home.social
Sign in Create account

#phishing — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #phishing, aggregated by home.social.

  1. OTX Bot @[email protected] ·

    Device Code Phishing is an Evolution in Identity Takeover

    Device code phishing attacks have exploded across the threat landscape, with new toolkits emerging weekly. This surge coincides with publicly released criminal toolkits and multiple phishing-as-a-service offerings like EvilTokens and Tycoon. Threat actors abuse the OAuth 2.0 device authorization grant flow to compromise Microsoft 365 and other enterprise accounts by tricking users into authorizing malicious applications. Current implementations use on-demand code generation, addressing the 15-minute expiration limitation of previous techniques. Most activity appears to be generated using AI-based coding techniques. Successful attacks lead to full account takeover, data theft, business email compromise, and potential ransomware deployment. The technique represents the natural evolution of credential phishing as organizations improve their defenses against traditional multifactor authentication bypass methods.

    Pulse ID: 6a05af080ae591ea2bf00e87
    Pulse Link: otx.alienvault.com/pulse/6a05a
    Pulse Author: AlienVault
    Created: 2026-05-14 11:16:24

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #DataTheft #Email #InfoSec #Microsoft #MultiFactorAuthentication #OTX #OpenThreatExchange #Phishing #RAT #RansomWare #bot #AlienVault

    #cybersecurity #datatheft #email #infosec #microsoft #multifactorauthentication
  2. OTX Bot @[email protected] ·

    Disclosing new PebbleDash-based tools

    Kaspersky researchers conducted an in-depth analysis of Kimsuky APT activity, revealing tactical shifts and new malware variants based on the PebbleDash platform. The group introduced HelloDoor, a Rust-based backdoor, httpMalice leveraging HTTP and Dropbox communications, and updated MemLoad and httpTroy variants. Kimsuky maintains persistence through legitimate tools including VSCode Tunneling with GitHub authentication and DWAgent remote management software. Initial access occurs via spear-phishing with malicious attachments disguised as documents. The group primarily targets South Korean entities across government and defense sectors, with additional PebbleDash attacks observed in Brazil and Germany. Infrastructure relies on free South Korean hosting services and tunneling services like Cloudflare Quick Tunnels and Ngrok. Both PebbleDash and AppleSeed malware clusters demonstrate ongoing development with shared distribution methods, stolen certificates, and overlapping targets, indicating single-actor c...

    Pulse ID: 6a05af0979e3cc1214a50d4e
    Pulse Link: otx.alienvault.com/pulse/6a05a
    Pulse Author: AlienVault
    Created: 2026-05-14 11:16:25

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AppleSeed #BackDoor #Brazil #Cloud #CyberSecurity #Dropbox #Germany #GitHub #Government #HTTP #InfoSec #Kaspersky #Kimsuky #Korea #Malware #OTX #OpenThreatExchange #Phishing #RAT #Rust #SouthKorea #SpearPhishing #UK #bot #AlienVault

    #appleseed #backdoor #brazil #cloud #cybersecurity #dropbox
  3. OTX Bot @[email protected] ·

    Disclosing new PebbleDash-based tools

    Kaspersky researchers conducted an in-depth analysis of Kimsuky APT activity, revealing tactical shifts and new malware variants based on the PebbleDash platform. The group introduced HelloDoor, a Rust-based backdoor, httpMalice leveraging HTTP and Dropbox communications, and updated MemLoad and httpTroy variants. Kimsuky maintains persistence through legitimate tools including VSCode Tunneling with GitHub authentication and DWAgent remote management software. Initial access occurs via spear-phishing with malicious attachments disguised as documents. The group primarily targets South Korean entities across government and defense sectors, with additional PebbleDash attacks observed in Brazil and Germany. Infrastructure relies on free South Korean hosting services and tunneling services like Cloudflare Quick Tunnels and Ngrok. Both PebbleDash and AppleSeed malware clusters demonstrate ongoing development with shared distribution methods, stolen certificates, and overlapping targets, indicating single-actor c...

    Pulse ID: 6a05af0979e3cc1214a50d4e
    Pulse Link: otx.alienvault.com/pulse/6a05a
    Pulse Author: AlienVault
    Created: 2026-05-14 11:16:25

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AppleSeed #BackDoor #Brazil #Cloud #CyberSecurity #Dropbox #Germany #GitHub #Government #HTTP #InfoSec #Kaspersky #Kimsuky #Korea #Malware #OTX #OpenThreatExchange #Phishing #RAT #Rust #SouthKorea #SpearPhishing #UK #bot #AlienVault

    #appleseed #backdoor #brazil #cloud #cybersecurity #dropbox
  4. OTX Bot @[email protected] ·

    Disclosing new PebbleDash-based tools

    Kaspersky researchers conducted an in-depth analysis of Kimsuky APT activity, revealing tactical shifts and new malware variants based on the PebbleDash platform. The group introduced HelloDoor, a Rust-based backdoor, httpMalice leveraging HTTP and Dropbox communications, and updated MemLoad and httpTroy variants. Kimsuky maintains persistence through legitimate tools including VSCode Tunneling with GitHub authentication and DWAgent remote management software. Initial access occurs via spear-phishing with malicious attachments disguised as documents. The group primarily targets South Korean entities across government and defense sectors, with additional PebbleDash attacks observed in Brazil and Germany. Infrastructure relies on free South Korean hosting services and tunneling services like Cloudflare Quick Tunnels and Ngrok. Both PebbleDash and AppleSeed malware clusters demonstrate ongoing development with shared distribution methods, stolen certificates, and overlapping targets, indicating single-actor c...

    Pulse ID: 6a05af0979e3cc1214a50d4e
    Pulse Link: otx.alienvault.com/pulse/6a05a
    Pulse Author: AlienVault
    Created: 2026-05-14 11:16:25

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AppleSeed #BackDoor #Brazil #Cloud #CyberSecurity #Dropbox #Germany #GitHub #Government #HTTP #InfoSec #Kaspersky #Kimsuky #Korea #Malware #OTX #OpenThreatExchange #Phishing #RAT #Rust #SouthKorea #SpearPhishing #UK #bot #AlienVault

    #appleseed #backdoor #brazil #cloud #cybersecurity #dropbox
  5. OTX Bot @[email protected] ·

    Disclosing new PebbleDash-based tools

    Kaspersky researchers conducted an in-depth analysis of Kimsuky APT activity, revealing tactical shifts and new malware variants based on the PebbleDash platform. The group introduced HelloDoor, a Rust-based backdoor, httpMalice leveraging HTTP and Dropbox communications, and updated MemLoad and httpTroy variants. Kimsuky maintains persistence through legitimate tools including VSCode Tunneling with GitHub authentication and DWAgent remote management software. Initial access occurs via spear-phishing with malicious attachments disguised as documents. The group primarily targets South Korean entities across government and defense sectors, with additional PebbleDash attacks observed in Brazil and Germany. Infrastructure relies on free South Korean hosting services and tunneling services like Cloudflare Quick Tunnels and Ngrok. Both PebbleDash and AppleSeed malware clusters demonstrate ongoing development with shared distribution methods, stolen certificates, and overlapping targets, indicating single-actor c...

    Pulse ID: 6a05af0979e3cc1214a50d4e
    Pulse Link: otx.alienvault.com/pulse/6a05a
    Pulse Author: AlienVault
    Created: 2026-05-14 11:16:25

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AppleSeed #BackDoor #Brazil #Cloud #CyberSecurity #Dropbox #Germany #GitHub #Government #HTTP #InfoSec #Kaspersky #Kimsuky #Korea #Malware #OTX #OpenThreatExchange #Phishing #RAT #Rust #SouthKorea #SpearPhishing #UK #bot #AlienVault

    #alienvault #bot #uk #spearphishing #southkorea #rust
  6. OTX Bot @[email protected] ·

    Disclosing new PebbleDash-based tools

    Kaspersky researchers conducted an in-depth analysis of Kimsuky APT activity, revealing tactical shifts and new malware variants based on the PebbleDash platform. The group introduced HelloDoor, a Rust-based backdoor, httpMalice leveraging HTTP and Dropbox communications, and updated MemLoad and httpTroy variants. Kimsuky maintains persistence through legitimate tools including VSCode Tunneling with GitHub authentication and DWAgent remote management software. Initial access occurs via spear-phishing with malicious attachments disguised as documents. The group primarily targets South Korean entities across government and defense sectors, with additional PebbleDash attacks observed in Brazil and Germany. Infrastructure relies on free South Korean hosting services and tunneling services like Cloudflare Quick Tunnels and Ngrok. Both PebbleDash and AppleSeed malware clusters demonstrate ongoing development with shared distribution methods, stolen certificates, and overlapping targets, indicating single-actor c...

    Pulse ID: 6a05af0979e3cc1214a50d4e
    Pulse Link: otx.alienvault.com/pulse/6a05a
    Pulse Author: AlienVault
    Created: 2026-05-14 11:16:25

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AppleSeed #BackDoor #Brazil #Cloud #CyberSecurity #Dropbox #Germany #GitHub #Government #HTTP #InfoSec #Kaspersky #Kimsuky #Korea #Malware #OTX #OpenThreatExchange #Phishing #RAT #Rust #SouthKorea #SpearPhishing #UK #bot #AlienVault

    #appleseed #backdoor #brazil #cloud #cybersecurity #dropbox
  7. Christoph Schmees @[email protected] ·

    Cybersicherheitsmonitor (CyMon) 2026 – au weia

    Gerade wurden die Ergebnisse einer hochtrabend "Cybersicherheitsmonitor" (CyMon) genannten Umfrage veröffentlicht. Berichte mit einem Haufen schöner Zahlen und Grafiken gibt es auch von den beiden Initiatoren, dem BSI und der Polizei-Beratung.
    Nach meiner Einschätzung trägt diese Umfrage zur Transparenz oder zur Verbesserung der Situation genau nichts bei. Was wollen die Verantwortlichen damit sagen? Dass alles ganz ganz schlimm ist? Dass viele Menschen zu uninformiert und zu

    pc-fluesterer.info/wordpress/2

    #Allgemein #Empfehlung #Hintergrund #Warnung #antisoziale #betrug #cybercrime #erpresser #exploits #fake #foss #google #identitt #Microsoft #office #outlook #passwort #phishing #politik #sicherheit #trojaner #vorbeugen #windows #wissen #zahlen

    #allgemein #empfehlung #hintergrund #warnung #antisoziale #betrug
  8. Christoph Schmees @[email protected] ·

    Cybersicherheitsmonitor (CyMon) 2026 – au weia

    Gerade wurden die Ergebnisse einer hochtrabend "Cybersicherheitsmonitor" (CyMon) genannten Umfrage veröffentlicht. Berichte mit einem Haufen schöner Zahlen und Grafiken gibt es auch von den beiden Initiatoren, dem BSI und der Polizei-Beratung.
    Nach meiner Einschätzung trägt diese Umfrage zur Transparenz oder zur Verbesserung der Situation genau nichts bei. Was wollen die Verantwortlichen damit sagen? Dass alles ganz ganz schlimm ist? Dass viele Menschen zu uninformiert und zu

    pc-fluesterer.info/wordpress/2

    #Allgemein #Empfehlung #Hintergrund #Warnung #antisoziale #betrug #cybercrime #erpresser #exploits #fake #foss #google #identitt #Microsoft #office #outlook #passwort #phishing #politik #sicherheit #trojaner #vorbeugen #windows #wissen #zahlen

    #allgemein #empfehlung #hintergrund #warnung #antisoziale #betrug
  9. Christoph Schmees @[email protected] ·

    Cybersicherheitsmonitor (CyMon) 2026 – au weia

    Gerade wurden die Ergebnisse einer hochtrabend "Cybersicherheitsmonitor" (CyMon) genannten Umfrage veröffentlicht. Berichte mit einem Haufen schöner Zahlen und Grafiken gibt es auch von den beiden Initiatoren, dem BSI und der Polizei-Beratung.
    Nach meiner Einschätzung trägt diese Umfrage zur Transparenz oder zur Verbesserung der Situation genau nichts bei. Was wollen die Verantwortlichen damit sagen? Dass alles ganz ganz schlimm ist? Dass viele Menschen zu uninformiert und zu

    pc-fluesterer.info/wordpress/2

    #Allgemein #Empfehlung #Hintergrund #Warnung #antisoziale #betrug #cybercrime #erpresser #exploits #fake #foss #google #identitt #Microsoft #office #outlook #passwort #phishing #politik #sicherheit #trojaner #vorbeugen #windows #wissen #zahlen

    #zahlen #wissen #windows #vorbeugen #trojaner #sicherheit
  10. Christoph Schmees @[email protected] ·

    Cybersicherheitsmonitor (CyMon) 2026 – au weia

    Gerade wurden die Ergebnisse einer hochtrabend "Cybersicherheitsmonitor" (CyMon) genannten Umfrage veröffentlicht. Berichte mit einem Haufen schöner Zahlen und Grafiken gibt es auch von den beiden Initiatoren, dem BSI und der Polizei-Beratung.
    Nach meiner Einschätzung trägt diese Umfrage zur Transparenz oder zur Verbesserung der Situation genau nichts bei. Was wollen die Verantwortlichen damit sagen? Dass alles ganz ganz schlimm ist? Dass viele Menschen zu uninformiert und zu

    pc-fluesterer.info/wordpress/2

    #Allgemein #Empfehlung #Hintergrund #Warnung #antisoziale #betrug #cybercrime #erpresser #exploits #fake #foss #google #identitt #Microsoft #office #outlook #passwort #phishing #politik #sicherheit #trojaner #vorbeugen #windows #wissen #zahlen

    #allgemein #empfehlung #hintergrund #warnung #antisoziale #betrug
  11. Sudo @[email protected] ·

    Google is training millions of people to scan random QR codes on websites to "prove they're human." 🚨

    You know who loves that behavior? Phishers. Every scammer on the planet just got a gift from Google's new reCAPTCHA.

    We break it all down in Ep 26.

    🎧 impracticalprivacy.com

    #CyberSecurity #Phishing #Google #Privacy #ImpracticalPrivacy #PrivacyTools #Surveillance #reCAPTCHA #deGoogle #OpenWeb

    #cybersecurity #phishing #google #privacy #impracticalprivacy #privacytools
  12. Sudo @[email protected] ·

    Google is training millions of people to scan random QR codes on websites to "prove they're human." 🚨

    You know who loves that behavior? Phishers. Every scammer on the planet just got a gift from Google's new reCAPTCHA.

    We break it all down in Ep 26.

    🎧 impracticalprivacy.com

    #CyberSecurity #Phishing #Google #Privacy #ImpracticalPrivacy #PrivacyTools #Surveillance #reCAPTCHA #deGoogle #OpenWeb

    #cybersecurity #phishing #google #privacy #impracticalprivacy #privacytools
  13. Sudo @[email protected] ·

    Google is training millions of people to scan random QR codes on websites to "prove they're human." 🚨

    You know who loves that behavior? Phishers. Every scammer on the planet just got a gift from Google's new reCAPTCHA.

    We break it all down in Ep 26.

    🎧 impracticalprivacy.com

    #CyberSecurity #Phishing #Google #Privacy #ImpracticalPrivacy #PrivacyTools #Surveillance #reCAPTCHA #deGoogle #OpenWeb

    #openweb #degoogle #recaptcha #surveillance #privacytools #impracticalprivacy
  14. Sudo @[email protected] ·

    Google is training millions of people to scan random QR codes on websites to "prove they're human." 🚨

    You know who loves that behavior? Phishers. Every scammer on the planet just got a gift from Google's new reCAPTCHA.

    We break it all down in Ep 26.

    🎧 impracticalprivacy.com

    #CyberSecurity #Phishing #Google #Privacy #ImpracticalPrivacy #PrivacyTools #Surveillance #reCAPTCHA #deGoogle #OpenWeb

    #cybersecurity #phishing #google #privacy #impracticalprivacy #privacytools
  15. Infoblox Threat Intel @[email protected] ·

    Stolen phones - and specifically iPhones - have robust anti-theft protections. They are worthless once they're flagged - locked to their owner. So why are millions still being stolen every year?
    In this paper, we uncover a thriving underground marketplace focused on unlocking stolen phones. It is powered by:

    Lookalike domains impersonating Apple, Xiaomi, Samsung and other brands
    Smishing campaigns targeting device owners
    Pay‑as‑you‑go “unlocking” tools sold on Telegram
    By pivoting on DNS data, we identified 10,000+ malicious domains and a growing ecosystem turning locked devices into profit at scale.

    👉 Read how this supply chain works—from theft to resale—and why it’s growing fast. infoblox.com/blog/threat-intel

    #ThreatIntel #CyberSecurity #Phishing #MobileSecurity #iOS #Smishing #dns #threatintelligence #cybercrime #infosec #infoblox #infobloxthreatintel #threatintelligence #cybercrime  #infosec #infoblox #infobloxthreatintel

    #threatintel #cybersecurity #phishing #mobilesecurity #ios #smishing
  16. Infoblox Threat Intel @[email protected] ·

    Stolen phones - and specifically iPhones - have robust anti-theft protections. They are worthless once they're flagged - locked to their owner. So why are millions still being stolen every year?
    In this paper, we uncover a thriving underground marketplace focused on unlocking stolen phones. It is powered by:

    Lookalike domains impersonating Apple, Xiaomi, Samsung and other brands
    Smishing campaigns targeting device owners
    Pay‑as‑you‑go “unlocking” tools sold on Telegram
    By pivoting on DNS data, we identified 10,000+ malicious domains and a growing ecosystem turning locked devices into profit at scale.

    👉 Read how this supply chain works—from theft to resale—and why it’s growing fast. infoblox.com/blog/threat-intel

    #ThreatIntel #CyberSecurity #Phishing #MobileSecurity #iOS #Smishing #dns #threatintelligence #cybercrime #infosec #infoblox #infobloxthreatintel #threatintelligence #cybercrime  #infosec #infoblox #infobloxthreatintel

    #threatintel #cybersecurity #phishing #mobilesecurity #ios #smishing
  17. Infoblox Threat Intel @[email protected] ·

    Stolen phones - and specifically iPhones - have robust anti-theft protections. They are worthless once they're flagged - locked to their owner. So why are millions still being stolen every year?
    In this paper, we uncover a thriving underground marketplace focused on unlocking stolen phones. It is powered by:

    Lookalike domains impersonating Apple, Xiaomi, Samsung and other brands
    Smishing campaigns targeting device owners
    Pay‑as‑you‑go “unlocking” tools sold on Telegram
    By pivoting on DNS data, we identified 10,000+ malicious domains and a growing ecosystem turning locked devices into profit at scale.

    👉 Read how this supply chain works—from theft to resale—and why it’s growing fast. infoblox.com/blog/threat-intel

    #ThreatIntel #CyberSecurity #Phishing #MobileSecurity #iOS #Smishing #dns #threatintelligence #cybercrime #infosec #infoblox #infobloxthreatintel #threatintelligence #cybercrime  #infosec #infoblox #infobloxthreatintel

    #infobloxthreatintel #infoblox #infosec #cybercrime #threatintelligence #dns
  18. Infoblox Threat Intel @[email protected] ·

    Stolen phones - and specifically iPhones - have robust anti-theft protections. They are worthless once they're flagged - locked to their owner. So why are millions still being stolen every year?
    In this paper, we uncover a thriving underground marketplace focused on unlocking stolen phones. It is powered by:

    Lookalike domains impersonating Apple, Xiaomi, Samsung and other brands
    Smishing campaigns targeting device owners
    Pay‑as‑you‑go “unlocking” tools sold on Telegram
    By pivoting on DNS data, we identified 10,000+ malicious domains and a growing ecosystem turning locked devices into profit at scale.

    👉 Read how this supply chain works—from theft to resale—and why it’s growing fast. infoblox.com/blog/threat-intel

    #ThreatIntel #CyberSecurity #Phishing #MobileSecurity #iOS #Smishing #dns #threatintelligence #cybercrime #infosec #infoblox #infobloxthreatintel #threatintelligence #cybercrime  #infosec #infoblox #infobloxthreatintel

    #threatintel #cybersecurity #phishing #mobilesecurity #ios #smishing
  19. Infoblox Threat Intel @[email protected] ·

    Stolen phones - and specifically iPhones - have robust anti-theft protections. They are worthless once they're flagged - locked to their owner. So why are millions still being stolen every year?
    In this paper, we uncover a thriving underground marketplace focused on unlocking stolen phones. It is powered by:

    Lookalike domains impersonating Apple, Xiaomi, Samsung and other brands
    Smishing campaigns targeting device owners
    Pay‑as‑you‑go “unlocking” tools sold on Telegram
    By pivoting on DNS data, we identified 10,000+ malicious domains and a growing ecosystem turning locked devices into profit at scale.

    👉 Read how this supply chain works—from theft to resale—and why it’s growing fast. infoblox.com/blog/threat-intel

    #ThreatIntel #CyberSecurity #Phishing #MobileSecurity #iOS #Smishing #dns #threatintelligence #cybercrime #infosec #infoblox #infobloxthreatintel #threatintelligence #cybercrime  #infosec #infoblox #infobloxthreatintel

    #threatintel #cybersecurity #phishing #mobilesecurity #ios #smishing
  20. OTX Bot @[email protected] ·

    Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign

    A sophisticated campaign linked to APT37 delivers Python-based backdoors through spear-phishing emails containing malicious LNK files disguised as legitimate documents. Attackers use themes including airline e-tickets, North Korea research invitations, and impersonation of defense and police officials to induce execution. The LNK files employ environment variable-based obfuscation techniques to download additional BAT files, which establish a Python runtime environment and execute compiled Python bytecode disguised with .cat extensions. The malware functions as a remote command execution backdoor, communicating with C2 servers to receive commands and exfiltrate results. Persistence is maintained through scheduled tasks executing at one-minute intervals. The campaign shows strong tactical similarities to previous APT37 operations, including infrastructure patterns, script obfuscation methods, and the abuse of legitimate tools.

    Pulse ID: 6a04a9a090a64de310cb0568
    Pulse Link: otx.alienvault.com/pulse/6a04a
    Pulse Author: AlienVault
    Created: 2026-05-13 16:41:04

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APT37 #BackDoor #CyberSecurity #Email #InfoSec #Korea #LNK #Malware #NorthKorea #OTX #OpenThreatExchange #Phishing #Python #RAT #RemoteCommandExecution #SpearPhishing #bot #AlienVault

    #apt37 #backdoor #cybersecurity #email #infosec #korea
  21. OTX Bot @[email protected] ·

    Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign

    A sophisticated campaign linked to APT37 delivers Python-based backdoors through spear-phishing emails containing malicious LNK files disguised as legitimate documents. Attackers use themes including airline e-tickets, North Korea research invitations, and impersonation of defense and police officials to induce execution. The LNK files employ environment variable-based obfuscation techniques to download additional BAT files, which establish a Python runtime environment and execute compiled Python bytecode disguised with .cat extensions. The malware functions as a remote command execution backdoor, communicating with C2 servers to receive commands and exfiltrate results. Persistence is maintained through scheduled tasks executing at one-minute intervals. The campaign shows strong tactical similarities to previous APT37 operations, including infrastructure patterns, script obfuscation methods, and the abuse of legitimate tools.

    Pulse ID: 6a04a9a090a64de310cb0568
    Pulse Link: otx.alienvault.com/pulse/6a04a
    Pulse Author: AlienVault
    Created: 2026-05-13 16:41:04

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APT37 #BackDoor #CyberSecurity #Email #InfoSec #Korea #LNK #Malware #NorthKorea #OTX #OpenThreatExchange #Phishing #Python #RAT #RemoteCommandExecution #SpearPhishing #bot #AlienVault

    #apt37 #backdoor #cybersecurity #email #infosec #korea
  22. OTX Bot @[email protected] ·

    Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign

    A sophisticated campaign linked to APT37 delivers Python-based backdoors through spear-phishing emails containing malicious LNK files disguised as legitimate documents. Attackers use themes including airline e-tickets, North Korea research invitations, and impersonation of defense and police officials to induce execution. The LNK files employ environment variable-based obfuscation techniques to download additional BAT files, which establish a Python runtime environment and execute compiled Python bytecode disguised with .cat extensions. The malware functions as a remote command execution backdoor, communicating with C2 servers to receive commands and exfiltrate results. Persistence is maintained through scheduled tasks executing at one-minute intervals. The campaign shows strong tactical similarities to previous APT37 operations, including infrastructure patterns, script obfuscation methods, and the abuse of legitimate tools.

    Pulse ID: 6a04a9a090a64de310cb0568
    Pulse Link: otx.alienvault.com/pulse/6a04a
    Pulse Author: AlienVault
    Created: 2026-05-13 16:41:04

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APT37 #BackDoor #CyberSecurity #Email #InfoSec #Korea #LNK #Malware #NorthKorea #OTX #OpenThreatExchange #Phishing #Python #RAT #RemoteCommandExecution #SpearPhishing #bot #AlienVault

    #apt37 #backdoor #cybersecurity #email #infosec #korea
  23. OTX Bot @[email protected] ·

    Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign

    A sophisticated campaign linked to APT37 delivers Python-based backdoors through spear-phishing emails containing malicious LNK files disguised as legitimate documents. Attackers use themes including airline e-tickets, North Korea research invitations, and impersonation of defense and police officials to induce execution. The LNK files employ environment variable-based obfuscation techniques to download additional BAT files, which establish a Python runtime environment and execute compiled Python bytecode disguised with .cat extensions. The malware functions as a remote command execution backdoor, communicating with C2 servers to receive commands and exfiltrate results. Persistence is maintained through scheduled tasks executing at one-minute intervals. The campaign shows strong tactical similarities to previous APT37 operations, including infrastructure patterns, script obfuscation methods, and the abuse of legitimate tools.

    Pulse ID: 6a04a9a090a64de310cb0568
    Pulse Link: otx.alienvault.com/pulse/6a04a
    Pulse Author: AlienVault
    Created: 2026-05-13 16:41:04

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APT37 #BackDoor #CyberSecurity #Email #InfoSec #Korea #LNK #Malware #NorthKorea #OTX #OpenThreatExchange #Phishing #Python #RAT #RemoteCommandExecution #SpearPhishing #bot #AlienVault

    #alienvault #bot #spearphishing #remotecommandexecution #rat #python
  24. OTX Bot @[email protected] ·

    Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign

    A sophisticated campaign linked to APT37 delivers Python-based backdoors through spear-phishing emails containing malicious LNK files disguised as legitimate documents. Attackers use themes including airline e-tickets, North Korea research invitations, and impersonation of defense and police officials to induce execution. The LNK files employ environment variable-based obfuscation techniques to download additional BAT files, which establish a Python runtime environment and execute compiled Python bytecode disguised with .cat extensions. The malware functions as a remote command execution backdoor, communicating with C2 servers to receive commands and exfiltrate results. Persistence is maintained through scheduled tasks executing at one-minute intervals. The campaign shows strong tactical similarities to previous APT37 operations, including infrastructure patterns, script obfuscation methods, and the abuse of legitimate tools.

    Pulse ID: 6a04a9a090a64de310cb0568
    Pulse Link: otx.alienvault.com/pulse/6a04a
    Pulse Author: AlienVault
    Created: 2026-05-13 16:41:04

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APT37 #BackDoor #CyberSecurity #Email #InfoSec #Korea #LNK #Malware #NorthKorea #OTX #OpenThreatExchange #Phishing #Python #RAT #RemoteCommandExecution #SpearPhishing #bot #AlienVault

    #apt37 #backdoor #cybersecurity #email #infosec #korea
  25. United Kingdom @[email protected] ·

    europesays.com/britain/35998/ UK SMEs better at email security than North America #AttackSurfaceManagement #Brokers #BusinessContinuity #BusinessEmailCompromise #Canada #CyberInsurance #CyberResilience #CyberRisk #Cybersecurity #DMARC #EmailSecurity #Infosec #ITGovernance #KYND #Patching #Phishing #Ransomware #RemoteAccess #Risk&Compliance #RiskManagement #SecurityPosture #SmallBusiness(SMB) #SpearPhishing #UK #UnitedKingdom #UnitedKingdom(UK) #UnitedStates(US)

    #unitedstates #unitedkingdom #uk #spearphishing #smallbusiness #securityposture
  26. Scripter :verified_flashing: @[email protected] ·

    So will Signal Phishing-Angriffe erschweren
    glm.io/208511?n #Messenger #Signal #Cybercrime #Phishing

    #messenger #signal #cybercrime #phishing
  27. signal ≋ dadalo media @[email protected] ·

    Rok temu, w maju 2025, ktoś już wykorzystał błędy w architekturze sprzedaży biletów Orientarium ZOO Łódź. Sam Administrator potwierdził kampanię phishingową na domenie `orientarium-lodz.sbs` - podrobiony komponent sklepowy BASE, ten sam wzór maila, ten sam mechanizm zbierania danych, który zgłosiłem do @UODO

    dadalo.pl/tech/anatomia-ryzyk-

    DW: @zaufanatrzeciastrona @niebezpiecznik_pl

    #cybersecurity #Polska #Łódź #Lodz
    #UODO #RODO #cyberbezpieczeństwo #phishing

    #phishing #cyberbezpieczenstwo #rodo #uodo #lodz #polska
  28. Signal Nieuws & Tips @[email protected] ·

    Signal voegt extra bevestigingen en uitleg toe om phishing te helpen voorkomen

    Meer veranderingen op komst

    👉 aboutsignal.nl/nieuws/signal-v

    #signal #signalapp #signalmessenger #veiligheid #phishing #oplichting #scam

    #signal #signalapp #signalmessenger #veiligheid #phishing #oplichting
  29. Signal News & Tips @[email protected] ·

    Signal adds extra confirmations and education to help prevent phishing

    More changes are on the way

    👉 aboutsignal.com/news/signal-ad

    #signal #signalapp #signalmessenger #safety #phishing #scam

    #signal #signalapp #signalmessenger #safety #phishing #scam
  30. 𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕 @[email protected] ·

    «Phishing durch KI setzt Nutzer zunehmend unter Druck:
    Moderne Phishing Angriffe werden durch künstliche Intelligenz immer schwerer erkennbar. Unternehmen und Plattformen reagieren mit neuen Sicherheitsfunktionen.»

    Ach guck, die IT-Sicherheit und deren Gefahr durch kriminellen Einsatz der KI und deren Schutz davor, u.a .durch Passkeys, nun auch in den online Boulevard News.

    📰 nau.ch/news/digital/phishing-d

    #aislop #itsicherheit #passkeys #itsec #online #boulevard #phishing #nauch #it

    #aislop #itsicherheit #passkeys #itsec #online #boulevard
  31. 𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕 @[email protected] ·

    «Phishing durch KI setzt Nutzer zunehmend unter Druck:
    Moderne Phishing Angriffe werden durch künstliche Intelligenz immer schwerer erkennbar. Unternehmen und Plattformen reagieren mit neuen Sicherheitsfunktionen.»

    Ach guck, die IT-Sicherheit und deren Gefahr durch kriminellen Einsatz der KI und deren Schutz davor, u.a .durch Passkeys, nun auch in den online Boulevard News.

    📰 nau.ch/news/digital/phishing-d

    #aislop #itsicherheit #passkeys #itsec #online #boulevard #phishing #nauch #it

    #aislop #itsicherheit #passkeys #itsec #online #boulevard
  32. 𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕 @[email protected] ·

    «Phishing durch KI setzt Nutzer zunehmend unter Druck:
    Moderne Phishing Angriffe werden durch künstliche Intelligenz immer schwerer erkennbar. Unternehmen und Plattformen reagieren mit neuen Sicherheitsfunktionen.»

    Ach guck, die IT-Sicherheit und deren Gefahr durch kriminellen Einsatz der KI und deren Schutz davor, u.a .durch Passkeys, nun auch in den online Boulevard News.

    📰 nau.ch/news/digital/phishing-d

    #aislop #itsicherheit #passkeys #itsec #online #boulevard #phishing #nauch #it

    #aislop #itsicherheit #passkeys #itsec #online #boulevard
  33. 𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕 @[email protected] ·

    «Phishing durch KI setzt Nutzer zunehmend unter Druck:
    Moderne Phishing Angriffe werden durch künstliche Intelligenz immer schwerer erkennbar. Unternehmen und Plattformen reagieren mit neuen Sicherheitsfunktionen.»

    Ach guck, die IT-Sicherheit und deren Gefahr durch kriminellen Einsatz der KI und deren Schutz davor, u.a .durch Passkeys, nun auch in den online Boulevard News.

    📰 nau.ch/news/digital/phishing-d

    #aislop #itsicherheit #passkeys #itsec #online #boulevard #phishing #nauch #it

    #it #nauch #phishing #boulevard #online #itsec
  34. 𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕 @[email protected] ·

    «Phishing durch KI setzt Nutzer zunehmend unter Druck:
    Moderne Phishing Angriffe werden durch künstliche Intelligenz immer schwerer erkennbar. Unternehmen und Plattformen reagieren mit neuen Sicherheitsfunktionen.»

    Ach guck, die IT-Sicherheit und deren Gefahr durch kriminellen Einsatz der KI und deren Schutz davor, u.a .durch Passkeys, nun auch in den online Boulevard News.

    📰 nau.ch/news/digital/phishing-d

    #aislop #itsicherheit #passkeys #itsec #online #boulevard #phishing #nauch #it

    #aislop #itsicherheit #passkeys #itsec #online #boulevard
  35. Marcel SIneM(S)US @[email protected] ·

    #BSI-Studie: Hohe Betroffenheitsquote bei Cyberkriminalität | Security heise.de/news/Jeder-neunte-Onl #CyberCrime #phishing #Malware #Datenschutz #privacy

    #bsi #cybercrime #phishing #malware #datenschutz #privacy
  36. Marcel SIneM(S)US @[email protected] ·

    #BSI-Studie: Hohe Betroffenheitsquote bei Cyberkriminalität | Security heise.de/news/Jeder-neunte-Onl #CyberCrime #phishing #Malware #Datenschutz #privacy

    #bsi #cybercrime #phishing #malware #datenschutz #privacy
  37. Marcel SIneM(S)US @[email protected] ·

    #BSI-Studie: Hohe Betroffenheitsquote bei Cyberkriminalität | Security heise.de/news/Jeder-neunte-Onl #CyberCrime #phishing #Malware #Datenschutz #privacy

    #privacy #datenschutz #malware #phishing #cybercrime #bsi
  38. Marcel SIneM(S)US @[email protected] ·

    #BSI-Studie: Hohe Betroffenheitsquote bei Cyberkriminalität | Security heise.de/news/Jeder-neunte-Onl #CyberCrime #phishing #Malware #Datenschutz #privacy

    #bsi #cybercrime #phishing #malware #datenschutz #privacy
  39. Europe @[email protected] ·

    OpenAI Unlocks Cybersecurity Model for Europe

    German…
    #Europe #EU #Anti-moneylaundering #authentication #bankinformationsecurity #bankinformationsecurityregulations #bankregulations #bankinginformationsecurity #fdic #fincen #gao #glba #identitytheft #informationsecurity #informationsecurityarticles #informationsecurityevents #informationsecuritynews #informationsecuritywebinars #informationsecuritywhitepapers #Phishing #riskmanagement #sarbanesoxley(sox)
    europesays.com/europe/39869/

    #sarbanesoxley #riskmanagement #phishing #informationsecuritywhitepapers #informationsecuritywebinars #informationsecuritynews
  40. Linuxiarze @[email protected] ·

    Raport Nimblr: Na 10 krajów Polska wypada najlepiej w testach phishingu. Średni wskaźnik kliknięć w symulowane wiadomości phishingowe wynosi w Polsce 3,4% – wynika z badania firmy Nimblr. To najlepszy wynik spośród... linuxiarze.pl/raport-nimblr-na #cybersecurity #cyberattack #phishing

    #cybersecurity #cyberattack #phishing
  41. Linuxiarze @[email protected] ·

    Raport Nimblr: Na 10 krajów Polska wypada najlepiej w testach phishingu. Średni wskaźnik kliknięć w symulowane wiadomości phishingowe wynosi w Polsce 3,4% – wynika z badania firmy Nimblr. To najlepszy wynik spośród... linuxiarze.pl/raport-nimblr-na #cybersecurity #cyberattack #phishing

    #cybersecurity #cyberattack #phishing
  42. Linuxiarze @[email protected] ·

    Raport Nimblr: Na 10 krajów Polska wypada najlepiej w testach phishingu. Średni wskaźnik kliknięć w symulowane wiadomości phishingowe wynosi w Polsce 3,4% – wynika z badania firmy Nimblr. To najlepszy wynik spośród... linuxiarze.pl/raport-nimblr-na #cybersecurity #cyberattack #phishing

    #cybersecurity #cyberattack #phishing
  43. Linuxiarze @[email protected] ·

    Raport Nimblr: Na 10 krajów Polska wypada najlepiej w testach phishingu. Średni wskaźnik kliknięć w symulowane wiadomości phishingowe wynosi w Polsce 3,4% – wynika z badania firmy Nimblr. To najlepszy wynik spośród... linuxiarze.pl/raport-nimblr-na #cybersecurity #cyberattack #phishing

    #phishing #cyberattack #cybersecurity
  44. Linuxiarze @[email protected] ·

    Raport Nimblr: Na 10 krajów Polska wypada najlepiej w testach phishingu. Średni wskaźnik kliknięć w symulowane wiadomości phishingowe wynosi w Polsce 3,4% – wynika z badania firmy Nimblr. To najlepszy wynik spośród... linuxiarze.pl/raport-nimblr-na #cybersecurity #cyberattack #phishing

    #cybersecurity #cyberattack #phishing
  45. Phishing-Radar VZ NRW @[email protected] ·

    #Phishing heute: Vermeintliche Kontosperrung im Namen der #DKB: verbraucherzentrale.nrw/phishi

    #phishing #dkb
  46. Phishing-Radar VZ NRW @[email protected] ·

    #Phishing heute: Vermeintliche Kontosperrung im Namen der #DKB: verbraucherzentrale.nrw/phishi

    #phishing #dkb
  47. Phishing-Radar VZ NRW @[email protected] ·

    #Phishing heute: Vermeintliche Kontosperrung im Namen der #DKB: verbraucherzentrale.nrw/phishi

    #dkb #phishing
  48. Phishing-Radar VZ NRW @[email protected] ·

    #Phishing heute: Vermeintliche Kontosperrung im Namen der #DKB: verbraucherzentrale.nrw/phishi

    #phishing #dkb
  49. OTX Bot @[email protected] ·

    Phishing infrastructure attacks transport and government services in the UAE

    Pulse ID: 6a02d710c4d36779bdca052f
    Pulse Link: otx.alienvault.com/pulse/6a02d
    Pulse Author: Tr1sa111
    Created: 2026-05-12 07:30:24

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #Government #InfoSec #OTX #OpenThreatExchange #Phishing #UAE #bot #Tr1sa111

    #cybersecurity #government #infosec #otx #openthreatexchange #phishing
  50. OTX Bot @[email protected] ·

    Inside a phishing panel

    Pulse ID: 6a02ae2646130ca477596d9b
    Pulse Link: otx.alienvault.com/pulse/6a02a
    Pulse Author: Tr1sa111
    Created: 2026-05-12 04:35:50

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Phishing #bot #Tr1sa111

    #cybersecurity #infosec #otx #openthreatexchange #phishing #bot