#password — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #password, aggregated by home.social.
-
Website installer incident (May 2026)
In early May 2026, attackers compromised the official JDownloader website by manipulating specific installer download links through the content management system. Between May 6-7, 2026 (UTC), users who downloaded Windows installers via "Download Alternative Installer" links or the Linux shell installer were redirected to malicious third-party files instead of genuine installers. The attackers gained CMS-level access only, not server or filesystem control. The incident was detected on May 7 via Reddit alerts, and the server was immediately taken offline. Malicious links were removed, legitimate links restored, and security hardened before the site resumed normal operations on May 8-9. In-app updates and other download paths remained unaffected. Users who executed downloaded installers during the risk window are advised to perform clean OS reinstalls and change passwords from trusted devices.
Pulse ID: 6a01c237ee7d6056fbe6a77f
Pulse Link: https://otx.alienvault.com/pulse/6a01c237ee7d6056fbe6a77f
Pulse Author: AlienVault
Created: 2026-05-11 11:49:11Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #Linux #OTX #OpenThreatExchange #Password #Passwords #RAT #Rust #Windows #Word #bot #AlienVault
-
Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers
Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.
Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault
-
Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers
Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.
Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault
-
Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers
Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.
Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault
-
Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers
Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.
Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault
-
Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers
Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.
Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault
-
Abuse of Cloud-Native Infrastructure in Modern Phishing Campaigns
An investigation has revealed a structural evolution in phishing operations where threat actors conduct entire campaigns through legitimate, enterprise-trusted cloud infrastructure rather than attacker-controlled systems. Adversaries weaponize platforms employees use daily, including cloud storage, productivity suites, and OAuth authentication endpoints. Attacks originate from legitimate Google or Microsoft systems, passing all authentication checks while linking to whitelisted cloud services. Multi-factor authentication is bypassed without touching passwords, and victim organizations show no anomalous SIEM events at compromise time. Campaigns employ five stages: delivery via provider-owned infrastructure, payload hosting on legitimate cloud storage, execution within browser memory using native APIs, credential theft through legitimate authentication flows, and persistent presence through licensed services. Detection requires behavioral analysis rather than traditional indicators, as attackers operate enti...
Pulse ID: 69fe0ae9bf660196169e557b
Pulse Link: https://otx.alienvault.com/pulse/69fe0ae9bf660196169e557b
Pulse Author: AlienVault
Created: 2026-05-08 16:10:17Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Cloud #CyberSecurity #Endpoint #Google #InfoSec #Microsoft #OTX #OpenThreatExchange #Password #Passwords #Phishing #RAT #Rust #Troll #Word #bot #AlienVault
-
Abuse of Cloud-Native Infrastructure in Modern Phishing Campaigns
An investigation has revealed a structural evolution in phishing operations where threat actors conduct entire campaigns through legitimate, enterprise-trusted cloud infrastructure rather than attacker-controlled systems. Adversaries weaponize platforms employees use daily, including cloud storage, productivity suites, and OAuth authentication endpoints. Attacks originate from legitimate Google or Microsoft systems, passing all authentication checks while linking to whitelisted cloud services. Multi-factor authentication is bypassed without touching passwords, and victim organizations show no anomalous SIEM events at compromise time. Campaigns employ five stages: delivery via provider-owned infrastructure, payload hosting on legitimate cloud storage, execution within browser memory using native APIs, credential theft through legitimate authentication flows, and persistent presence through licensed services. Detection requires behavioral analysis rather than traditional indicators, as attackers operate enti...
Pulse ID: 69fe0ae9bf660196169e557b
Pulse Link: https://otx.alienvault.com/pulse/69fe0ae9bf660196169e557b
Pulse Author: AlienVault
Created: 2026-05-08 16:10:17Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Cloud #CyberSecurity #Endpoint #Google #InfoSec #Microsoft #OTX #OpenThreatExchange #Password #Passwords #Phishing #RAT #Rust #Troll #Word #bot #AlienVault
-
Abuse of Cloud-Native Infrastructure in Modern Phishing Campaigns
An investigation has revealed a structural evolution in phishing operations where threat actors conduct entire campaigns through legitimate, enterprise-trusted cloud infrastructure rather than attacker-controlled systems. Adversaries weaponize platforms employees use daily, including cloud storage, productivity suites, and OAuth authentication endpoints. Attacks originate from legitimate Google or Microsoft systems, passing all authentication checks while linking to whitelisted cloud services. Multi-factor authentication is bypassed without touching passwords, and victim organizations show no anomalous SIEM events at compromise time. Campaigns employ five stages: delivery via provider-owned infrastructure, payload hosting on legitimate cloud storage, execution within browser memory using native APIs, credential theft through legitimate authentication flows, and persistent presence through licensed services. Detection requires behavioral analysis rather than traditional indicators, as attackers operate enti...
Pulse ID: 69fe0ae9bf660196169e557b
Pulse Link: https://otx.alienvault.com/pulse/69fe0ae9bf660196169e557b
Pulse Author: AlienVault
Created: 2026-05-08 16:10:17Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Cloud #CyberSecurity #Endpoint #Google #InfoSec #Microsoft #OTX #OpenThreatExchange #Password #Passwords #Phishing #RAT #Rust #Troll #Word #bot #AlienVault
-
Abuse of Cloud-Native Infrastructure in Modern Phishing Campaigns
An investigation has revealed a structural evolution in phishing operations where threat actors conduct entire campaigns through legitimate, enterprise-trusted cloud infrastructure rather than attacker-controlled systems. Adversaries weaponize platforms employees use daily, including cloud storage, productivity suites, and OAuth authentication endpoints. Attacks originate from legitimate Google or Microsoft systems, passing all authentication checks while linking to whitelisted cloud services. Multi-factor authentication is bypassed without touching passwords, and victim organizations show no anomalous SIEM events at compromise time. Campaigns employ five stages: delivery via provider-owned infrastructure, payload hosting on legitimate cloud storage, execution within browser memory using native APIs, credential theft through legitimate authentication flows, and persistent presence through licensed services. Detection requires behavioral analysis rather than traditional indicators, as attackers operate enti...
Pulse ID: 69fe0ae9bf660196169e557b
Pulse Link: https://otx.alienvault.com/pulse/69fe0ae9bf660196169e557b
Pulse Author: AlienVault
Created: 2026-05-08 16:10:17Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Cloud #CyberSecurity #Endpoint #Google #InfoSec #Microsoft #OTX #OpenThreatExchange #Password #Passwords #Phishing #RAT #Rust #Troll #Word #bot #AlienVault
-
Abuse of Cloud-Native Infrastructure in Modern Phishing Campaigns
An investigation has revealed a structural evolution in phishing operations where threat actors conduct entire campaigns through legitimate, enterprise-trusted cloud infrastructure rather than attacker-controlled systems. Adversaries weaponize platforms employees use daily, including cloud storage, productivity suites, and OAuth authentication endpoints. Attacks originate from legitimate Google or Microsoft systems, passing all authentication checks while linking to whitelisted cloud services. Multi-factor authentication is bypassed without touching passwords, and victim organizations show no anomalous SIEM events at compromise time. Campaigns employ five stages: delivery via provider-owned infrastructure, payload hosting on legitimate cloud storage, execution within browser memory using native APIs, credential theft through legitimate authentication flows, and persistent presence through licensed services. Detection requires behavioral analysis rather than traditional indicators, as attackers operate enti...
Pulse ID: 69fe0ae9bf660196169e557b
Pulse Link: https://otx.alienvault.com/pulse/69fe0ae9bf660196169e557b
Pulse Author: AlienVault
Created: 2026-05-08 16:10:17Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Cloud #CyberSecurity #Endpoint #Google #InfoSec #Microsoft #OTX #OpenThreatExchange #Password #Passwords #Phishing #RAT #Rust #Troll #Word #bot #AlienVault
-
Heritage Foundation Leak
source: ddosecrets.org/article/heritag…
Includes "full names, #email #addresses, #passwords, and #usernames" of people associating with the #Heritage #Foundation between 2007 and November 2022, as well as the organization's blogs and material related to The Daily Signal.
#hack #hacker #leak #heritagefoundation #politics #security #cybersecurity #internet #ddos #bigdata #user #password #emails #fail #problem #news
-
Heritage Foundation Leak
source: ddosecrets.org/article/heritag…
Includes "full names, #email #addresses, #passwords, and #usernames" of people associating with the #Heritage #Foundation between 2007 and November 2022, as well as the organization's blogs and material related to The Daily Signal.
#hack #hacker #leak #heritagefoundation #politics #security #cybersecurity #internet #ddos #bigdata #user #password #emails #fail #problem #news
-
Heritage Foundation Leak
source: ddosecrets.org/article/heritag…
Includes "full names, #email #addresses, #passwords, and #usernames" of people associating with the #Heritage #Foundation between 2007 and November 2022, as well as the organization's blogs and material related to The Daily Signal.
#hack #hacker #leak #heritagefoundation #politics #security #cybersecurity #internet #ddos #bigdata #user #password #emails #fail #problem #news
-
Threat Actors Weaponize Tiflux RMMs in Malspam Attacks
Since late February, there has been an uptick in incidents involving Tiflux, a lesser-known Brazilian commercial remote management tool being weaponized by threat actors. The attack chain begins with phishing emails containing fake document lures that deliver a malicious MSI installer. Once executed, the installer deploys multiple remote access tools including UltraVNC, Splashtop, and ScreenConnect for persistent access. The Tiflux installer contains concerning components such as outdated VNC versions from 2014, expired certificates, hardcoded passwords, and a vulnerable HwRwDrv.sys driver known for privilege escalation abuse. The threat actors leverage these tools to establish persistence, capture screenshots, and collect system profiling information. This campaign exemplifies the continuing pattern of adversaries abusing legitimate remote management software for stealthy access to victim environments while chaining multiple tools together to maintain control.
Pulse ID: 69fd4f31a337de81bfb907d5
Pulse Link: https://otx.alienvault.com/pulse/69fd4f31a337de81bfb907d5
Pulse Author: AlienVault
Created: 2026-05-08 02:49:21Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Brazil #CyberSecurity #Email #InfoSec #MalSpam #OTX #OpenThreatExchange #Password #Passwords #Phishing #ScreenConnect #Spam #VNC #Word #bot #AlienVault
-
🔥 60% of MD5 password hashes are crackable in under an hour
「 Using a dataset of more than 231 million unique passwords sourced from dark web leaks - including 38 million added since its previous study - and hashing them with MD5, researchers at security firm Kaspersky found that, using a single Nvidia RTX 5090 graphics card, 60 percent of passwords could be cracked in less than an hour, and a full 48 percent in under 60 seconds 」
-
#ITByte: Do you know what is full form of #Captcha?
Today is #WorldPasswordDay. Know more about some common #Terminologies related to #Password and user #Authentication.
https://knowledgezone.co.in/posts/World-Password-Day-627397e7688874a8f4d93c77
-
#ITByte: Do you know what is full form of #Captcha?
Today is #WorldPasswordDay. Know more about some common #Terminologies related to #Password and user #Authentication.
https://knowledgezone.co.in/posts/World-Password-Day-627397e7688874a8f4d93c77
-
#ITByte: Do you know what is full form of #Captcha?
Today is #WorldPasswordDay. Know more about some common #Terminologies related to #Password and user #Authentication.
https://knowledgezone.co.in/posts/World-Password-Day-627397e7688874a8f4d93c77
-
#ITByte: Do you know what is full form of #Captcha?
Today is #WorldPasswordDay. Know more about some common #Terminologies related to #Password and user #Authentication.
https://knowledgezone.co.in/posts/World-Password-Day-627397e7688874a8f4d93c77
-
#ITByte: Do you know what is full form of #Captcha?
Today is #WorldPasswordDay. Know more about some common #Terminologies related to #Password and user #Authentication.
https://knowledgezone.co.in/posts/World-Password-Day-627397e7688874a8f4d93c77
-
Today is world password day 🔑
Passwords have been used since ancient times and protect humans and assets. But computers get more powerful and adversaries trickier while our brains can't handle the increasing number of long passwords.
Therefore there are helpers and alternatives.
- Use unique and random passwords with password managers
- Use Multi Factor Authentication
- Try passkeysDo you like games? https://neal.fun/password-game/
osco [uli]
-
Ho appena letto che #MicrosoftEdge carica persistentemente le #password salvate in memoria in chiaro.
Indovinate la risposta di #Microsoft?
Scelta “by design” per aumentare le prestazioni…
No, non è lercio.
@[email protected] @sicurezza
#nonèlercio #security #privacy #cybersecurity -
Edge: password in chiaro nella memoria RAM. Per Microsoft è “by design”
#Microsoft #MicrosoftEdge #sicurezza #Password
Le password salvate in Microsoft Edge finiscono in chiaro nella memoria RAM. Microsoft conferma: è un comportamento “by design”. Ecco cosa significa e i rischi.https://www.marcosbox.com/2026/05/06/edge-password-chiaro-memoria-ram-microsoft-by-design/
-
Microsoft Edge keeps all saved passwords in cleartext in RAM for the entire session, making memory scraping easier for attackers 🖥️
The behavior is “by design,” unlike Chrome, and highlights the risks of storing credentials in browsers instead of using password managers 🔑🔗 https://cybernews.com/security/microsoft-edge-loads-cleartext-passwords-to-memory/
#TechNews #Microsoft #MicrosoftEdge #Edge #Google #Chrome #Browser #Password #CyberSecurity #FOSS #Privacy #Encryption #DigitalSafety #MFA #PasswordManager #Passkeys #Software #InfoSec #Security #RAM
-
1Password adds direct credential import via the Credential Exchange Protocol, plus smarter login creation on iOS and Android for more seamless vault organization. 🔑
I recommend using a password manager daily to keep passwords secure and simplify everyday login management. 🛡️🔗 https://1password.com/blog/import-autofill-organize-whats-new-in-1password-this-quarter/
#TechNews #1Password #PasswordManager #Password #Passwords #iOS #Android #Privacy #Security #Encryption #DigitalSafety #FOSS #UX #CyberSecurity #Software #Bitwarden #OpenSource
-
There's been a mixed reaction on Microsoft Edge storing your passwords as plain text in memory.
Some say "wtf", some say "nah this is indeed normal".
I still didn't grasp why is this normal... can anyone help me understand?
-
CloudZ RAT potentially steals OTP messages using Pheno plugin
Cisco Talos uncovered an intrusion active since January 2026 where attackers deployed CloudZ remote access tool and an undocumented plugin called Pheno to steal credentials and one-time passwords. The attack exploits Microsoft Phone Link application by intercepting synchronized mobile data including SMS and OTPs without requiring phone-level infection. CloudZ evades detection through dynamic memory execution and anti-analysis checks. The infection chain begins with a fake ScreenConnect update executable, leading to a Rust-compiled dropper that deploys a .NET loader, ultimately establishing the modular CloudZ RAT. The Pheno plugin monitors Phone Link processes and intercepts SQLite database files containing synchronized phone data. CloudZ employs ConfuserEx obfuscation, multiple configuration layers, and facilitates various commands including browser data exfiltration, shell execution, and plugin management while maintaining persistence through scheduled tasks.
Pulse ID: 69f9f99cd352da334850ef13
Pulse Link: https://otx.alienvault.com/pulse/69f9f99cd352da334850ef13
Pulse Author: AlienVault
Created: 2026-05-05 14:07:24Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Cisco #Cloud #CyberSecurity #InfoSec #Microsoft #NET #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #Rust #SMS #SQL #ScreenConnect #Talos #Word #bot #AlienVault
-
New #EarlyAccess #blog post: #Password Length vs Complexity & What It Really Means
#Ghost: https://ghost.thenewoil.org/password-length-vs-complexity-what-it-really-means/
#Patreon: https://www.patreon.com/posts/password-length-157261661 -
That AI Extension Helping You Write Emails? It's Reading Them First
Researchers discovered 18 malicious AI browser extensions masquerading as productivity tools that deliver remote access trojans, meddler-in-the-middle attacks, and infostealers. These extensions exploit the rise of generative AI to target prompts, user behavior, and browser sessions through API interception, passive DOM observation, traffic proxying, and HTTPS response decryption. Examples include extensions that surveil emails during composition, intercept ChatGPT prompts, and exfiltrate passwords. Multiple samples contained AI-generated code indicating threat actors employed large language models to accelerate production. Google removed or issued warnings for all 18 reported extensions. These malicious tools specifically target sensitive data including AI API keys, authentication credentials, email content, and proprietary session information by exploiting user trust in AI-branded applications.
Pulse ID: 69f3e871eb2a73cd5c8bee7e
Pulse Link: https://otx.alienvault.com/pulse/69f3e871eb2a73cd5c8bee7e
Pulse Author: AlienVault
Created: 2026-04-30 23:40:33Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #ChatGPT #CyberSecurity #Email #Google #HTTP #HTTPS #InfoSec #InfoStealer #OTX #OpenThreatExchange #Password #Passwords #Proxy #RAT #RCE #RemoteAccessTrojan #Rust #Trojan #Word #bot #AlienVault
-
Energy Sector Incident Report
On December 29, 2025, coordinated destructive cyberattacks targeted Poland's energy infrastructure during severe winter weather. Approximately 30 wind and solar farms, a manufacturing company, and a combined heat and power plant serving nearly 500,000 customers were affected. Attackers exploited vulnerable FortiGate perimeter devices using stolen credentials and default passwords to access industrial control systems. Multiple types of wiper malware, including DynoWiper and LazyWiper, were deployed to destroy data across IT and OT environments. While renewable facilities lost communication with distribution operators without affecting electricity generation, the incidents demonstrated significant capability to cause physical disruption. Infrastructure analysis revealed connections to threat clusters known as Static Tundra, Ghost Blizzard, and potentially Sandworm, marking a notable escalation in cyber-sabotage operations.
Pulse ID: 69f32ac81834d5a878e8fac0
Pulse Link: https://otx.alienvault.com/pulse/69f32ac81834d5a878e8fac0
Pulse Author: AlienVault
Created: 2026-04-30 10:11:20Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberAttack #CyberAttacks #CyberSecurity #IndustrialControlSystems #InfoSec #Malware #Manufacturing #OTX #OpenThreatExchange #Password #Passwords #Poland #RAT #Sandworm #Word #Worm #bot #AlienVault
-
Energy Sector Incident Report
On December 29, 2025, coordinated destructive cyberattacks targeted Poland's energy infrastructure during severe winter weather. Approximately 30 wind and solar farms, a manufacturing company, and a combined heat and power plant serving nearly 500,000 customers were affected. Attackers exploited vulnerable FortiGate perimeter devices using stolen credentials and default passwords to access industrial control systems. Multiple types of wiper malware, including DynoWiper and LazyWiper, were deployed to destroy data across IT and OT environments. While renewable facilities lost communication with distribution operators without affecting electricity generation, the incidents demonstrated significant capability to cause physical disruption. Infrastructure analysis revealed connections to threat clusters known as Static Tundra, Ghost Blizzard, and potentially Sandworm, marking a notable escalation in cyber-sabotage operations.
Pulse ID: 69f32ac81834d5a878e8fac0
Pulse Link: https://otx.alienvault.com/pulse/69f32ac81834d5a878e8fac0
Pulse Author: AlienVault
Created: 2026-04-30 10:11:20Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberAttack #CyberAttacks #CyberSecurity #IndustrialControlSystems #InfoSec #Malware #Manufacturing #OTX #OpenThreatExchange #Password #Passwords #Poland #RAT #Sandworm #Word #Worm #bot #AlienVault
-
Energy Sector Incident Report
On December 29, 2025, coordinated destructive cyberattacks targeted Poland's energy infrastructure during severe winter weather. Approximately 30 wind and solar farms, a manufacturing company, and a combined heat and power plant serving nearly 500,000 customers were affected. Attackers exploited vulnerable FortiGate perimeter devices using stolen credentials and default passwords to access industrial control systems. Multiple types of wiper malware, including DynoWiper and LazyWiper, were deployed to destroy data across IT and OT environments. While renewable facilities lost communication with distribution operators without affecting electricity generation, the incidents demonstrated significant capability to cause physical disruption. Infrastructure analysis revealed connections to threat clusters known as Static Tundra, Ghost Blizzard, and potentially Sandworm, marking a notable escalation in cyber-sabotage operations.
Pulse ID: 69f32ac81834d5a878e8fac0
Pulse Link: https://otx.alienvault.com/pulse/69f32ac81834d5a878e8fac0
Pulse Author: AlienVault
Created: 2026-04-30 10:11:20Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberAttack #CyberAttacks #CyberSecurity #IndustrialControlSystems #InfoSec #Malware #Manufacturing #OTX #OpenThreatExchange #Password #Passwords #Poland #RAT #Sandworm #Word #Worm #bot #AlienVault
-
Energy Sector Incident Report
On December 29, 2025, coordinated destructive cyberattacks targeted Poland's energy infrastructure during severe winter weather. Approximately 30 wind and solar farms, a manufacturing company, and a combined heat and power plant serving nearly 500,000 customers were affected. Attackers exploited vulnerable FortiGate perimeter devices using stolen credentials and default passwords to access industrial control systems. Multiple types of wiper malware, including DynoWiper and LazyWiper, were deployed to destroy data across IT and OT environments. While renewable facilities lost communication with distribution operators without affecting electricity generation, the incidents demonstrated significant capability to cause physical disruption. Infrastructure analysis revealed connections to threat clusters known as Static Tundra, Ghost Blizzard, and potentially Sandworm, marking a notable escalation in cyber-sabotage operations.
Pulse ID: 69f32ac81834d5a878e8fac0
Pulse Link: https://otx.alienvault.com/pulse/69f32ac81834d5a878e8fac0
Pulse Author: AlienVault
Created: 2026-04-30 10:11:20Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberAttack #CyberAttacks #CyberSecurity #IndustrialControlSystems #InfoSec #Malware #Manufacturing #OTX #OpenThreatExchange #Password #Passwords #Poland #RAT #Sandworm #Word #Worm #bot #AlienVault
-
Energy Sector Incident Report
On December 29, 2025, coordinated destructive cyberattacks targeted Poland's energy infrastructure during severe winter weather. Approximately 30 wind and solar farms, a manufacturing company, and a combined heat and power plant serving nearly 500,000 customers were affected. Attackers exploited vulnerable FortiGate perimeter devices using stolen credentials and default passwords to access industrial control systems. Multiple types of wiper malware, including DynoWiper and LazyWiper, were deployed to destroy data across IT and OT environments. While renewable facilities lost communication with distribution operators without affecting electricity generation, the incidents demonstrated significant capability to cause physical disruption. Infrastructure analysis revealed connections to threat clusters known as Static Tundra, Ghost Blizzard, and potentially Sandworm, marking a notable escalation in cyber-sabotage operations.
Pulse ID: 69f32ac81834d5a878e8fac0
Pulse Link: https://otx.alienvault.com/pulse/69f32ac81834d5a878e8fac0
Pulse Author: AlienVault
Created: 2026-04-30 10:11:20Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberAttack #CyberAttacks #CyberSecurity #IndustrialControlSystems #InfoSec #Malware #Manufacturing #OTX #OpenThreatExchange #Password #Passwords #Poland #RAT #Sandworm #Word #Worm #bot #AlienVault
-
LofyStealer: Malware targeting Minecraft players.
A sophisticated two-stage infostealer named LofyStealer, also known as GrabBot/Slinky, targets Minecraft players through social engineering. The malware comprises a 53.5MB Node.js-based loader disguised within legitimate libraries and a 1.4MB native C++ payload that executes directly in memory. It extracts cookies, passwords, tokens, credit cards, and IBANs from eight different browsers including Chrome, Edge, Brave, Opera GX, and Firefox. The loader uses GitHub Actions for automated compilation while the payload employs direct syscalls to bypass EDR detection. Data is compressed via PowerShell, Base64-encoded, and exfiltrated to a Brazilian-hosted C2 server at 24.152.36.241. The operation is attributed with high confidence to the Brazilian cybercrime group LofyGang, operating a Malware-as-a-Service platform with Free and Premium tiers through a web panel branded as LofyStealer Advanced C2 Platform V2.0.
Pulse ID: 69f1f50b6a5e5d1ca31204bb
Pulse Link: https://otx.alienvault.com/pulse/69f1f50b6a5e5d1ca31204bb
Pulse Author: AlienVault
Created: 2026-04-29 12:09:47Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Brave #Brazil #Browser #Chrome #Cookies #CreditCard #CreditCards #CyberCrime #CyberSecurity #EDR #Edge #FireFox #GitHub #InfoSec #InfoStealer #Malware #MalwareAsAService #Minecraft #Nodejs #OTX #OpenThreatExchange #Opera #Password #Passwords #PowerShell #RAT #SocialEngineering #Word #bot #AlienVault
-
When a hacker breached #Vercel, they didn't need your #password. One employee's #OAuth token was enough. Host on a platform and you inherit their entire chain: every employee, every tool those employees use, every vendor behind those tools. Wrote about this.👇 Is a plain #VPS actually the safer setup, or is the platform risk worth the convenience? 🤔
-
From fake Proton VPN sites to gaming mods, this Windows infostealer is everywhere
Multiple campaigns are distributing NWHStealer through diverse delivery methods including fake VPN downloads, hardware utilities, and gaming modifications. The malware collects browser data, saved passwords, and cryptocurrency wallet information. Distribution occurs via fake websites impersonating legitimate services like Proton VPN, code hosting platforms such as GitHub and GitLab, file hosting services including MediaFire and SourceForge, and links from YouTube videos. Two primary infection methods were identified: one using a free web hosting provider distributing malicious ZIP files with self-injection, and another using fake websites with DLL hijacking that injects code into RegAsm processes. The stealer targets over 25 cryptocurrency wallets and multiple browsers, using AES-CBC encryption for command-and-control communications and employing UAC bypass techniques for privilege escalation.
Pulse ID: 69e27c47d37f66809a367479
Pulse Link: https://otx.alienvault.com/pulse/69e27c47d37f66809a367479
Pulse Author: AlienVault
Created: 2026-04-17 18:30:31Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #CyberSecurity #ELF #Encryption #GitHub #InfoSec #InfoStealer #Malware #OTX #OpenThreatExchange #Password #Passwords #RCE #VPN #Windows #Word #YouTube #ZIP #bot #cryptocurrency #AlienVault
-
Two-Factor #Authentication (2FA) typically combines a password with a code, whereas Multi-Factor Authentication (MFA) adds more layers, such as biometrics (fingerprint/face) or hardware tokens. Read MFA vs 2FA: What's the difference https://windowspost.com/2fa-vs-mfa/
Key Differences Between 2FA and MFA
Number of Factors: 2FA limits authentication to two layers (e.g., password + OTP), while MFA can incorporate three or more (e.g., password + OTP + fingerprint).
Security Level: MFA generally provides superior security against sophisticated attacks because it relies on multiple independent factors.
Complexity & UX: 2FA offers a more streamlined user experience with fewer steps. MFA may cause more user friction due to additional login steps, but it enhances security.
Flexibility: MFA offers greater flexibility, allowing organizations to adopt adaptive, risk-based authentication, while 2FA is a fixed two-step process
2FA Example: Entering a password (knowledge) and a code texted to your phone (possession).
MFA Example: Entering a password, a code from an app, and using a biometric scan (fingerprint or face)
#2FA #MFA #security #password #otp #Fingerprint #twostepverification #MFAverification #photochallange #technology #tech #TechGuide #techterms #techarticle
-
When I'm learning a new long complicated passphrase, I write it on a piece of paper that I carry with me all the time.
Now that I have memorized it the time has come to get rid of the paper.
I lit it on fire with a lighter under the kitchen fan.Almost feels like something from a movie 😅 🤷♂️
-
When I'm learning a new long complicated passphrase, I write it on a piece of paper that I carry with me all the time.
Now that I have memorized it the time has come to get rid of the paper.
I lit it on fire with a lighter under the kitchen fan.Almost feels like something from a movie 😅 🤷♂️
-
Direct-Sys Loader and CGrabber Stealer Five-Stage Malware Chain
A sophisticated five-stage malware operation delivers two new malware families: Direct-Sys Loader and CGrabber Stealer. The attack begins with ZIP archives distributed via GitHub user attachment URLs, exploiting a legitimate Microsoft-signed binary (Launcher_x64.exe) for DLL sideloading. Direct-Sys Loader employs ChaCha20 encryption, direct syscall execution, and multiple anti-analysis checks including text file verification, enumeration of 67 analysis tool processes, and hypervisor detection. CGrabber Stealer collects extensive system metadata, browser credentials, cryptocurrency wallets, password managers, VPN configurations, and application artifacts from over 150 applications and extensions. The stealer excludes CIS region systems and uses ChaCha20 encryption with HMAC SHA256 authentication for data exfiltration via custom HTTP headers. Both families share identical cryptographic implementations, suggesting common development origin and representing operationally mature infrastructure designed for larg...
Pulse ID: 69e1fb9b3bbb36c5db446094
Pulse Link: https://otx.alienvault.com/pulse/69e1fb9b3bbb36c5db446094
Pulse Author: AlienVault
Created: 2026-04-17 09:21:31Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #ChaCha20 #CyberSecurity #Encryption #GitHub #HTTP #InfoSec #Mac #Malware #Microsoft #OTX #OpenThreatExchange #Password #RAT #SideLoading #VPN #Word #ZIP #bot #cryptocurrency #AlienVault
-
An OTP (One Time Password) is valid for exactly 30–60 seconds.
Even though no one stores it anywhere. So, how does the server verify it without ever saving it?Well, that’s usually called a Time-based One-Time Password (TOTP).
Here’s how it actually works:
• A secret key is shared between your device and the server (only once)
• Both use the current time window (like 30 seconds)
• And a secure algorithm (HMAC)Using these, both sides generate the same OTP independently.
✅ No storage
✅ No database lookup
✅ Just math + timeWhen you enter the OTP, the server simply regenerates it and checks:
👉 “Does this match?”That’s how your OTP is verified… without ever being saved. 🔐
-
From fake Proton VPN sites to gaming mods, this Windows infostealer is everywhere
Multiple campaigns are distributing NWHStealer through diverse platforms including fake VPN downloads, hardware utilities, and gaming modifications. The infostealer collects browser data, saved passwords, and cryptocurrency wallet information. Distribution occurs via fake websites impersonating legitimate services like Proton VPN, code hosting platforms such as GitHub and GitLab, file hosting services including MediaFire and SourceForge, and links from YouTube videos. Two primary infection methods are analyzed: one using a free web hosting provider distributing malicious ZIP files with self-injection loaders, and another employing fake websites with DLL hijacking techniques that inject into the RegAsm process. The stealer targets over 25 cryptocurrency wallets and multiple browsers, exfiltrating data to command-and-control servers using AES-CBC encryption and maintaining persistence through scheduled tasks and UAC bypass techniques.
Pulse ID: 69dfb91808e1258915184d6e
Pulse Link: https://otx.alienvault.com/pulse/69dfb91808e1258915184d6e
Pulse Author: AlienVault
Created: 2026-04-15 16:13:12Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #CyberSecurity #ELF #Encryption #GitHub #InfoSec #InfoStealer #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #VPN #Windows #Word #YouTube #ZIP #bot #cryptocurrency #AlienVault
-
"I’ve come to realize that the idea of hoping for the best and planning for the worst is almost always the most ideal way to do things."
#investments #vanguard #fidelity #money #cybersecurity #acats #password #passkey #2fa
https://www.routetoretire.com/protecting-investment-accounts/
-
Q1 2026 Malware Statistics Report for Linux SSH Servers
Analysis of attacks against Linux SSH servers during Q1 2026 reveals P2PInfect worm as the dominant threat, representing 70.3% of all attack sources. DDoS botnets including Mirai, XMRig, Prometei, and CoinMiner were identified as primary threats. A notable campaign involved installing V2Ray proxy tools on compromised systems, attributed to a suspected Chinese threat actor. Attackers employed SSH brute-force techniques to gain access, executed reconnaissance commands to assess system information, and deployed V2Ray for proxy node operations. The campaign targeted poorly secured SSH servers with weak credentials, emphasizing the need for strong password policies, access controls, and network monitoring to detect unusual outbound connections and proxy-related activities.
Pulse ID: 69de00c30406a5cbb6ba9eef
Pulse Link: https://otx.alienvault.com/pulse/69de00c30406a5cbb6ba9eef
Pulse Author: AlienVault
Created: 2026-04-14 08:54:27Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Chinese #CoinMiner #CyberSecurity #DDoS #DoS #ICS #InfoSec #Linux #Malware #Mirai #OTX #OpenThreatExchange #Password #Proxy #RAT #RCE #SSH #Word #Worm #bot #botnet #AlienVault
-
OSINT для ленивых. Часть 7: Вспоминаем забытые пароли от zip архива за 2 минуты
Что такое хлам? Хлам это то, что хранится годами и ты его выкидываешь, как раз перед тем, как он тебе понадобится. Так иногда получается, что мы храним какие-то данные в zip архиве, а пароль от него забыли напрочь.Как люди грамотные, мы не ставим в качестве пароля свой день варенья или имя своего котика. Но пароль забыть, вспомнить шансов — ноль. Как быть?
