AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion
Threat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a repo...
Campaigns
20 articles
Silver Fox Cyberattack Targets Japanese Businesses with Tax-Themed Phishing Scams
A threat actor known as Silver Fox is targeting Japanese organizations with a new wave of spearphishing attacks timed to coincide with the country’s busy tax...
TeamPCP Hackers Focus on AI Developers, Planting Malicious Code to Disrupt Projects
The FBI Cyber Division has issued a critical alert following a massive supply chain attack orchestrated by the threat actor group TeamPCP. The hackers succes...
China-linked Red Menshen APT deploys stealthy BPFDoor implants in telecom networks
China-linked Red Menshen APT group used stealthy BPFDoor implants in telecom networks to spy on government targets. Rapid7 Labs uncovered a China-linked thre...
Hackers Implant Stealthy BPFdoor Backdoors in Telecom Networks for Persistent Access
A China-nexus threat actor known as Red Menshen is planting stealthy backdoors deep inside global telecommunications networks. According to a recent investig...
New Ghost Campaign Uses Fake npm Progress Bars to Phish Sudo Passwords
ReversingLabs researchers identify a new Ghost campaign using fake npm install logs and progress bars to phish for sudo passwords and steal crypto wallets fr...
China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks
A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government net...
TeamPCP Supply Chain Campaign: Update 001 ? Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available, (Thu, Mar 26th)
This is the first update to the TeamPCP supply chain campaign threat intelligence report, “When the Security Scanner Became the Weapon†(v3.0, March 25, ...
Quish Splash QR Code Phishing Campaign Hits 1.6 Million Users
7AI research reveals a massive QR code phishing attack that evaded SPF, DKIM, and DMARC. Find out how 1.
Updated GlassWorm attack campaign uncovered
Threat actors have used a multi-stage framework deploying a remote access trojan and a fake information-stealing Google Docs Offline extension for Chrome in ...
TikTok for Business accounts targeted in new phishing campaign
Threat actors are targeting TikTok for Business accounts in a phishing campaign that prevents security bots from analyzing malicious pages. [.
Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure
The state-sponsored threat actor deployed kernel implants and passive backdoors enabling long-term, high-level espionage. The post Chinese Hackers Caught Dee...
BPFdoor in Telecom Networks: Sleeper Cells in the backbone
Executive overview The strategic positioning of covert access within the world’s telecommunication networks A months-long investigation by Rapid7 Labs has un...
Suspected Hijacked Developer Accounts Spread npm Malware
Sonatype uncovers a sophisticated malware campaign using hijacked npm developer accounts to steal API keys and passwords. Is your dev environment at risk?
Silver Fox Tax Audit Phishing Campaign Shifts from RATs to Python Stealers
Threat intelligence teams have tracked Silver Fox (also known as Void Arachne), a China-based intrusion set that sits at the intersection of financially moti...
World Leaks data extortion: What you need to know
World Leaks is a cyber extortion operation that steals sensitive data from organizations and threatens to leak it via the dark web if a ransom is not paid. R...
Fake Screenshot Lures Target Web3 Support Staff with Multi-Stage Malware Attack
Fake screenshot links are being used to quietly deploy a multi‑stage backdoor against Web3 customer support teams, in a campaign assessed to be linked to the...
Fake npm Install Messages Conceal RAT Malware in New Open Source Supply Chain Attack
Fake npm install messages are the latest social engineering trick in the open source supply chain, with attackers abusing npm post‑install scripts to silentl...
LeakBase Forum Admin Arrested by Russian Authorities in Global Cybercrime Operation
Russian law enforcement agencies have successfully apprehended the suspected administrator of LeakBase, a prominent international cybercrime forum. The arres...
Fake VS Code Security Alerts on GitHub Spread Malware in Massive Phishing Attack
A large-scale phishing campaign is actively targeting developers on GitHub by abusing the platform’s Discussions feature to distribute fake Visual Studio Cod...