Today > | 7 High | 26 Medium | 8 Low vulnerabilities - You can now download lists of IOCs here!
4 attack reports | 0 vulnerabilities
An adware campaign targets online users by presenting them with fake CAPTCHA or update prompts, tricking them into running malicious PowerShell commands that deploy credential-stealing malware like Lumma and Amadey. The attackers leverage ad networks to redirect victims to compromised sites hosting…
GHOSTPULSE malware has evolved to embed malicious data within pixel structures of PNG files, replacing its previous IDAT chunk technique. Recent campaigns involve social engineering tactics, tricking victims with CAPTCHA validations that trigger malicious commands through keyboard shortcuts. The ma…
Threat actors are repurposing digital analytics and advertising tools to evade detection and enhance their malicious campaigns. The report explores how link shorteners, IP geolocation utilities, CAPTCHA systems, and advertising intelligence platforms are being weaponized. It provides insights into …
An extensive investigation uncovered an elaborate phishing campaign conducted by a Russia-based threat actor known as COLDRIVER, attributed to Russia's Federal Security Service. The campaign employed personalized social engineering tactics to target civil society groups, NGOs, journalists, and gove…