Advertisement
Amazon SES Phishing Abuse: Evading Security Filters via AWS Infrastructure
Threat actors are increasingly exploiting Amazon Simple Email Service (SES) to bypass email security filters by leveraging high-reputation AWS domains.
Supply Chain Attack: Bitwarden CLI npm Package Compromised
Analysis of the Bitwarden CLI npm package compromise (version 2023.12.0) leading to developer credential theft and supply chain risk. Includes mitigation.
AgingFly Malware: Credential Theft Operations Against Ukraine
Analysis of AgingFly malware, a new threat observed actively targeting Ukrainian government and hospital entities to steal credentials from Chromium browsers and
Basic-Fit Data Breach: 1 Million Members Impacted by Credential Theft
Europe's largest gym chain, Basic-Fit, confirms a data breach impacting 1 million members. Attackers accessed names, DOBs, and IBANs via automated scripts.
VENOM PhaaS: New Phishing Attacks Target Senior Executives' Microsoft Logins
Analysis of VENOM, a new PhaaS platform targeting C-suite executives with sophisticated phishing attacks to steal Microsoft login credentials across industries.
APT28 Forest Blizzard DNS Manipulation Targets SOHO Routers
Russian APT28, or Forest Blizzard, is conducting malwareless cyber espionage by manipulating DNS settings on vulnerable SOHO routers to steal credentials from global
APT28 FrostArmada DNS Hijack Campaign Steals Microsoft 365 Logins
Authorities disrupt APT28's FrostArmada campaign, which used DNS hijacking of MikroTik and TP-Link routers to steal Microsoft 365 account credentials.
CVE-2025-55182: Next.js React2Shell Exploited to Steal Cloud Secrets
Attackers are exploiting the CVE-2025-55182 React2Shell vulnerability in Next.js to harvest AWS secrets, SSH keys, and database credentials from 766 hosts.
DeepLoad Malware: Analysis of ClickFix Attacks and Mitigation
DeepLoad malware, observed in ClickFix attacks, steals credentials, installs malicious browser extensions, and propagates via USB drives. Learn TTPs and defense
DeepLoad Malware Leverages ClickFix, WMI for Browser Credential Theft
DeepLoad malware leverages ClickFix social engineering and WMI for persistence to steal browser credentials, employing AI-assisted obfuscation for evasion.
LiteLLM PyPI Supply Chain Attack: TeamPCP Steals Credentials
TeamPCP compromised the LiteLLM PyPI package, backdooring it to steal credentials and auth tokens from hundreds of thousands of devices.
VoidStealer: Bypassing Chrome ABE via Remote Debugging Protocol
VoidStealer malware uses a novel debugger technique to bypass Google Chrome’s Application-Bound Encryption and exfiltrate browser-stored credentials.