The APT known as Lazarus conducted spear phishing attacks with weaponized documents masquerading as Lockheed Martin. These weaponized documents perform a series of injections to achieve startup persistence on the victims system. As part of this killchain the Windows Update service is abused for payload execution and Github is utilzed as a C2 to deliver remote commands.
Malwarebytes researches have shared a full synopsis here:
MITRE ATT&CK Lazarus profile:
https://attack.mitre.org/groups/G0032/
Oracle PeopleSoft Servers Hacked in ShinyHunters Data Theft Attacks Article Link: https://www.bleepingcomputer.com/news/security/oracle-peoplesoft-servers-hacked-in-shinyhunters-data-theft-attacks/ Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code Article Link: https://thehackernews.com/2026/06/agentjacking-attack-tricks-ai-coding.html
CISA Warns of Active Attacks Exploiting Android, Linux Bugs Article Link: https://www.bleepingcomputer.com/news/security/cisa-warns-of-active-attacks-exploiting-android-linux-bugs/ Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT Article Link:
