The APT known as Lazarus conducted spear phishing attacks with weaponized documents masquerading as Lockheed Martin. These weaponized documents perform a series of injections to achieve startup persistence on the victims system. As part of this killchain the Windows Update service is abused for payload execution and Github is utilzed as a C2 to deliver remote commands.
Malwarebytes researches have shared a full synopsis here:
MITRE ATT&CK Lazarus profile:
https://attack.mitre.org/groups/G0032/
FortiBleed Leak Exposes Fortinet VPN Credentials for 73,000 Devices Article Link: https://www.bleepingcomputer.com/news/security/fortibleed-leak-exposes-fortinet-vpn-credentials-for-73-000-devices/ SQL Server 2025 AI Features Can Be Abused to Exfiltrate Sensitive Data Article
Oracle PeopleSoft Servers Hacked in ShinyHunters Data Theft Attacks Article Link: https://www.bleepingcomputer.com/news/security/oracle-peoplesoft-servers-hacked-in-shinyhunters-data-theft-attacks/ Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code Article Link: https://thehackernews.com/2026/06/agentjacking-attack-tricks-ai-coding.html
