Torg Grabber Malware Shifts from Telegram Exfiltration to Encrypted REST API for C2
A fast-evolving information‑stealing malware dubbed “Torg Grabber” that has shifted from simple Telegram‑based exfiltration to a hardened, encrypted REST API...
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1041 — Exfiltration Over C2 Channel (Exfiltration)
Clear filter89 articles found
WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites
Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate data, effectivel...
GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data
Cybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft an...
China-Backed Hackers Target Southeast Asian Military Systems in Ongoing Spy Campaign
China-linked threat actors have been identified targeting Southeast Asian military networks in a long-running cyber espionage campaign focused on intelligenc...
Five Malicious npm Packages Target Crypto Developers, Steal Wallet Keys via Telegram
Five malicious npm packages impersonating popular crypto libraries are stealing wallet keys from Solana and Ethereum developers and exfiltrating them directl...
New Whitepaper: Exploiting Cellular-based IoT Devices
Rapid7 has released a whitepaper titled “The Weaponization of Cellular Based IoT Technology,” by Deral Heiland, principal security researcher, IoT, at Rapid7...
OVHcloud Founder Denies Massive 590TB Data Breach Claims
OVHcloud denies breach after hacker claims 600TB data theft affecting millions of sites, with experts doubting authenticity due to weak proof
Infinite Campus warns of breach after ShinyHunters claims data theft
Infinite Campus, a widely used K-12 student information system, is warning customers of a data breach following an extortion attempt by a threat actor. [.
‘CanisterWorm’ Springs Wiper Attack Targeting Iran
A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secure...
23rd March – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 23rd March, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Navia Ben...
Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers
Cybersecurity researchers have flagged a new malware dubbed Speagle that hijacks the functionality and infrastructure of a legitimate program called Cobra Do...
AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE
Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environment...
Rapid7 Guidance on Observed Microsoft Teams Phishing Campaigns
The Rapid7 MDR team is currently monitoring an increase in phishing campaigns where threat actors (TAs) impersonate internal IT departments via Microsoft Tea...
Security Flaw in AWS Bedrock Code Interpreter Raises Alarms
DNS-based attack in AWS Bedrock AgentCore lets AI sandboxes exfiltrate cloud data
Iran’s Cyber Playbook in the Escalating Regional Conflict
Following our recent published advisories, this publication is intended to outline a summary of the cyber activities associated with the tension. Based on th...
FortiGate Edge Intrusions | Stolen Service Accounts Lead to Rogue Workstations and Deep AD Compromise
FortiGate SSO flaws allows attackers to steal configs, abuse AD creds, deploy RMM tools, and exfiltrate NTDS files.
When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation
Overview Rapid7 Labs has identified and analyzed an ongoing, widespread compromise of legitimate, potentially highly trusted WordPress websites, misused by a...
Coruna Exploit Kit Targets Older iPhones in Multi-Stage Campaigns
Exploit kit "Coruna" targets iPhones running iOS 13.0 to 17.
Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852
By Aviv Donenfeld and Oded Vanunu Executive Summary Check Point Research has discovered critical vulnerabilities in Anthropic’s Claude Code that allow attack...
AI Accelerates Attacker Breakout Time to Just Four Minutes
ReliaQuest claims AI has reduced breakout and exfiltration time to under 10 minutes