Red teaming—the practice of simulating adversarial attacks to identify AI system vulnerabilities—has transitioned from academic exercise to operational threat. Intelligence indicates that nation-states and sophisticated cybercriminal groups are adopting red teaming methodologies to probe defenses in aviation, customer service, human resources, and sales operations.

Security researchers have uncovered a coordinated campaign by North Korean threat actors using the Contagious Interview framework to distribute malicious VS Code extensions to cryptocurrency developers, finance professionals, and technology workers. The attack leverages fake coding interview tasks that inject malicious code through tasks.

GitHub has disabled multiple Microsoft repositories that were actively distributing IronWorm, a password-stealing malware attributed to threat actors Miasma and Shai-Hulud. The campaign targeted developers and organizations in AI/ML and cloud computing sectors through compromised repository infrastructure.

The threat actor group ShinyHunters has successfully compromised a French government messaging service through account hijacking attacks. This breach of public sector communications infrastructure exposes the vulnerability of authentication mechanisms protecting sensitive government operations.

Threat researchers have identified UNC3753 conducting a coordinated data theft and extortion campaign against U.S. financial services, legal services, and professional service firms. The group combines vishing attacks with physical intrusions to gain initial access, then deploys remote access tools including AnyDesk, Bomgar, Zoho Assist, and SuperOps RMM to establish persistence.

A new phishing campaign is distributing malicious SVG (Scalable Vector Graphics) files through email to compromise professional service firms including law practices, accounting firms, and medical organizations. SVG files are often overlooked by email security gateways because they're treated as benign graphics rather than executable threats.