Advertisement
ACR Stealer Distributed via Fake Claude AI Desktop Site
Threat actors are distributing ACR Stealer malware through a fraudulent Claude AI desktop application site, targeting browser credentials and crypto wallets.
Grafana GitHub Token Compromise: Codebase Stolen via PAT
Grafana Labs reports a source code breach after attackers leveraged a stolen GitHub Personal Access Token. Analysis of the impact and mitigation steps.
Developer Workstations: The New Front in Software Supply Chain Attacks
A surge in attacks targeting npm, PyPI, and Docker Hub highlights a shift toward stealing developer credentials and API keys from workstations and CI/CD pipelines.
Quasar Linux RAT (QLNX) Targets Developers for Supply Chain Attacks
A new Linux implant, Quasar Linux RAT (QLNX), targets developer systems for credential theft and network tunneling to compromise software supply chains.
PCPJack Malware: Stealing Cloud Secrets via Parquet File Discovery
PCPJack malware replaces TeamPCP, utilizing Apache Parquet files for stealthy cloud secret theft across multiple service providers and environments.
Microsoft Edge Cleartext Password Exposure Risks — Mitigation Guide
Critical analysis of Microsoft Edge credential storage risks. Learn how to prevent cleartext password extraction and secure browser-based identities.
AccountDumpling: Vietnamese Phishing Relay Abuses Google AppSheet
A Vietnamese-linked operation dubbed AccountDumpling used Google AppSheet as a phishing relay to compromise 30,000 Facebook accounts for illicit resale.
Storm Infostealer: Bypassing Local Decryption for Session Hijacking
Storm infostealer exfiltrates encrypted browser data for server-side decryption, allowing attackers to bypass MFA and hijack active user sessions.
OpenAI Codex Vulnerability Exposed GitHub Tokens via OAuth Flaw
Researchers discovered a critical OpenAI Codex vulnerability allowing GitHub token theft via OAuth flaws, risking unauthorized access to private repositories.
Tycoon 2FA PaaS Recovery: Detecting AitM Phishing Infrastructure
Tycoon 2FA Phishing-as-a-Service has recovered from law enforcement disruption. Learn how this AitM platform bypasses MFA and how to protect your organization.
Perseus Android Malware: Technical Analysis of Note-Stealing Tactics
Perseus Android malware targets sensitive secrets in user notes by abusing Accessibility Services. Learn how to detect and mitigate this mobile threat.
7-Stage Phishing Chain Targets Outpost24 C-Suite via Redirects
Security researchers identify a sophisticated 7-stage phishing attack targeting Outpost24 executives using legitimate domains to evade email gateways.