog expansion pack of Backdoors & Breaches, a popular incident response card game by Black Hills…
Datadog guide to Hacker Summer Camp 2025
Every year in early August, conferences in Las Vegas, Nevada, serve as a gathering of security professionals in a single place. This time of…
Beyond Mimo’lette: Tracking Mimo's Expansion to Magento CMS and Docker
Executive summary Through investigations into a string of workload compromises involving ecommerce sites, the Datadog Security Research team…
I SPy: Escalating to Entra ID's Global Admin with a first-party app
This research was presented at fwd:cloudsec North America on June 30th, 2025. You can find the talk here. Key points Service principals (SPs)…
Kubernetes security fundamentals: PKI
In the previous post in this series, we looked at how Kubernetes network security is implemented. For this post, we’ll explore a topic…
CVE-2025-48384: Git vulnerable to arbitrary file write on non-Windows systems
Update - July 11, 2025: We are making a correction to the Git CLI versions vulnerable to this based on updates to the GitHub advisory around…
The obfuscation game: MUT-9332 targets Solidity developers via malicious VS Code extensions
Key points and observations Datadog Security Research discovered three malicious VS Code extensions that target Solidity developers on…
Tales from the cloud trenches: The Attacker doth persist too much, methinks
As a result of a recent threat hunt, we observed attacker activity originating from a leaked long-term AWS access key (AKIA*). Within a…
Weaponizing Facebook Ads: Inside the Multi-Stage Malware Campaign Exploiting Cryptocurrency Brands
A persistent malvertising campaign is plaguing Facebook, leveraging the reputations of well-known cryptocurrency exchanges to lure victims…
RedisRaider: Weaponizing misconfigured Redis to mine cryptocurrency at scale
Key points and observations Datadog Security Research has discovered a new Linux cryptojacking campaign, named RedisRaider, targeting publicly…
Active Subscription Scam Campaigns Flooding the Internet
Bitdefender researchers have uncovered a surge in subscription scams, both in scale and sophistication, spurred by a massive campaign…
Datadog threat roundup: Top insights for Q1 2025
As a leading provider in observability and cloud security, Datadog has unique insight into threat actor behavior that targets cloud…
Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
Bitdefender's security researchers have identified a large-scale ad fraud campaign that deployed hundreds of malicious apps in the Google Play…
Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam
Bitdefender Labs warns of an active campaign by the North Korea-linked Lazarus Group, targeting organizations by capturing credentials and…
Inside Bitdefender Labs’ Investigation of a Malicious Facebook Ad Campaign Targeting Bitwarden Users
Throughout 2024, Bitdefender Labs has been closely monitoring a series of malvertising campaigns that exploit popular platforms to spread…
Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages
In a world ran by advertising, businesses and organizations are not the only ones using this powerful tool. Cybercriminals have a knack for…
60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States
The electricity grid – the buzzing, crackling marvel that supplies the lifeblood of modernity - is by far the largest structure humanity…
Deep Dive on Supplement Scams: How AI Drives ‘Miracle Cures’ and Sponsored Health-Related Scams on Social Media
Sponsored social media content has become increasingly present on feeds. Sponsored ads can often be beneficial as they are customized to suit…
Unfading Sea Haze: New Espionage Campaign in the South China Sea
Bitdefender researchers investigated a series of incidents at high-level organizations in countries of the South China Sea region, all…
Notes on ThroughTek Kalay Vulnerabilities and Their Impact on the IoT Ecosystem
Since 2014, Bitdefender IoT researchers have been looking into the world's most popular IoT devices, hunting for vulnerabilities and…
Vulnerabilities Identified in LG WebOS
As the creator of the world’s first smart home cybersecurity hub, Bitdefender regularly audits popular IoT hardware for vulnerabilities.…
AI meets next-gen info stealers in social media malvertising campaigns
The impact that AI has on society has steadily crept into the darkest nooks and crannies of the internet. So much so that cybercrooks are…