#malware — Public Fediverse posts

Phishing-Driven Banking Malware Campaign Targeting Windows and Android Devices

Active malware campaigns targeting Windows and Android users, which use Grandoreiro banking malware and the BTMOB Android RAT in order to steal financial and personal data. Victims are targeted through phishing emails and fake apps that trick them into installing malicious files or granting device access.

Pulse ID: 6a187c4e9fe60a946730ffb9
Pulse Link: https://otx.alienvault.com/pulse/6a187c4e9fe60a946730ffb9
Pulse Author: cryptocti
Created: 2026-05-28 17:33:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #CyberSecurity #Email #InfoSec #Malware #OTX #OpenThreatExchange #Phishing #RAT #Windows #bot #cryptocti

Phishing-Driven Banking Malware Campaign Targeting Windows and Android Devices

Active malware campaigns targeting Windows and Android users, which use Grandoreiro banking malware and the BTMOB Android RAT in order to steal financial and personal data. Victims are targeted through phishing emails and fake apps that trick them into installing malicious files or granting device access.

Pulse ID: 6a187cbd9fe60a946730ffba
Pulse Link: https://otx.alienvault.com/pulse/6a187cbd9fe60a946730ffba
Pulse Author: cryptocti
Created: 2026-05-28 17:34:53

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #CyberSecurity #Email #InfoSec #Malware #OTX #OpenThreatExchange #Phishing #RAT #Windows #bot #cryptocti

Phishing-Driven Banking Malware Campaign Targeting Windows and Android Devices

Active malware campaigns targeting Windows and Android users, which use Grandoreiro banking malware and the BTMOB Android RAT in order to steal financial and personal data. Victims are targeted through phishing emails and fake apps that trick them into installing malicious files or granting device access.

Pulse ID: 6a187cbd6c6d406caeef06a2
Pulse Link: https://otx.alienvault.com/pulse/6a187cbd6c6d406caeef06a2
Pulse Author: cryptocti
Created: 2026-05-28 17:34:53

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #CyberSecurity #Email #InfoSec #Malware #OTX #OpenThreatExchange #Phishing #RAT #Windows #bot #cryptocti

Phishing-Driven Banking Malware Campaign Targeting Windows and Android Devices

Active malware campaigns targeting Windows and Android users, which use Grandoreiro banking malware and the BTMOB Android RAT in order to steal financial and personal data. Victims are targeted through phishing emails and fake apps that trick them into installing malicious files or granting device access.

Pulse ID: 6a187cbe8cdd31d7f83c8063
Pulse Link: https://otx.alienvault.com/pulse/6a187cbe8cdd31d7f83c8063
Pulse Author: cryptocti
Created: 2026-05-28 17:34:54

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #CyberSecurity #Email #InfoSec #Malware #OTX #OpenThreatExchange #Phishing #RAT #Windows #bot #cryptocti

Phishing-Driven Banking Malware Campaign Targeting Windows and Android Devices

Active malware campaigns targeting Windows and Android users, which use Grandoreiro banking malware and the BTMOB Android RAT in order to steal financial and personal data. Victims are targeted through phishing emails and fake apps that trick them into installing malicious files or granting device access.

Pulse ID: 6a187cd2d4985ecd688b1c12
Pulse Link: https://otx.alienvault.com/pulse/6a187cd2d4985ecd688b1c12
Pulse Author: cryptocti
Created: 2026-05-28 17:35:14

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #CyberSecurity #Email #InfoSec #Malware #OTX #OpenThreatExchange #Phishing #RAT #Windows #bot #cryptocti

Phishing-Driven Banking Malware Campaign Targeting Windows and Android Devices

Active malware campaigns targeting Windows and Android users, which use Grandoreiro banking malware and the BTMOB Android RAT in order to steal financial and personal data. Victims are targeted through phishing emails and fake apps that trick them into installing malicious files or granting device access.

Pulse ID: 6a187d0757e29bb3897eac46
Pulse Link: https://otx.alienvault.com/pulse/6a187d0757e29bb3897eac46
Pulse Author: cryptocti
Created: 2026-05-28 17:36:07

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #CyberSecurity #Email #InfoSec #Malware #OTX #OpenThreatExchange #Phishing #RAT #Windows #bot #cryptocti

Credential Stealer EKZ Delivered via FortiClient EMS Exploitation

Attackers exploited CVE-2026-35616 in FortiClient EMS. Threat actors changes EMS settings and pushed a malicious VPN script to endpoints. The script downloaded EKZ Infostealer, disguised as a Fortinet patch. The malware steals browser passwords, cookies, and autofill data.

Pulse ID: 6a1879e13827c581e8b73eb4
Pulse Link: https://otx.alienvault.com/pulse/6a1879e13827c581e8b73eb4
Pulse Author: cryptocti
Created: 2026-05-28 17:22:41

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cookies #CyberSecurity #Endpoint #InfoSec #InfoStealer #Malware #OTX #OpenThreatExchange #Password #Passwords #VPN #Word #bot #cryptocti

Credential Stealer EKZ Delivered via FortiClient EMS Exploitation

Attackers exploited CVE-2026-35616 in FortiClient EMS. Threat actors changes EMS settings and pushed a malicious VPN script to endpoints. The script downloaded EKZ Infostealer, disguised as a Fortinet patch. The malware steals browser passwords, cookies, and autofill data.

Pulse ID: 6a1879e15c8f2d2d2cf72b60
Pulse Link: https://otx.alienvault.com/pulse/6a1879e15c8f2d2d2cf72b60
Pulse Author: cryptocti
Created: 2026-05-28 17:22:41

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cookies #CyberSecurity #Endpoint #InfoSec #InfoStealer #Malware #OTX #OpenThreatExchange #Password #Passwords #VPN #Word #bot #cryptocti

Credential Stealer EKZ Delivered via FortiClient EMS Exploitation

Attackers exploited CVE-2026-35616 in FortiClient EMS. Threat actors changes EMS settings and pushed a malicious VPN script to endpoints. The script downloaded EKZ Infostealer, disguised as a Fortinet patch. The malware steals browser passwords, cookies, and autofill data.

Pulse ID: 6a1879e2d85be08873d89445
Pulse Link: https://otx.alienvault.com/pulse/6a1879e2d85be08873d89445
Pulse Author: cryptocti
Created: 2026-05-28 17:22:42

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cookies #CyberSecurity #Endpoint #InfoSec #InfoStealer #Malware #OTX #OpenThreatExchange #Password #Passwords #VPN #Word #bot #cryptocti

Credential Stealer EKZ Delivered via FortiClient EMS Exploitation

Attackers exploited CVE-2026-35616 in FortiClient EMS. Threat actors changes EMS settings and pushed a malicious VPN script to endpoints. The script downloaded EKZ Infostealer, disguised as a Fortinet patch. The malware steals browser passwords, cookies, and autofill data.

Pulse ID: 6a187a5035303b62f8e49196
Pulse Link: https://otx.alienvault.com/pulse/6a187a5035303b62f8e49196
Pulse Author: cryptocti
Created: 2026-05-28 17:24:32

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cookies #CyberSecurity #Endpoint #InfoSec #InfoStealer #Malware #OTX #OpenThreatExchange #Password #Passwords #VPN #Word #bot #cryptocti

Credential Stealer EKZ Delivered via FortiClient EMS Exploitation

Attackers exploited CVE-2026-35616 in FortiClient EMS. Threat actors changes EMS settings and pushed a malicious VPN script to endpoints. The script downloaded EKZ Infostealer, disguised as a Fortinet patch. The malware steals browser passwords, cookies, and autofill data.

Pulse ID: 6a187acb35f351993fe5e76b
Pulse Link: https://otx.alienvault.com/pulse/6a187acb35f351993fe5e76b
Pulse Author: cryptocti
Created: 2026-05-28 17:26:35

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cookies #CyberSecurity #Endpoint #InfoSec #InfoStealer #Malware #OTX #OpenThreatExchange #Password #Passwords #VPN #Word #bot #cryptocti

A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

JINX-0164, a financially motivated threat actor active since mid-2025, has been conducting sophisticated campaigns against cryptocurrency organizations. The actor employs LinkedIn-based social engineering, posing as recruiters or business partners to deliver custom macOS malware including AUDIOFIX (a Python-based infostealer and RAT) and MINIRAT (a lightweight Go backdoor). Their operations focus on compromising developer endpoints to steal cryptocurrency wallet credentials, cloud secrets, and GitHub tokens. The attackers then pivot to CI/CD infrastructure, injecting malicious code into repositories to enable lateral movement. In April 2026, they executed a supply chain attack by trojanizing the npm package @velora-dex/sdk. The group masks activity using VPN services and demonstrates advanced capabilities including credential harvesting from password managers, browser extensions, and development tools.

Pulse ID: 6a181e409d755171f4ac356c
Pulse Link: https://otx.alienvault.com/pulse/6a181e409d755171f4ac356c
Pulse Author: AlienVault
Created: 2026-05-28 10:51:44

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Browser #Cloud #CredentialHarvesting #CyberSecurity #Endpoint #GitHub #InfoSec #InfoStealer #LinkedIn #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #Password #Python #RAT #SocialEngineering #SupplyChain #Trojan #VPN #Word #bot #cryptocurrency #AlienVault

A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

JINX-0164, a financially motivated threat actor active since mid-2025, has been conducting sophisticated campaigns against cryptocurrency organizations. The actor employs LinkedIn-based social engineering, posing as recruiters or business partners to deliver custom macOS malware including AUDIOFIX (a Python-based infostealer and RAT) and MINIRAT (a lightweight Go backdoor). Their operations focus on compromising developer endpoints to steal cryptocurrency wallet credentials, cloud secrets, and GitHub tokens. The attackers then pivot to CI/CD infrastructure, injecting malicious code into repositories to enable lateral movement. In April 2026, they executed a supply chain attack by trojanizing the npm package @velora-dex/sdk. The group masks activity using VPN services and demonstrates advanced capabilities including credential harvesting from password managers, browser extensions, and development tools.

Pulse ID: 6a181e409d755171f4ac356c
Pulse Link: https://otx.alienvault.com/pulse/6a181e409d755171f4ac356c
Pulse Author: AlienVault
Created: 2026-05-28 10:51:44

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Browser #Cloud #CredentialHarvesting #CyberSecurity #Endpoint #GitHub #InfoSec #InfoStealer #LinkedIn #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #Password #Python #RAT #SocialEngineering #SupplyChain #Trojan #VPN #Word #bot #cryptocurrency #AlienVault

A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

JINX-0164, a financially motivated threat actor active since mid-2025, has been conducting sophisticated campaigns against cryptocurrency organizations. The actor employs LinkedIn-based social engineering, posing as recruiters or business partners to deliver custom macOS malware including AUDIOFIX (a Python-based infostealer and RAT) and MINIRAT (a lightweight Go backdoor). Their operations focus on compromising developer endpoints to steal cryptocurrency wallet credentials, cloud secrets, and GitHub tokens. The attackers then pivot to CI/CD infrastructure, injecting malicious code into repositories to enable lateral movement. In April 2026, they executed a supply chain attack by trojanizing the npm package @velora-dex/sdk. The group masks activity using VPN services and demonstrates advanced capabilities including credential harvesting from password managers, browser extensions, and development tools.

Pulse ID: 6a181e409d755171f4ac356c
Pulse Link: https://otx.alienvault.com/pulse/6a181e409d755171f4ac356c
Pulse Author: AlienVault
Created: 2026-05-28 10:51:44

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Browser #Cloud #CredentialHarvesting #CyberSecurity #Endpoint #GitHub #InfoSec #InfoStealer #LinkedIn #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #Password #Python #RAT #SocialEngineering #SupplyChain #Trojan #VPN #Word #bot #cryptocurrency #AlienVault

A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

JINX-0164, a financially motivated threat actor active since mid-2025, has been conducting sophisticated campaigns against cryptocurrency organizations. The actor employs LinkedIn-based social engineering, posing as recruiters or business partners to deliver custom macOS malware including AUDIOFIX (a Python-based infostealer and RAT) and MINIRAT (a lightweight Go backdoor). Their operations focus on compromising developer endpoints to steal cryptocurrency wallet credentials, cloud secrets, and GitHub tokens. The attackers then pivot to CI/CD infrastructure, injecting malicious code into repositories to enable lateral movement. In April 2026, they executed a supply chain attack by trojanizing the npm package @velora-dex/sdk. The group masks activity using VPN services and demonstrates advanced capabilities including credential harvesting from password managers, browser extensions, and development tools.

Pulse ID: 6a181e409d755171f4ac356c
Pulse Link: https://otx.alienvault.com/pulse/6a181e409d755171f4ac356c
Pulse Author: AlienVault
Created: 2026-05-28 10:51:44

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Browser #Cloud #CredentialHarvesting #CyberSecurity #Endpoint #GitHub #InfoSec #InfoStealer #LinkedIn #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #Password #Python #RAT #SocialEngineering #SupplyChain #Trojan #VPN #Word #bot #cryptocurrency #AlienVault

A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

JINX-0164, a financially motivated threat actor active since mid-2025, has been conducting sophisticated campaigns against cryptocurrency organizations. The actor employs LinkedIn-based social engineering, posing as recruiters or business partners to deliver custom macOS malware including AUDIOFIX (a Python-based infostealer and RAT) and MINIRAT (a lightweight Go backdoor). Their operations focus on compromising developer endpoints to steal cryptocurrency wallet credentials, cloud secrets, and GitHub tokens. The attackers then pivot to CI/CD infrastructure, injecting malicious code into repositories to enable lateral movement. In April 2026, they executed a supply chain attack by trojanizing the npm package @velora-dex/sdk. The group masks activity using VPN services and demonstrates advanced capabilities including credential harvesting from password managers, browser extensions, and development tools.

Pulse ID: 6a181e409d755171f4ac356c
Pulse Link: https://otx.alienvault.com/pulse/6a181e409d755171f4ac356c
Pulse Author: AlienVault
Created: 2026-05-28 10:51:44

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Browser #Cloud #CredentialHarvesting #CyberSecurity #Endpoint #GitHub #InfoSec #InfoStealer #LinkedIn #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #Password #Python #RAT #SocialEngineering #SupplyChain #Trojan #VPN #Word #bot #cryptocurrency #AlienVault

A miner with a side of RAT: the unintended gift with your TV show or book

A cybercrime campaign active since at least 2022 has been distributing cryptocurrency miners and RAT malware through illegal streaming sites and digital libraries. Victims are tricked via fake video player plugin updates or browser crash pages into downloading ZIP archives containing legitimate executables and malicious DLLs. The malware employs DLL side-loading, establishes persistence through Windows services, and deploys multiple components including XMRig-based CPU miners, GPU miners, a watchdog module, and a RAT agent with remote control capabilities. The campaign leverages highly popular pirated content sites with monthly traffic reaching up to 40 million visits, significantly expanding the potential victim pool. The malware includes sophisticated anti-detection features, DNS tunneling for command-and-control, and domain generation algorithms based on dates.

Pulse ID: 6a181f75cd4fa08fe38dfc48
Pulse Link: https://otx.alienvault.com/pulse/6a181f75cd4fa08fe38dfc48
Pulse Author: AlienVault
Created: 2026-05-28 10:56:53

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #CyberCrime #CyberSecurity #DNS #InfoSec #Malware #OTX #OpenThreatExchange #RAT #WatchDog #Windows #ZIP #bot #cryptocurrency #AlienVault

Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years

In late April 2026, a client reached out to us for incident response support after discovering a miner running on users’ computers. We later discovered that the malware was being distributed via illegal movie and TV show streaming sites. The infection chain leveraged a fake update for a video player plugin. When the user attempted to watch a video, the player displayed a message saying the plugin version was outdated and asking to install an update to continue.

Pulse ID: 6a1857cf8a8447bb024b8f88
Pulse Link: https://otx.alienvault.com/pulse/6a1857cf8a8447bb024b8f88
Pulse Author: CyberHunter_NL
Created: 2026-05-28 14:57:19

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberCrime #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #RAT #SSH #bot #CyberHunter_NL

Grandoreiro Malware Targets Europe and Latin America

Pulse ID: 6a185813020d52dd357bb73d
Pulse Link: https://otx.alienvault.com/pulse/6a185813020d52dd357bb73d
Pulse Author: CyberHunter_NL
Created: 2026-05-28 14:58:27

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Europe #InfoSec #LatinAmerica #Malware #OTX #OpenThreatExchange #bot #CyberHunter_NL

Grandoreiro Malware Targets Europe and Latin America

Pulse ID: 6a1858136187cec091cbbd60
Pulse Link: https://otx.alienvault.com/pulse/6a1858136187cec091cbbd60
Pulse Author: CyberHunter_NL
Created: 2026-05-28 14:58:27

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Europe #InfoSec #LatinAmerica #Malware #OTX #OpenThreatExchange #bot #CyberHunter_NL

Grandoreiro Malware Targets Europe and Latin America

Pulse ID: 6a185814a974006ece6546e4
Pulse Link: https://otx.alienvault.com/pulse/6a185814a974006ece6546e4
Pulse Author: CyberHunter_NL
Created: 2026-05-28 14:58:28

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Europe #InfoSec #LatinAmerica #Malware #OTX #OpenThreatExchange #bot #CyberHunter_NL

Grandoreiro Malware Targets Europe and Latin America

Pulse ID: 6a18581974dad992c595f4ce
Pulse Link: https://otx.alienvault.com/pulse/6a18581974dad992c595f4ce
Pulse Author: CyberHunter_NL
Created: 2026-05-28 14:58:33

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Europe #InfoSec #LatinAmerica #Malware #OTX #OpenThreatExchange #bot #CyberHunter_NL

Grandoreiro Malware Targets Europe and Latin America

Pulse ID: 6a1858201bcc88485ac5577e
Pulse Link: https://otx.alienvault.com/pulse/6a1858201bcc88485ac5577e
Pulse Author: CyberHunter_NL
Created: 2026-05-28 14:58:40

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Europe #InfoSec #LatinAmerica #Malware #OTX #OpenThreatExchange #bot #CyberHunter_NL

Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years

In late April 2026, a client reached out to us for incident response support after discovering a miner running on users’ computers. We later discovered that the malware was being distributed via illegal movie and TV show streaming sites. The infection chain leveraged a fake update for a video player plugin. When the user attempted to watch a video, the player displayed a message saying the plugin version was outdated and asking to install an update to continue.

Pulse ID: 6a18578b6109b8e143e92f9d
Pulse Link: https://otx.alienvault.com/pulse/6a18578b6109b8e143e92f9d
Pulse Author: CyberHunter_NL
Created: 2026-05-28 14:56:11

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberCrime #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #RAT #SSH #bot #CyberHunter_NL

Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years

In late April 2026, a client reached out to us for incident response support after discovering a miner running on users’ computers. We later discovered that the malware was being distributed via illegal movie and TV show streaming sites. The infection chain leveraged a fake update for a video player plugin. When the user attempted to watch a video, the player displayed a message saying the plugin version was outdated and asking to install an update to continue.

Pulse ID: 6a18578b75d8ad71151b060a
Pulse Link: https://otx.alienvault.com/pulse/6a18578b75d8ad71151b060a
Pulse Author: CyberHunter_NL
Created: 2026-05-28 14:56:11

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberCrime #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #RAT #SSH #bot #CyberHunter_NL

Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years

In late April 2026, a client reached out to us for incident response support after discovering a miner running on users’ computers. We later discovered that the malware was being distributed via illegal movie and TV show streaming sites. The infection chain leveraged a fake update for a video player plugin. When the user attempted to watch a video, the player displayed a message saying the plugin version was outdated and asking to install an update to continue.

Pulse ID: 6a18578bbf7da0aae660f8bf
Pulse Link: https://otx.alienvault.com/pulse/6a18578bbf7da0aae660f8bf
Pulse Author: CyberHunter_NL
Created: 2026-05-28 14:56:11

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberCrime #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #RAT #SSH #bot #CyberHunter_NL

Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years

In late April 2026, a client reached out to us for incident response support after discovering a miner running on users’ computers. We later discovered that the malware was being distributed via illegal movie and TV show streaming sites. The infection chain leveraged a fake update for a video player plugin. When the user attempted to watch a video, the player displayed a message saying the plugin version was outdated and asking to install an update to continue.

Pulse ID: 6a18578fc37223594de644c8
Pulse Link: https://otx.alienvault.com/pulse/6a18578fc37223594de644c8
Pulse Author: CyberHunter_NL
Created: 2026-05-28 14:56:14

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberCrime #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #RAT #SSH #bot #CyberHunter_NL

The Netskope Threat Labs for Europe 🇪🇺 is out! 📢

🇪🇺 99% of orgs use #GenAI apps
🇪🇺 #ChatGPT top GenAI app
🇪🇺 Particular Audience top blocked GenAI app
🇪🇺 #GitHub top exploited #cloud app for #malware
🇪🇺 Regulated data generate most #DLP violations

https://www.netskope.com/resources/threat-labs-reports/threat-labs-report-europe-2026

The Netskope Threat Labs for Europe 🇪🇺 is out! 📢

🇪🇺 99% of orgs use #GenAI apps
🇪🇺 #ChatGPT top GenAI app
🇪🇺 Particular Audience top blocked GenAI app
🇪🇺 #GitHub top exploited #cloud app for #malware
🇪🇺 Regulated data generate most #DLP violations

https://www.netskope.com/resources/threat-labs-reports/threat-labs-report-europe-2026

The Netskope Threat Labs for Europe 🇪🇺 is out! 📢

🇪🇺 99% of orgs use #GenAI apps
🇪🇺 #ChatGPT top GenAI app
🇪🇺 Particular Audience top blocked GenAI app
🇪🇺 #GitHub top exploited #cloud app for #malware
🇪🇺 Regulated data generate most #DLP violations

https://www.netskope.com/resources/threat-labs-reports/threat-labs-report-europe-2026

Supply Chain : le botnet Glassworm ciblant GitHub et VS Code a été démantelé ! https://www.it-connect.fr/supply-chain-le-botnet-glassworm-ciblant-github-et-vs-code-a-ete-demantele/ #ActuCybersécurité #Cybersécurité #Malware

Valve VS Vibe-Coded Viruses

https://www.youtube.com/watch?v=S8ptQ_dohco

#AI
#Valve
#Steam
#Games
#Malware
#JKSMX

CrowdStrike, Google shatter Glassworm botnet

https://www.theregister.com/cyber-crime/2026/05/27/crowdstrike-google-shatter-glassworm-botnet/5247337

Read on HackerWorkspace: https://hackerworkspace.com/article/crowdstrike-google-shatter-glassworm-botnet

#malware #cybersecurity #incidentresponse

CrowdStrike, Google shatter Glassworm botnet

https://www.theregister.com/cyber-crime/2026/05/27/crowdstrike-google-shatter-glassworm-botnet/5247337

Read on HackerWorkspace: https://hackerworkspace.com/article/crowdstrike-google-shatter-glassworm-botnet

#malware #cybersecurity #incidentresponse

CrowdStrike, Google shatter Glassworm botnet

https://www.theregister.com/cyber-crime/2026/05/27/crowdstrike-google-shatter-glassworm-botnet/5247337

Read on HackerWorkspace: https://hackerworkspace.com/article/crowdstrike-google-shatter-glassworm-botnet

#malware #cybersecurity #incidentresponse

CrowdStrike, Google shatter Glassworm botnet

https://www.theregister.com/cyber-crime/2026/05/27/crowdstrike-google-shatter-glassworm-botnet/5247337

Read on HackerWorkspace: https://hackerworkspace.com/article/crowdstrike-google-shatter-glassworm-botnet

#malware #cybersecurity #incidentresponse

Nimbus Manticore e il backdoor MiniFast: l’Iran usa l’IA per colpire aviazione e oil&gas durante la guerra

https://insicurezzadigitale.com/nimbus-manticore-e-il-backdoor-minifast-liran-usa-lia-per-colpire-aviazione-e-oilgas-durante-la-guerra/

Nimbus Manticore e il backdoor MiniFast: l’Iran usa l’IA per colpire aviazione e oil&gas durante la guerra

https://insicurezzadigitale.com/nimbus-manticore-e-il-backdoor-minifast-liran-usa-lia-per-colpire-aviazione-e-oilgas-durante-la-guerra/

Nimbus Manticore e il backdoor MiniFast: l’Iran usa l’IA per colpire aviazione e oil&gas durante la guerra

https://insicurezzadigitale.com/nimbus-manticore-e-il-backdoor-minifast-liran-usa-lia-per-colpire-aviazione-e-oilgas-durante-la-guerra/

Nimbus Manticore e il backdoor MiniFast: l’Iran usa l’IA per colpire aviazione e oil&gas durante la guerra

https://insicurezzadigitale.com/nimbus-manticore-e-il-backdoor-minifast-liran-usa-lia-per-colpire-aviazione-e-oilgas-durante-la-guerra/

Nimbus Manticore e il backdoor MiniFast: l’Iran usa l’IA per colpire aviazione e oil&gas durante la guerra

https://insicurezzadigitale.com/nimbus-manticore-e-il-backdoor-minifast-liran-usa-lia-per-colpire-aviazione-e-oilgas-durante-la-guerra/

Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data

A sophisticated phishing campaign distributes a PureLogs variant through deceptive purchase order emails containing malicious JavaScript files. The attack chain employs obfuscated JavaScript that drops PowerShell scripts, which then use process hollowing techniques to inject .NET modules into legitimate Windows processes. The malware communicates with command-and-control infrastructure to download additional plugins. PureLogs collects extensive sensitive information including credentials from web browsers, cryptocurrency wallets, email clients, Discord, and various applications. It also captures screenshots, system information, and clipboard data. The collected data is compressed, encrypted with AES, and exfiltrated to remote servers. The campaign demonstrates advanced evasion techniques through fileless execution, multiple encryption layers, and abuse of trusted processes like MsBuild.exe, making detection challenging for traditional security solutions.

Pulse ID: 6a15ba258c1acc516e08c0fd
Pulse Link: https://otx.alienvault.com/pulse/6a15ba258c1acc516e08c0fd
Pulse Author: AlienVault
Created: 2026-05-26 15:20:05

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Clipboard #CyberSecurity #Discord #Email #Encryption #InfoSec #Java #JavaScript #MSBuild #Malware #NET #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #Rust #Windows #bot #cryptocurrency #AlienVault

Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data

A sophisticated phishing campaign distributes a PureLogs variant through deceptive purchase order emails containing malicious JavaScript files. The attack chain employs obfuscated JavaScript that drops PowerShell scripts, which then use process hollowing techniques to inject .NET modules into legitimate Windows processes. The malware communicates with command-and-control infrastructure to download additional plugins. PureLogs collects extensive sensitive information including credentials from web browsers, cryptocurrency wallets, email clients, Discord, and various applications. It also captures screenshots, system information, and clipboard data. The collected data is compressed, encrypted with AES, and exfiltrated to remote servers. The campaign demonstrates advanced evasion techniques through fileless execution, multiple encryption layers, and abuse of trusted processes like MsBuild.exe, making detection challenging for traditional security solutions.

Pulse ID: 6a15ba258c1acc516e08c0fd
Pulse Link: https://otx.alienvault.com/pulse/6a15ba258c1acc516e08c0fd
Pulse Author: AlienVault
Created: 2026-05-26 15:20:05

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Clipboard #CyberSecurity #Discord #Email #Encryption #InfoSec #Java #JavaScript #MSBuild #Malware #NET #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #Rust #Windows #bot #cryptocurrency #AlienVault

Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data

A sophisticated phishing campaign distributes a PureLogs variant through deceptive purchase order emails containing malicious JavaScript files. The attack chain employs obfuscated JavaScript that drops PowerShell scripts, which then use process hollowing techniques to inject .NET modules into legitimate Windows processes. The malware communicates with command-and-control infrastructure to download additional plugins. PureLogs collects extensive sensitive information including credentials from web browsers, cryptocurrency wallets, email clients, Discord, and various applications. It also captures screenshots, system information, and clipboard data. The collected data is compressed, encrypted with AES, and exfiltrated to remote servers. The campaign demonstrates advanced evasion techniques through fileless execution, multiple encryption layers, and abuse of trusted processes like MsBuild.exe, making detection challenging for traditional security solutions.

Pulse ID: 6a15ba258c1acc516e08c0fd
Pulse Link: https://otx.alienvault.com/pulse/6a15ba258c1acc516e08c0fd
Pulse Author: AlienVault
Created: 2026-05-26 15:20:05

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Clipboard #CyberSecurity #Discord #Email #Encryption #InfoSec #Java #JavaScript #MSBuild #Malware #NET #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #Rust #Windows #bot #cryptocurrency #AlienVault

Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data

A sophisticated phishing campaign distributes a PureLogs variant through deceptive purchase order emails containing malicious JavaScript files. The attack chain employs obfuscated JavaScript that drops PowerShell scripts, which then use process hollowing techniques to inject .NET modules into legitimate Windows processes. The malware communicates with command-and-control infrastructure to download additional plugins. PureLogs collects extensive sensitive information including credentials from web browsers, cryptocurrency wallets, email clients, Discord, and various applications. It also captures screenshots, system information, and clipboard data. The collected data is compressed, encrypted with AES, and exfiltrated to remote servers. The campaign demonstrates advanced evasion techniques through fileless execution, multiple encryption layers, and abuse of trusted processes like MsBuild.exe, making detection challenging for traditional security solutions.

Pulse ID: 6a15ba258c1acc516e08c0fd
Pulse Link: https://otx.alienvault.com/pulse/6a15ba258c1acc516e08c0fd
Pulse Author: AlienVault
Created: 2026-05-26 15:20:05

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Clipboard #CyberSecurity #Discord #Email #Encryption #InfoSec #Java #JavaScript #MSBuild #Malware #NET #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #Rust #Windows #bot #cryptocurrency #AlienVault

Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data

A sophisticated phishing campaign distributes a PureLogs variant through deceptive purchase order emails containing malicious JavaScript files. The attack chain employs obfuscated JavaScript that drops PowerShell scripts, which then use process hollowing techniques to inject .NET modules into legitimate Windows processes. The malware communicates with command-and-control infrastructure to download additional plugins. PureLogs collects extensive sensitive information including credentials from web browsers, cryptocurrency wallets, email clients, Discord, and various applications. It also captures screenshots, system information, and clipboard data. The collected data is compressed, encrypted with AES, and exfiltrated to remote servers. The campaign demonstrates advanced evasion techniques through fileless execution, multiple encryption layers, and abuse of trusted processes like MsBuild.exe, making detection challenging for traditional security solutions.

Pulse ID: 6a15ba258c1acc516e08c0fd
Pulse Link: https://otx.alienvault.com/pulse/6a15ba258c1acc516e08c0fd
Pulse Author: AlienVault
Created: 2026-05-26 15:20:05

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Clipboard #CyberSecurity #Discord #Email #Encryption #InfoSec #Java #JavaScript #MSBuild #Malware #NET #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #Rust #Windows #bot #cryptocurrency #AlienVault

CVE-2026-5426: zero-day in KnowledgeDeliver LMS sfruttato per distribuire BLUEBEAM e Cobalt Strike BEACON

https://insicurezzadigitale.com/cve-2026-5426-zero-day-in-knowledgedeliver-lms-sfruttato-per-distribuire-bluebeam-e-cobalt-strike-beacon/

CVE-2026-5426: zero-day in KnowledgeDeliver LMS sfruttato per distribuire BLUEBEAM e Cobalt Strike BEACON

https://insicurezzadigitale.com/cve-2026-5426-zero-day-in-knowledgedeliver-lms-sfruttato-per-distribuire-bluebeam-e-cobalt-strike-beacon/

CVE-2026-5426: zero-day in KnowledgeDeliver LMS sfruttato per distribuire BLUEBEAM e Cobalt Strike BEACON

https://insicurezzadigitale.com/cve-2026-5426-zero-day-in-knowledgedeliver-lms-sfruttato-per-distribuire-bluebeam-e-cobalt-strike-beacon/

CVE-2026-5426: zero-day in KnowledgeDeliver LMS sfruttato per distribuire BLUEBEAM e Cobalt Strike BEACON

https://insicurezzadigitale.com/cve-2026-5426-zero-day-in-knowledgedeliver-lms-sfruttato-per-distribuire-bluebeam-e-cobalt-strike-beacon/