Russian/China intelligence phishing: Signal/WhatsApp fakes, npm/LiteLLM supply chain, LinkedIn, Jones Day/CapCut
Key Questions
What phishing tactics are Russian and Chinese intelligence using?
FBI/CISA warn of fake Signal/WhatsApp apps and npm/LiteLLM supply chain attacks like 36 axios packages. North Korean crypto phishing and DarkSword are also noted.
What is the LiteLLM supply chain incident?
LiteLLM trojan exposed 4TB at Mercor, leading Meta to pause work. It highlights AI stack vulnerabilities as trojan horses.
How are Chinese apps involved in phishing?
FBI warns CapCut/Temu apps expose data via phishing. They target user data quietly.
What happened in the Jones Day breach?
Hackers accessed files tied to 10 clients; Silent group claimed responsibility. Phishing was the vector.
What defenses are recommended against infostealers?
FBI/CISA urge vigilance on RIS app fakes, LinkedIn phishing, and supply chain risks. Strong infostealer defenses are needed.
What is the hack-for-hire group targeting?
The group targets Android and iCloud users. It was recently exposed.
How did Meta respond to Mercor breach?
Meta paused work with Mercor after the LiteLLM-linked data breach. Mercor confirmed the incident.
What other recent phishing warnings exist?
CISA added CVE-2026-5281 exploitation, EvilTokens phishing, and NetScaler patches. Texas hospital breach ties in.
FBI/CISA RIS app fakes; npm 36 pkgs/axios; NK crypto/phishing; LiteLLM trojan (Mercor 4TB/Meta pause); LinkedIn; DarkSword etc; FBI Chinese apps (CapCut/Temu data/phishing); Jones Day phish. Infostealers defenses needed.