Risky Bulletin Risky Bulletin: Russia's Signal phishing nets thousands of accounts
Mar 23, 2026
A deep dive into a mass phishing campaign that linked extra devices to thousands of Signal accounts. A supply-chain sabotage tale where a popular scanner was weaponized to steal credentials and seed an NPM worm. Authorities dismantle massive IoT botnets tied to huge DDoS attacks and seize dark websites. Emergency patches, spyware arrests, and high-profile data breaches round out the briefing.
AI Snips
Chapters
Transcript
Episode notes
Signal Accounts Compromised Via Support Impersonation
- Russian intelligence services compromised thousands of Signal accounts by impersonating support staff and asking victims for security codes.
- Attackers used those codes to link devices and intercept communications, with alerts from FBI, French and Dutch agencies confirming widespread targeting of officials, military and journalists.
Trivy Supply Chain Attack Led To NPM Worm
- The Trivy open source vulnerability scanner was backdoored by attackers who added malware to steal credentials.
- Stolen credentials were used to deploy a worm that spread through the NPM ecosystem, claimed by financially motivated Team PCP.
Massive IoT Botnets Takedown Reduced 30Tbps Attacks
- US, Canadian and German authorities seized servers for four IoT botnets used for massive DDoS-for-hire services.
- Botnets Isuru, Kimwoof, Jackskid and Mossad generated attacks up to about 30 terabits per second.