#cdn — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #cdn, aggregated by home.social.
-
Exposing a Global Smishing Operation Across 19 Countries: Governments, Postal Services, and Telecoms Targeted
A coordinated smishing operation spanning 19 countries across Europe, the Americas, and the Caucasus has been exposed, originating from fraudulent SMS messages impersonating Romania's government payment portal Ghișeul.ro. Investigation revealed 1,628 malicious URLs linked by a single 128-character campaign identifier, targeting government portals, traffic police departments, postal services including DPD and SEUR, tax authorities, and telecommunications providers like T-Mobile and Vodafone. The infrastructure utilizes 32 backend IP addresses distributed across Tencent Cloud, Alibaba Cloud, Cloudflare CDN, and ALEXHOST Moldova. Threat actors employ two distinct phishing templates: a Vue.js single-page application and a Bootstrap-based clone, executing a four-stage credential harvesting process that collects complete payment card details through fabricated traffic fines, toll payments, and delivery notifications.
Pulse ID: 6a17527240dde65694eed30e
Pulse Link: https://otx.alienvault.com/pulse/6a17527240dde65694eed30e
Pulse Author: AlienVault
Created: 2026-05-27 20:22:10Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Americas #CDN #Caucasus #Cloud #CredentialHarvesting #CyberSecurity #Europe #Government #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #SMS #Smishing #Telecom #Telecommunication #bot #AlienVault
-
Exposing a Global Smishing Operation Across 19 Countries: Governments, Postal Services, and Telecoms Targeted
A coordinated smishing operation spanning 19 countries across Europe, the Americas, and the Caucasus has been exposed, originating from fraudulent SMS messages impersonating Romania's government payment portal Ghișeul.ro. Investigation revealed 1,628 malicious URLs linked by a single 128-character campaign identifier, targeting government portals, traffic police departments, postal services including DPD and SEUR, tax authorities, and telecommunications providers like T-Mobile and Vodafone. The infrastructure utilizes 32 backend IP addresses distributed across Tencent Cloud, Alibaba Cloud, Cloudflare CDN, and ALEXHOST Moldova. Threat actors employ two distinct phishing templates: a Vue.js single-page application and a Bootstrap-based clone, executing a four-stage credential harvesting process that collects complete payment card details through fabricated traffic fines, toll payments, and delivery notifications.
Pulse ID: 6a17527240dde65694eed30e
Pulse Link: https://otx.alienvault.com/pulse/6a17527240dde65694eed30e
Pulse Author: AlienVault
Created: 2026-05-27 20:22:10Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Americas #CDN #Caucasus #Cloud #CredentialHarvesting #CyberSecurity #Europe #Government #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #SMS #Smishing #Telecom #Telecommunication #bot #AlienVault
-
Exposing a Global Smishing Operation Across 19 Countries: Governments, Postal Services, and Telecoms Targeted
A coordinated smishing operation spanning 19 countries across Europe, the Americas, and the Caucasus has been exposed, originating from fraudulent SMS messages impersonating Romania's government payment portal Ghișeul.ro. Investigation revealed 1,628 malicious URLs linked by a single 128-character campaign identifier, targeting government portals, traffic police departments, postal services including DPD and SEUR, tax authorities, and telecommunications providers like T-Mobile and Vodafone. The infrastructure utilizes 32 backend IP addresses distributed across Tencent Cloud, Alibaba Cloud, Cloudflare CDN, and ALEXHOST Moldova. Threat actors employ two distinct phishing templates: a Vue.js single-page application and a Bootstrap-based clone, executing a four-stage credential harvesting process that collects complete payment card details through fabricated traffic fines, toll payments, and delivery notifications.
Pulse ID: 6a17527240dde65694eed30e
Pulse Link: https://otx.alienvault.com/pulse/6a17527240dde65694eed30e
Pulse Author: AlienVault
Created: 2026-05-27 20:22:10Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Americas #CDN #Caucasus #Cloud #CredentialHarvesting #CyberSecurity #Europe #Government #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #SMS #Smishing #Telecom #Telecommunication #bot #AlienVault
-
Exposing a Global Smishing Operation Across 19 Countries: Governments, Postal Services, and Telecoms Targeted
A coordinated smishing operation spanning 19 countries across Europe, the Americas, and the Caucasus has been exposed, originating from fraudulent SMS messages impersonating Romania's government payment portal Ghișeul.ro. Investigation revealed 1,628 malicious URLs linked by a single 128-character campaign identifier, targeting government portals, traffic police departments, postal services including DPD and SEUR, tax authorities, and telecommunications providers like T-Mobile and Vodafone. The infrastructure utilizes 32 backend IP addresses distributed across Tencent Cloud, Alibaba Cloud, Cloudflare CDN, and ALEXHOST Moldova. Threat actors employ two distinct phishing templates: a Vue.js single-page application and a Bootstrap-based clone, executing a four-stage credential harvesting process that collects complete payment card details through fabricated traffic fines, toll payments, and delivery notifications.
Pulse ID: 6a17527240dde65694eed30e
Pulse Link: https://otx.alienvault.com/pulse/6a17527240dde65694eed30e
Pulse Author: AlienVault
Created: 2026-05-27 20:22:10Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Americas #CDN #Caucasus #Cloud #CredentialHarvesting #CyberSecurity #Europe #Government #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #SMS #Smishing #Telecom #Telecommunication #bot #AlienVault
-
Exposing a Global Smishing Operation Across 19 Countries: Governments, Postal Services, and Telecoms Targeted
A coordinated smishing operation spanning 19 countries across Europe, the Americas, and the Caucasus has been exposed, originating from fraudulent SMS messages impersonating Romania's government payment portal Ghișeul.ro. Investigation revealed 1,628 malicious URLs linked by a single 128-character campaign identifier, targeting government portals, traffic police departments, postal services including DPD and SEUR, tax authorities, and telecommunications providers like T-Mobile and Vodafone. The infrastructure utilizes 32 backend IP addresses distributed across Tencent Cloud, Alibaba Cloud, Cloudflare CDN, and ALEXHOST Moldova. Threat actors employ two distinct phishing templates: a Vue.js single-page application and a Bootstrap-based clone, executing a four-stage credential harvesting process that collects complete payment card details through fabricated traffic fines, toll payments, and delivery notifications.
Pulse ID: 6a17527240dde65694eed30e
Pulse Link: https://otx.alienvault.com/pulse/6a17527240dde65694eed30e
Pulse Author: AlienVault
Created: 2026-05-27 20:22:10Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Americas #CDN #Caucasus #Cloud #CredentialHarvesting #CyberSecurity #Europe #Government #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #SMS #Smishing #Telecom #Telecommunication #bot #AlienVault
-
What this means practically: the fallback path for Fortochka now runs through infrastructure that censors have strong incentives to leave alone. If the direct connection gets squeezed, traffic reroutes automatically. The user doesn't configure anything. They don't need to know any of this is happening.
The форточка doesn't announce itself. It just stays open.
Otkroyte fortochku.
#censorship-circumvention #CDN-routing #DPI-evasion #internet-freedom #self-hosted
-
Websites don’t resize images live for every user… they secretly generate multiple optimized copies beforehand 🖼️🤯
#systemdesign #webdevelopment #backend #cdn #coding #developers #softwareengineering #programming #tech #images
-
How to Enable QUIC.cloud #CDN on Your cPanel Website Using CNAME (5-Minute Quick-Start Guide)
This article discusses how to enable QUIC.cloud CDN on your cPanel website using CNAME DNS.
If you’re running a website and looking for a way to improve speed, security, and overall performance, enabling a Content Delivery Network (CDN) is a great choice. QUIC.cloud is an excellent CDN that enhances site loading speeds and reduces latency, ...
Continued 👉 https://blog.radwebhosting.com/how-to-enable-quic-cloud-cdn-on-your-cpanel-website-using-cname-5-minute-quick-start-guide/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #quic #quiccloud -
How to Enable QUIC.cloud #CDN on Your cPanel Website Using CNAME (5-Minute Quick-Start Guide)
This article discusses how to enable QUIC.cloud CDN on your cPanel website using CNAME DNS.
If you’re running a website and looking for a way to improve speed, security, and overall performance, enabling a Content Delivery Network (CDN) is a great choice. QUIC.cloud is an excellent CDN that enhances site loading speeds and reduces latency, ...
Continued 👉 https://blog.radwebhosting.com/how-to-enable-quic-cloud-cdn-on-your-cpanel-website-using-cname-5-minute-quick-start-guide/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #quic #quiccloud -
How to Enable QUIC.cloud #CDN on Your cPanel Website Using CNAME (5-Minute Quick-Start Guide)
This article discusses how to enable QUIC.cloud CDN on your cPanel website using CNAME DNS.
If you’re running a website and looking for a way to improve speed, security, and overall performance, enabling a Content Delivery Network (CDN) is a great choice. QUIC.cloud is an excellent CDN that enhances site loading speeds and reduces latency, ...
Continued 👉 https://blog.radwebhosting.com/how-to-enable-quic-cloud-cdn-on-your-cpanel-website-using-cname-5-minute-quick-start-guide/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #quic #quiccloud -
[THÉÂTRE] Dans « Coucoù », Kristel Largis-Diaz revient sur son histoire familiale dont certains épisodes ont été oubliés. Elle joue à Rouen pendant Curieux Printemps et à Passais-la-Conception pendant le festival ADO. Des explications avec l’autrice et metteuse en scène de la compagnie La Vague régulière.
Lisez l'article : https://www.relikto.com/.../kristel-largis-diaz-coucou.../
#lepreau #CDN #vire #festivalado #festivalcurieuxprintemps #Rouen #LaVagueRégulière #kristellargisdiaz #theatre
-
[THÉÂTRE] Dans « Coucoù », Kristel Largis-Diaz revient sur son histoire familiale dont certains épisodes ont été oubliés. Elle joue à Rouen pendant Curieux Printemps et à Passais-la-Conception pendant le festival ADO. Des explications avec l’autrice et metteuse en scène de la compagnie La Vague régulière.
Lisez l'article : https://www.relikto.com/.../kristel-largis-diaz-coucou.../
#lepreau #CDN #vire #festivalado #festivalcurieuxprintemps #Rouen #LaVagueRégulière #kristellargisdiaz #theatre
-
[THÉÂTRE] Dans « Coucoù », Kristel Largis-Diaz revient sur son histoire familiale dont certains épisodes ont été oubliés. Elle joue à Rouen pendant Curieux Printemps et à Passais-la-Conception pendant le festival ADO. Des explications avec l’autrice et metteuse en scène de la compagnie La Vague régulière.
Lisez l'article : https://www.relikto.com/.../kristel-largis-diaz-coucou.../
#lepreau #CDN #vire #festivalado #festivalcurieuxprintemps #Rouen #LaVagueRégulière #kristellargisdiaz #theatre
-
[THÉÂTRE] Dans « Coucoù », Kristel Largis-Diaz revient sur son histoire familiale dont certains épisodes ont été oubliés. Elle joue à Rouen pendant Curieux Printemps et à Passais-la-Conception pendant le festival ADO. Des explications avec l’autrice et metteuse en scène de la compagnie La Vague régulière.
Lisez l'article : https://www.relikto.com/.../kristel-largis-diaz-coucou.../
#lepreau #CDN #vire #festivalado #festivalcurieuxprintemps #Rouen #LaVagueRégulière #kristellargisdiaz #theatre
-
How to Enable QUIC.cloud #CDN on Your cPanel Website Using CNAME (5-Minute Quick-Start Guide) This article discusses how to enable QUIC.cloud CDN on your cPanel website using CNAME DNS. If you’re running a website and looking for a way to improve speed, ... Continued 👉 #quiccloud #quic
How to Enable QUIC.cloud CDN o... -
How to Enable QUIC.cloud #CDN on Your cPanel Website Using CNAME (5-Minute Quick-Start Guide) This article discusses how to enable QUIC.cloud CDN on your cPanel website using CNAME DNS. If you’re running a website and looking for a way to improve speed, ... Continued 👉 #quiccloud #quic
How to Enable QUIC.cloud CDN o... -
'Underminr' #CDN #Vulnerability Hides #Malicious Traffic Behind Trusted Domains
#underminr #security #privacy -
'Underminr' #CDN #Vulnerability Hides #Malicious Traffic Behind Trusted Domains
#underminr #security #privacy -
'Underminr' #CDN #Vulnerability Hides #Malicious Traffic Behind Trusted Domains
#underminr #security #privacy -
'Underminr' #CDN #Vulnerability Hides #Malicious Traffic Behind Trusted Domains
#underminr #security #privacy -
'Underminr' #CDN #Vulnerability Hides #Malicious Traffic Behind Trusted Domains
#underminr #security #privacy -
📰 New 'Underminr' Flaw in CDNs Puts 88 Million Domains at Risk of Evasive Attacks
⚠️ Widespread 'Underminr' vulnerability in CDNs exposes 88M domains. Attackers are hiding malicious traffic behind trusted sites using a new form of domain fronting. Active exploitation confirmed. #CDN #CyberSecurity #Underminr #InfoSec
🌐 cyber[.]netsecops[.]io
-
📰 New 'Underminr' Flaw in CDNs Puts 88 Million Domains at Risk of Evasive Attacks
⚠️ Widespread 'Underminr' vulnerability in CDNs exposes 88M domains. Attackers are hiding malicious traffic behind trusted sites using a new form of domain fronting. Active exploitation confirmed. #CDN #CyberSecurity #Underminr #InfoSec
🌐 cyber[.]netsecops[.]io
-
📰 New 'Underminr' Flaw in CDNs Puts 88 Million Domains at Risk of Evasive Attacks
⚠️ Widespread 'Underminr' vulnerability in CDNs exposes 88M domains. Attackers are hiding malicious traffic behind trusted sites using a new form of domain fronting. Active exploitation confirmed. #CDN #CyberSecurity #Underminr #InfoSec
🌐 cyber[.]netsecops[.]io
-
📰 New 'Underminr' Flaw in CDNs Puts 88 Million Domains at Risk of Evasive Attacks
⚠️ Widespread 'Underminr' vulnerability in CDNs exposes 88M domains. Attackers are hiding malicious traffic behind trusted sites using a new form of domain fronting. Active exploitation confirmed. #CDN #CyberSecurity #Underminr #InfoSec
🌐 cyber[.]netsecops[.]io
-
I spent a few hours last week migrating my personal websites from AWS to @[email protected]. I'm very happy with it so far.
Moving my static sites was pretty easy. The hardest part was dealing with #DNSSEC, which is a PITA to migrate between hosts. You do want to migrate your DNS, cause they have a PZ record type, so you don't have to use a CNAME to point to the CDN.
I was able to map services directly:
Route 53 -> Bunny DNS
Cloudfront -> Bunny CDN
S3 -> Bunny Storage
bunny.net is a #CDN based out of Slovenia, so they're covered by GDPR and not part of USA's big tech industry. They're a small company, but their network is not small. They have 9 regions (where data is stored) and 119 edge locations (where data is cached) on the six continents.
The hosting itself is pretty cheap. They have a 14 day trial that includes some trial bucks, but my personal sites didn't use enough resources to get charged a penny even. that is until I enabled a premium service, Bunny Optimizer. This service is about $10/mo and includes features to make your site even faster, like on request conversion of your images to webp format, and resizing/cropping/etc images based on querystring. It also compacts css/js/etc. It's worth it for my image-heavy site, but you can decide if it's worth it for your use case.
What's next on my exodus from AWS?
Bunny isn't a registrar, so I need to migrate my domain registrations off Route 53. This should be easy, but they don't expire till next year, so I'm in no hurry to transfer.
Bunny has container hosting, but they don't have a service comparable to EC2. So, I need to migrate my VPSes (unrelated to websites) off AWS. They're prepaid with Savings Plans through December, so this is something to look at in the fall. -
I spent a few hours last week migrating my personal websites from AWS to @[email protected]. I'm very happy with it so far.
Moving my static sites was pretty easy. The hardest part was dealing with #DNSSEC, which is a PITA to migrate between hosts. You do want to migrate your DNS, cause they have a PZ record type, so you don't have to use a CNAME to point to the CDN.
I was able to map services directly:
Route 53 -> Bunny DNS
Cloudfront -> Bunny CDN
S3 -> Bunny Storage
bunny.net is a #CDN based out of Slovenia, so they're covered by GDPR and not part of USA's big tech industry. They're a small company, but their network is not small. They have 9 regions (where data is stored) and 119 edge locations (where data is cached) on the six continents.
The hosting itself is pretty cheap. They have a 14 day trial that includes some trial bucks, but my personal sites didn't use enough resources to get charged a penny even. that is until I enabled a premium service, Bunny Optimizer. This service is about $10/mo and includes features to make your site even faster, like on request conversion of your images to webp format, and resizing/cropping/etc images based on querystring. It also compacts css/js/etc. It's worth it for my image-heavy site, but you can decide if it's worth it for your use case.
What's next on my exodus from AWS?
Bunny isn't a registrar, so I need to migrate my domain registrations off Route 53. This should be easy, but they don't expire till next year, so I'm in no hurry to transfer.
Bunny has container hosting, but they don't have a service comparable to EC2. So, I need to migrate my VPSes (unrelated to websites) off AWS. They're prepaid with Savings Plans through December, so this is something to look at in the fall. -
I spent a few hours last week migrating my personal websites from AWS to @[email protected]. I'm very happy with it so far.
Moving my static sites was pretty easy. The hardest part was dealing with #DNSSEC, which is a PITA to migrate between hosts. You do want to migrate your DNS, cause they have a PZ record type, so you don't have to use a CNAME to point to the CDN.
I was able to map services directly:
Route 53 -> Bunny DNS
Cloudfront -> Bunny CDN
S3 -> Bunny Storage
bunny.net is a #CDN based out of Slovenia, so they're covered by GDPR and not part of USA's big tech industry. They're a small company, but their network is not small. They have 9 regions (where data is stored) and 119 edge locations (where data is cached) on the six continents.
The hosting itself is pretty cheap. They have a 14 day trial that includes some trial bucks, but my personal sites didn't use enough resources to get charged a penny even. that is until I enabled a premium service, Bunny Optimizer. This service is about $10/mo and includes features to make your site even faster, like on request conversion of your images to webp format, and resizing/cropping/etc images based on querystring. It also compacts css/js/etc. It's worth it for my image-heavy site, but you can decide if it's worth it for your use case.
What's next on my exodus from AWS?
Bunny isn't a registrar, so I need to migrate my domain registrations off Route 53. This should be easy, but they don't expire till next year, so I'm in no hurry to transfer.
Bunny has container hosting, but they don't have a service comparable to EC2. So, I need to migrate my VPSes (unrelated to websites) off AWS. They're prepaid with Savings Plans through December, so this is something to look at in the fall. -
How to Enable QUIC.cloud #CDN on Your cPanel Website Using CNAME (5-Minute Quick-Start Guide)
This article discusses how to enable QUIC.cloud CDN on your cPanel website using CNAME DNS.
If you’re running a website and looking for a way to improve speed, security, and overall performance, enabling a Content Delivery Network (CDN) is a great choice. QUIC.cloud is an excellent CDN that enhances site loading speeds and reduces latency, ...
Continued 👉 https://blog.radwebhosting.com/how-to-enable-quic-cloud-cdn-on-your-cpanel-website-using-cname-5-minute-quick-start-guide/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #quic #quiccloud -
How to Enable QUIC.cloud #CDN on Your cPanel Website Using CNAME (5-Minute Quick-Start Guide)
This article discusses how to enable QUIC.cloud CDN on your cPanel website using CNAME DNS.
If you’re running a website and looking for a way to improve speed, security, and overall performance, enabling a Content Delivery Network (CDN) is a great choice. QUIC.cloud is an excellent CDN that enhances site loading speeds and reduces latency, ...
Continued 👉 https://blog.radwebhosting.com/how-to-enable-quic-cloud-cdn-on-your-cpanel-website-using-cname-5-minute-quick-start-guide/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #quic #quiccloud -
How to Enable QUIC.cloud #CDN on Your cPanel Website Using CNAME (5-Minute Quick-Start Guide)
This article discusses how to enable QUIC.cloud CDN on your cPanel website using CNAME DNS.
If you’re running a website and looking for a way to improve speed, security, and overall performance, enabling a Content Delivery Network (CDN) is a great choice. QUIC.cloud is an excellent CDN that enhances site loading speeds and reduces latency, ...
Continued 👉 https://blog.radwebhosting.com/how-to-enable-quic-cloud-cdn-on-your-cpanel-website-using-cname-5-minute-quick-start-guide/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #quic #quiccloud -
Tracking TamperedChef Clusters via Certificate and Code Reuse
Multiple threat clusters designated as CL-CRI-1089, CL-UNK-1090, and CL-UNK-1110 have been distributing trojanized productivity software through malicious advertising campaigns since 2023. These applications, including PDF editors, calendars, and compression tools, appear legitimate but contain remote access capabilities enabling deployment of information stealers, proxy tooling, and RATs. The campaigns leverage code-signing certificates, remain dormant for weeks to months before activation, and affect organizations globally with over 4,000 samples identified across 100 variants. CL-CRI-1089 operations utilize Ukrainian, Malaysian, and British infrastructure with 34 unique code-signing entities, while CL-UNK-1090 demonstrates vertical integration between advertising agencies and malware creation using primarily Israeli infrastructure with 39 corporations involved. Distribution occurs through sophisticated malvertising employing professional websites, CDN delivery, and search engine optimization techniques.
Pulse ID: 6a0dae41682ec38e55d1aa12
Pulse Link: https://otx.alienvault.com/pulse/6a0dae41682ec38e55d1aa12
Pulse Author: AlienVault
Created: 2026-05-20 12:51:13Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CDN #CyberSecurity #InfoSec #Israel #Malvertising #Malware #OTX #OpenThreatExchange #PDF #Proxy #RAT #Trojan #UK #Ukr #Ukrainian #bot #AlienVault
-
Tracking TamperedChef Clusters via Certificate and Code Reuse
Multiple threat clusters designated as CL-CRI-1089, CL-UNK-1090, and CL-UNK-1110 have been distributing trojanized productivity software through malicious advertising campaigns since 2023. These applications, including PDF editors, calendars, and compression tools, appear legitimate but contain remote access capabilities enabling deployment of information stealers, proxy tooling, and RATs. The campaigns leverage code-signing certificates, remain dormant for weeks to months before activation, and affect organizations globally with over 4,000 samples identified across 100 variants. CL-CRI-1089 operations utilize Ukrainian, Malaysian, and British infrastructure with 34 unique code-signing entities, while CL-UNK-1090 demonstrates vertical integration between advertising agencies and malware creation using primarily Israeli infrastructure with 39 corporations involved. Distribution occurs through sophisticated malvertising employing professional websites, CDN delivery, and search engine optimization techniques.
Pulse ID: 6a0dae41682ec38e55d1aa12
Pulse Link: https://otx.alienvault.com/pulse/6a0dae41682ec38e55d1aa12
Pulse Author: AlienVault
Created: 2026-05-20 12:51:13Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CDN #CyberSecurity #InfoSec #Israel #Malvertising #Malware #OTX #OpenThreatExchange #PDF #Proxy #RAT #Trojan #UK #Ukr #Ukrainian #bot #AlienVault
-
Tracking TamperedChef Clusters via Certificate and Code Reuse
Multiple threat clusters designated as CL-CRI-1089, CL-UNK-1090, and CL-UNK-1110 have been distributing trojanized productivity software through malicious advertising campaigns since 2023. These applications, including PDF editors, calendars, and compression tools, appear legitimate but contain remote access capabilities enabling deployment of information stealers, proxy tooling, and RATs. The campaigns leverage code-signing certificates, remain dormant for weeks to months before activation, and affect organizations globally with over 4,000 samples identified across 100 variants. CL-CRI-1089 operations utilize Ukrainian, Malaysian, and British infrastructure with 34 unique code-signing entities, while CL-UNK-1090 demonstrates vertical integration between advertising agencies and malware creation using primarily Israeli infrastructure with 39 corporations involved. Distribution occurs through sophisticated malvertising employing professional websites, CDN delivery, and search engine optimization techniques.
Pulse ID: 6a0dae41682ec38e55d1aa12
Pulse Link: https://otx.alienvault.com/pulse/6a0dae41682ec38e55d1aa12
Pulse Author: AlienVault
Created: 2026-05-20 12:51:13Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CDN #CyberSecurity #InfoSec #Israel #Malvertising #Malware #OTX #OpenThreatExchange #PDF #Proxy #RAT #Trojan #UK #Ukr #Ukrainian #bot #AlienVault
-
Tracking TamperedChef Clusters via Certificate and Code Reuse
Multiple threat clusters designated as CL-CRI-1089, CL-UNK-1090, and CL-UNK-1110 have been distributing trojanized productivity software through malicious advertising campaigns since 2023. These applications, including PDF editors, calendars, and compression tools, appear legitimate but contain remote access capabilities enabling deployment of information stealers, proxy tooling, and RATs. The campaigns leverage code-signing certificates, remain dormant for weeks to months before activation, and affect organizations globally with over 4,000 samples identified across 100 variants. CL-CRI-1089 operations utilize Ukrainian, Malaysian, and British infrastructure with 34 unique code-signing entities, while CL-UNK-1090 demonstrates vertical integration between advertising agencies and malware creation using primarily Israeli infrastructure with 39 corporations involved. Distribution occurs through sophisticated malvertising employing professional websites, CDN delivery, and search engine optimization techniques.
Pulse ID: 6a0dae41682ec38e55d1aa12
Pulse Link: https://otx.alienvault.com/pulse/6a0dae41682ec38e55d1aa12
Pulse Author: AlienVault
Created: 2026-05-20 12:51:13Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CDN #CyberSecurity #InfoSec #Israel #Malvertising #Malware #OTX #OpenThreatExchange #PDF #Proxy #RAT #Trojan #UK #Ukr #Ukrainian #bot #AlienVault
-
Tracking TamperedChef Clusters via Certificate and Code Reuse
Multiple threat clusters designated as CL-CRI-1089, CL-UNK-1090, and CL-UNK-1110 have been distributing trojanized productivity software through malicious advertising campaigns since 2023. These applications, including PDF editors, calendars, and compression tools, appear legitimate but contain remote access capabilities enabling deployment of information stealers, proxy tooling, and RATs. The campaigns leverage code-signing certificates, remain dormant for weeks to months before activation, and affect organizations globally with over 4,000 samples identified across 100 variants. CL-CRI-1089 operations utilize Ukrainian, Malaysian, and British infrastructure with 34 unique code-signing entities, while CL-UNK-1090 demonstrates vertical integration between advertising agencies and malware creation using primarily Israeli infrastructure with 39 corporations involved. Distribution occurs through sophisticated malvertising employing professional websites, CDN delivery, and search engine optimization techniques.
Pulse ID: 6a0dae41682ec38e55d1aa12
Pulse Link: https://otx.alienvault.com/pulse/6a0dae41682ec38e55d1aa12
Pulse Author: AlienVault
Created: 2026-05-20 12:51:13Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CDN #CyberSecurity #InfoSec #Israel #Malvertising #Malware #OTX #OpenThreatExchange #PDF #Proxy #RAT #Trojan #UK #Ukr #Ukrainian #bot #AlienVault
-
Popular Go Decimal Library Targeted by Long-Running Typosquat with DNS Backdoor
A long-running typosquatting campaign impersonated the widely used shopspring/decimal Go library by publishing github.com/shopsprint/decimal, differing by a single character. Active since November 2017, the package remained benign through seven releases until being weaponized in August 2023 with version v1.3.3. This version introduced a malicious init() function that executes automatically on import, establishing a DNS TXT record-based command and control channel to dnslog-cdn-images.freemyip.com. The backdoor polls every five minutes and executes arbitrary commands returned via TXT records. Although the GitHub repository and owner account have been deleted, the malicious module remains permanently cached and accessible through Go's module proxy system, continuing to pose a supply chain risk to developers who mistype the package name.
Pulse ID: 6a0d278a6320921cb57f8b69
Pulse Link: https://otx.alienvault.com/pulse/6a0d278a6320921cb57f8b69
Pulse Author: AlienVault
Created: 2026-05-20 03:16:26Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CDN #CyberSecurity #DNS #GitHub #InfoSec #OTX #OpenThreatExchange #Proxy #SupplyChain #TypoSquatting #bot #developers #AlienVault
-
Popular Go Decimal Library Targeted by Long-Running Typosquat with DNS Backdoor
A long-running typosquatting campaign impersonated the widely used shopspring/decimal Go library by publishing github.com/shopsprint/decimal, differing by a single character. Active since November 2017, the package remained benign through seven releases until being weaponized in August 2023 with version v1.3.3. This version introduced a malicious init() function that executes automatically on import, establishing a DNS TXT record-based command and control channel to dnslog-cdn-images.freemyip.com. The backdoor polls every five minutes and executes arbitrary commands returned via TXT records. Although the GitHub repository and owner account have been deleted, the malicious module remains permanently cached and accessible through Go's module proxy system, continuing to pose a supply chain risk to developers who mistype the package name.
Pulse ID: 6a0d278a6320921cb57f8b69
Pulse Link: https://otx.alienvault.com/pulse/6a0d278a6320921cb57f8b69
Pulse Author: AlienVault
Created: 2026-05-20 03:16:26Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CDN #CyberSecurity #DNS #GitHub #InfoSec #OTX #OpenThreatExchange #Proxy #SupplyChain #TypoSquatting #bot #developers #AlienVault
-
Popular Go Decimal Library Targeted by Long-Running Typosquat with DNS Backdoor
A long-running typosquatting campaign impersonated the widely used shopspring/decimal Go library by publishing github.com/shopsprint/decimal, differing by a single character. Active since November 2017, the package remained benign through seven releases until being weaponized in August 2023 with version v1.3.3. This version introduced a malicious init() function that executes automatically on import, establishing a DNS TXT record-based command and control channel to dnslog-cdn-images.freemyip.com. The backdoor polls every five minutes and executes arbitrary commands returned via TXT records. Although the GitHub repository and owner account have been deleted, the malicious module remains permanently cached and accessible through Go's module proxy system, continuing to pose a supply chain risk to developers who mistype the package name.
Pulse ID: 6a0d278a6320921cb57f8b69
Pulse Link: https://otx.alienvault.com/pulse/6a0d278a6320921cb57f8b69
Pulse Author: AlienVault
Created: 2026-05-20 03:16:26Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CDN #CyberSecurity #DNS #GitHub #InfoSec #OTX #OpenThreatExchange #Proxy #SupplyChain #TypoSquatting #bot #developers #AlienVault
-
Popular Go Decimal Library Targeted by Long-Running Typosquat with DNS Backdoor
A long-running typosquatting campaign impersonated the widely used shopspring/decimal Go library by publishing github.com/shopsprint/decimal, differing by a single character. Active since November 2017, the package remained benign through seven releases until being weaponized in August 2023 with version v1.3.3. This version introduced a malicious init() function that executes automatically on import, establishing a DNS TXT record-based command and control channel to dnslog-cdn-images.freemyip.com. The backdoor polls every five minutes and executes arbitrary commands returned via TXT records. Although the GitHub repository and owner account have been deleted, the malicious module remains permanently cached and accessible through Go's module proxy system, continuing to pose a supply chain risk to developers who mistype the package name.
Pulse ID: 6a0d278a6320921cb57f8b69
Pulse Link: https://otx.alienvault.com/pulse/6a0d278a6320921cb57f8b69
Pulse Author: AlienVault
Created: 2026-05-20 03:16:26Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CDN #CyberSecurity #DNS #GitHub #InfoSec #OTX #OpenThreatExchange #Proxy #SupplyChain #TypoSquatting #bot #developers #AlienVault
-
Popular Go Decimal Library Targeted by Long-Running Typosquat with DNS Backdoor
A long-running typosquatting campaign impersonated the widely used shopspring/decimal Go library by publishing github.com/shopsprint/decimal, differing by a single character. Active since November 2017, the package remained benign through seven releases until being weaponized in August 2023 with version v1.3.3. This version introduced a malicious init() function that executes automatically on import, establishing a DNS TXT record-based command and control channel to dnslog-cdn-images.freemyip.com. The backdoor polls every five minutes and executes arbitrary commands returned via TXT records. Although the GitHub repository and owner account have been deleted, the malicious module remains permanently cached and accessible through Go's module proxy system, continuing to pose a supply chain risk to developers who mistype the package name.
Pulse ID: 6a0d278a6320921cb57f8b69
Pulse Link: https://otx.alienvault.com/pulse/6a0d278a6320921cb57f8b69
Pulse Author: AlienVault
Created: 2026-05-20 03:16:26Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CDN #CyberSecurity #DNS #GitHub #InfoSec #OTX #OpenThreatExchange #Proxy #SupplyChain #TypoSquatting #bot #developers #AlienVault
-
Google Maps never loads the whole world… it only loads tiny pieces you’re about to see 🌍🤯
#systemdesign #googlemaps #coding #developers #backend #softwareengineering #cdn #maps #programming #tech
-
https://www.europesays.com/afrique/107611/ Tunisie : un plan climatique de 55 milliards de dollars pour renforcer la résilience d’ici 2035 #AccordParis #cdn #ChangementClimatiques #DessalementD’eauDeMer #Environnement #Tunisie
-
Chinese APT Campaign Targets Entities with Updated FDMTP Backdoor
Beginning in late September 2025, multiple affected hosts were observed making requests to domains impersonating content delivery networks (CDNs), including infrastructure masquerading as Yahoo- and Apple-affiliated services. Across these cases, Darktrace identified a consistent behavioral execution pattern: the retrieval of legitimate binaries alongside malicious Dynamic Link Libraries (DLLs), enabling sideloading and execution of a modular .NET-based Remote Access Trojan (RAT) framework.
Pulse ID: 6a0b6898afd39bdd2dd6f142
Pulse Link: https://otx.alienvault.com/pulse/6a0b6898afd39bdd2dd6f142
Pulse Author: AlienVault
Created: 2026-05-18 19:29:26Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CDN #Chinese #CyberSecurity #DNS #Darktrace #InfoSec #NET #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SideLoading #Trojan #bot #AlienVault
-
Chinese APT Campaign Targets Entities with Updated FDMTP Backdoor
Beginning in late September 2025, multiple affected hosts were observed making requests to domains impersonating content delivery networks (CDNs), including infrastructure masquerading as Yahoo- and Apple-affiliated services. Across these cases, Darktrace identified a consistent behavioral execution pattern: the retrieval of legitimate binaries alongside malicious Dynamic Link Libraries (DLLs), enabling sideloading and execution of a modular .NET-based Remote Access Trojan (RAT) framework.
Pulse ID: 6a0b6898afd39bdd2dd6f142
Pulse Link: https://otx.alienvault.com/pulse/6a0b6898afd39bdd2dd6f142
Pulse Author: AlienVault
Created: 2026-05-18 19:29:26Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CDN #Chinese #CyberSecurity #DNS #Darktrace #InfoSec #NET #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SideLoading #Trojan #bot #AlienVault
-
Chinese APT Campaign Targets Entities with Updated FDMTP Backdoor
Beginning in late September 2025, multiple affected hosts were observed making requests to domains impersonating content delivery networks (CDNs), including infrastructure masquerading as Yahoo- and Apple-affiliated services. Across these cases, Darktrace identified a consistent behavioral execution pattern: the retrieval of legitimate binaries alongside malicious Dynamic Link Libraries (DLLs), enabling sideloading and execution of a modular .NET-based Remote Access Trojan (RAT) framework.
Pulse ID: 6a0b6898afd39bdd2dd6f142
Pulse Link: https://otx.alienvault.com/pulse/6a0b6898afd39bdd2dd6f142
Pulse Author: AlienVault
Created: 2026-05-18 19:29:26Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CDN #Chinese #CyberSecurity #DNS #Darktrace #InfoSec #NET #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SideLoading #Trojan #bot #AlienVault
-
Chinese APT Campaign Targets Entities with Updated FDMTP Backdoor
Beginning in late September 2025, multiple affected hosts were observed making requests to domains impersonating content delivery networks (CDNs), including infrastructure masquerading as Yahoo- and Apple-affiliated services. Across these cases, Darktrace identified a consistent behavioral execution pattern: the retrieval of legitimate binaries alongside malicious Dynamic Link Libraries (DLLs), enabling sideloading and execution of a modular .NET-based Remote Access Trojan (RAT) framework.
Pulse ID: 6a0b6898afd39bdd2dd6f142
Pulse Link: https://otx.alienvault.com/pulse/6a0b6898afd39bdd2dd6f142
Pulse Author: AlienVault
Created: 2026-05-18 19:29:26Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CDN #Chinese #CyberSecurity #DNS #Darktrace #InfoSec #NET #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SideLoading #Trojan #bot #AlienVault
-
Chinese APT Campaign Targets Entities with Updated FDMTP Backdoor
Beginning in late September 2025, multiple affected hosts were observed making requests to domains impersonating content delivery networks (CDNs), including infrastructure masquerading as Yahoo- and Apple-affiliated services. Across these cases, Darktrace identified a consistent behavioral execution pattern: the retrieval of legitimate binaries alongside malicious Dynamic Link Libraries (DLLs), enabling sideloading and execution of a modular .NET-based Remote Access Trojan (RAT) framework.
Pulse ID: 6a0b6898afd39bdd2dd6f142
Pulse Link: https://otx.alienvault.com/pulse/6a0b6898afd39bdd2dd6f142
Pulse Author: AlienVault
Created: 2026-05-18 19:29:26Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CDN #Chinese #CyberSecurity #DNS #Darktrace #InfoSec #NET #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SideLoading #Trojan #bot #AlienVault
-
https://www.europesays.com/afrique/105972/ Climat : la Tunisie prévoit 55 milliards de dollars pour mettre en œuvre sa stratégie CDN 3.0 #carbone #cdn #ForumNationalDeL’AdaptationAuxChangementsClimatiques #Transitionénergétique #Tunisie
-
5 слоев кэширования в веб-приложениях: Полное руководство для Python-разработчиков
Содержание Кэширование — ключевой механизм оптимизации производительности веб-приложений, позволяющий снизить задержки и уменьшить нагрузку на серверы. В этой подробной статье рассмотрим пять основных уровней кэширования, применимых в современных веб-системах. Ты узнаешь о внутреннем и внешнем кэше, кэшировании на уровне reverse proxy, браузера и фронтенда. Статья будет полезна как начинающим, так и опытным разработчикам, которым интересно углубить понимание кэширования и повысить эффективность своих проектов.