NFCShare Android Malware Spreads via Weaponized Banking Apps
A renewed and operationally refined wave of the NFCShare Android banking trojan that delivers NFC card-data theft by masquerading as legitimate banking appli...
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1041 — Exfiltration Over C2 Channel (Exfiltration)
Clear filter112 articles found
OpenAI’s Lockdown Mode is trying to solve the problem that it created
OpenAI’s move to implement a Lockdown Mode that tries to limit data exfiltration by shutting down external capabilities is being seen as making the best out ...
American citizen pleads guilty to spying for China
Thomas Weir Pauken II, 50, admitted to conspiring with multiple individuals to exfiltrate data for the Chinese government.
8th June – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 1st June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES DentaQuest,...
OpenAI Unveils ChatGPT Account Security Controls
OpenAI brings Lockdown Mode and Active Sessions to ChatGPT to curb prompt injection data theft
OpenAI is locking down parts of ChatGPT to reduce data theft risks
OpenAI has started rolling out Lockdown Mode for ChatGPT, an optional security setting that restricts access to external resources and several product capabi...
UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign
Cybersecurity researchers have disclosed details of a financially motivated data theft extortion campaign that has targeted dozens of organizations across pr...
New ChatGPT Lockdown Mode Aims to Block Prompt Injection and Data Exfiltration Attacks
OpenAI this week introduced Lockdown Mode, a security-focused setting for ChatGPT designed to reduce the risk of data exfiltration from prompt-injection atta...
Silent Ransom Group targets law firms with fake IT support calls
The Silent Ransom Group extortion gang is actively targeting U.S.
New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration
OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt inject...
Seeking Counsel: Ongoing Targeted Campaign Against US Law Firms
Written by: Chad Reams, Tufail Ahmed, Keith Knapp, Ashley Frazer, Tyler McLellan Introduction From January through May 2026, Mandiant identified a financiall...
New Magecart Attack Abuses Stripe as Malware C2
A novel Magecart campaign that weaponizes legitimate cloud services to evade detection: attackers are storing a JavaScript skimmer inside Stripe customer met...
Malicious Browser Add-Ons Target Major AI Chatbot Users
Malicious browser add-ons are actively harvesting conversations and personal data from users of major AI platforms including ChatGPT, Claude, Copilot, Gemini...
Credit card theft campaign abuses Stripe to host stolen payment info
A new Magecart campaign is using Stripe's API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. [.
Stock exchange executive’s Outlook mailbox stolen over course of 5 months
The approximately 150-day espionage campaign incrementally exfiltrated emails to cloud services.
ClawHub, Cisco, and Vercel Skill Detection Tools Evaded by Malicious Uploads
Security researchers have shown that AI skill security scanners from ClawHub, Cisco, and Vercel’s skills.sh can be reliably bypassed using simple techniques,...
Hackers Target Global Stock Exchange in Espionage Operation
The attackers had access to a senior executive’s email account for 150 days and exfiltrated data for months. The post Hackers Target Global Stock Exchange in...
Alcasec, “Robin Hood of Spanish Hackers,” Jailed for 31 Months Over Data Theft
Alcasec, the "Robin Hood of Spanish Hackers," is jailed for 31 months after admitting to stealing and selling Spanish citizens' banking data.
The sorry state of skill distribution
Public skill marketplaces are being flooded with malicious skills that steal credentials, exfiltrate data, and hijack agents. In response, a segment of the s...
Russian hackers exploit WinRAR vulnerability for data theft
The exploitation chain begins with a weaponized HTML Application payload called GammaPhish, which retrieves intermediate Visual Basic Script (VBScript) downl...