#sms — Public Fediverse posts

TanStack npm Packages Compromised in Ongoing Supply-Chain Attack

Socket detected 84 compromised TanStack npm package artifacts modified with credential-stealing malware targeting CI systems, including GitHub Actions. Affected packages like @tanstack/react-router have over 12 million weekly downloads. The malicious versions contain router_init.js, a heavily obfuscated file with daemonization capabilities and environment variable access for GitHub Actions secrets. The compromise exploited GitHub Actions cache poisoning and pull_request_target patterns to extract OIDC tokens and authenticate malicious npm publishes through trusted-publisher bindings. The malware harvests credentials from GitHub Actions, AWS (IMDS, Secrets Manager, SSM), HashiCorp Vault, and Kubernetes, while establishing persistence in Claude Code and VS Code directories. Exfiltration occurs through Session's decentralized P2P network. The campaign includes self-propagation mechanisms that steal npm OIDC tokens and autonomously republish compromised packages. Updates indicate expansion to OpenSearch, Mistr...

Pulse ID: 6a033148e786c959261ff66f
Pulse Link: https://otx.alienvault.com/pulse/6a033148e786c959261ff66f
Pulse Author: AlienVault
Created: 2026-05-12 13:55:20

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AWS #CyberSecurity #ELF #GitHub #InfoSec #Malware #NPM #OTX #OpenThreatExchange #RAT #Rust #SMS #bot #AlienVault

TanStack npm Packages Compromised in Ongoing Supply-Chain Attack

Socket detected 84 compromised TanStack npm package artifacts modified with credential-stealing malware targeting CI systems, including GitHub Actions. Affected packages like @tanstack/react-router have over 12 million weekly downloads. The malicious versions contain router_init.js, a heavily obfuscated file with daemonization capabilities and environment variable access for GitHub Actions secrets. The compromise exploited GitHub Actions cache poisoning and pull_request_target patterns to extract OIDC tokens and authenticate malicious npm publishes through trusted-publisher bindings. The malware harvests credentials from GitHub Actions, AWS (IMDS, Secrets Manager, SSM), HashiCorp Vault, and Kubernetes, while establishing persistence in Claude Code and VS Code directories. Exfiltration occurs through Session's decentralized P2P network. The campaign includes self-propagation mechanisms that steal npm OIDC tokens and autonomously republish compromised packages. Updates indicate expansion to OpenSearch, Mistr...

Pulse ID: 6a033148e786c959261ff66f
Pulse Link: https://otx.alienvault.com/pulse/6a033148e786c959261ff66f
Pulse Author: AlienVault
Created: 2026-05-12 13:55:20

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AWS #CyberSecurity #ELF #GitHub #InfoSec #Malware #NPM #OTX #OpenThreatExchange #RAT #Rust #SMS #bot #AlienVault

TanStack npm Packages Compromised in Ongoing Supply-Chain Attack

Socket detected 84 compromised TanStack npm package artifacts modified with credential-stealing malware targeting CI systems, including GitHub Actions. Affected packages like @tanstack/react-router have over 12 million weekly downloads. The malicious versions contain router_init.js, a heavily obfuscated file with daemonization capabilities and environment variable access for GitHub Actions secrets. The compromise exploited GitHub Actions cache poisoning and pull_request_target patterns to extract OIDC tokens and authenticate malicious npm publishes through trusted-publisher bindings. The malware harvests credentials from GitHub Actions, AWS (IMDS, Secrets Manager, SSM), HashiCorp Vault, and Kubernetes, while establishing persistence in Claude Code and VS Code directories. Exfiltration occurs through Session's decentralized P2P network. The campaign includes self-propagation mechanisms that steal npm OIDC tokens and autonomously republish compromised packages. Updates indicate expansion to OpenSearch, Mistr...

Pulse ID: 6a033148e786c959261ff66f
Pulse Link: https://otx.alienvault.com/pulse/6a033148e786c959261ff66f
Pulse Author: AlienVault
Created: 2026-05-12 13:55:20

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AWS #CyberSecurity #ELF #GitHub #InfoSec #Malware #NPM #OTX #OpenThreatExchange #RAT #Rust #SMS #bot #AlienVault

TanStack npm Packages Compromised in Ongoing Supply-Chain Attack

Socket detected 84 compromised TanStack npm package artifacts modified with credential-stealing malware targeting CI systems, including GitHub Actions. Affected packages like @tanstack/react-router have over 12 million weekly downloads. The malicious versions contain router_init.js, a heavily obfuscated file with daemonization capabilities and environment variable access for GitHub Actions secrets. The compromise exploited GitHub Actions cache poisoning and pull_request_target patterns to extract OIDC tokens and authenticate malicious npm publishes through trusted-publisher bindings. The malware harvests credentials from GitHub Actions, AWS (IMDS, Secrets Manager, SSM), HashiCorp Vault, and Kubernetes, while establishing persistence in Claude Code and VS Code directories. Exfiltration occurs through Session's decentralized P2P network. The campaign includes self-propagation mechanisms that steal npm OIDC tokens and autonomously republish compromised packages. Updates indicate expansion to OpenSearch, Mistr...

Pulse ID: 6a033148e786c959261ff66f
Pulse Link: https://otx.alienvault.com/pulse/6a033148e786c959261ff66f
Pulse Author: AlienVault
Created: 2026-05-12 13:55:20

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AWS #CyberSecurity #ELF #GitHub #InfoSec #Malware #NPM #OTX #OpenThreatExchange #RAT #Rust #SMS #bot #AlienVault

TanStack npm Packages Compromised in Ongoing Supply-Chain Attack

Socket detected 84 compromised TanStack npm package artifacts modified with credential-stealing malware targeting CI systems, including GitHub Actions. Affected packages like @tanstack/react-router have over 12 million weekly downloads. The malicious versions contain router_init.js, a heavily obfuscated file with daemonization capabilities and environment variable access for GitHub Actions secrets. The compromise exploited GitHub Actions cache poisoning and pull_request_target patterns to extract OIDC tokens and authenticate malicious npm publishes through trusted-publisher bindings. The malware harvests credentials from GitHub Actions, AWS (IMDS, Secrets Manager, SSM), HashiCorp Vault, and Kubernetes, while establishing persistence in Claude Code and VS Code directories. Exfiltration occurs through Session's decentralized P2P network. The campaign includes self-propagation mechanisms that steal npm OIDC tokens and autonomously republish compromised packages. Updates indicate expansion to OpenSearch, Mistr...

Pulse ID: 6a033148e786c959261ff66f
Pulse Link: https://otx.alienvault.com/pulse/6a033148e786c959261ff66f
Pulse Author: AlienVault
Created: 2026-05-12 13:55:20

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AWS #CyberSecurity #ELF #GitHub #InfoSec #Malware #NPM #OTX #OpenThreatExchange #RAT #Rust #SMS #bot #AlienVault

Acabo de mandar a cagar a #Generaloptica por #spam. En trustpilot les he puesto finos...

Te obligan a llamar por teléfono para dejar de recibir #SMS al móvil :AI_Yay: Hace 20 años me hice unas gafas allí y no vuelvo...

Google and Apple finally bring encrypted RCS chats to Android and iPhone users

https://fed.brid.gy/r/https://nerds.xyz/2026/05/google-apple-encrypted-rcs-iphone-android/

Numerama: Vous avez gardé les #SMS de votre ex ? Cette #IA #hallucinante vous permet de lui reparler

https://www.numerama.com/tech/2250487-votre-ex-vous-manque-cette-ia-propose-de-le-cloner.html

Anyone here with RL experience with #AGMM11 #dumbPhone or #featurePhone? Or, as they market it "rugged #powerBank with #phone capabilities":

https://www.agmmobile.com/products/agm-m11-rugged-power-bank-phone/

Important to me: Phone calls, #SMS, #mobileRouter or #travelRouter.

Is it OK for the (IMHO low) price?

I'm not interested in their #cloudApp stuff and would try to remove or disable that. I would make an exception for #ConverseJS or #Convo (i.e. #Jabber/#XMPP)…

#AGM #AGMmobile #M11 #lazyverse #question

Gmail registration now requires scanning a QR code and sending a text message

https://discuss.privacyguides.net/t/google-account-registration-now-requires-sending-an-sms-via-phone-instead-of-receiving-an-sms/36082

#HackerNews #Gmail #QR #code #registration #SMS #security #privacy

Gmail registration now requires scanning a QR code and sending a text message

https://discuss.privacyguides.net/t/google-account-registration-now-requires-sending-an-sms-via-phone-instead-of-receiving-an-sms/36082

#HackerNews #Gmail #QR #code #registration #SMS #security #privacy

Gmail registration now requires scanning a QR code and sending a text message

https://discuss.privacyguides.net/t/google-account-registration-now-requires-sending-an-sms-via-phone-instead-of-receiving-an-sms/36082

#HackerNews #Gmail #QR #code #registration #SMS #security #privacy

Gmail registration now requires scanning a QR code and sending a text message

https://discuss.privacyguides.net/t/google-account-registration-now-requires-sending-an-sms-via-phone-instead-of-receiving-an-sms/36082

#HackerNews #Gmail #QR #code #registration #SMS #security #privacy

Gmail registration now requires scanning a QR code and sending a text message

https://discuss.privacyguides.net/t/google-account-registration-now-requires-sending-an-sms-via-phone-instead-of-receiving-an-sms/36082

#HackerNews #Gmail #QR #code #registration #SMS #security #privacy

On 3 December 1992, engineer Neil Papworth sent the world’s first SMS text message, to Vodafone director Richard Jarvis.

While at the office Christmas party, Jarvis’ Orbitel 901 handset received the “Merry Christmas” SMS sent from a computer by test engineer Papworth.

#FactOfTheDay #SMS #Tech

New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps

A new variant of the TrickMo Android banking trojan was identified between January and February 2026, representing a substantial platform redesign rather than new capabilities. The malware has migrated its command-and-control infrastructure entirely onto The Open Network (TON) using .adnl endpoints, moving away from conventional internet infrastructure. Active campaigns have targeted banking and wallet users in France, Italy, and Austria. Once accessibility permissions are granted, operators gain real-time device control including credential phishing, keylogging, screen recording, SMS interception, and bidirectional remote control. New features include network reconnaissance capabilities and SSH tunnelling that transform infected devices into programmable network pivots and SOCKS5 proxy exit nodes, enabling operators to bypass IP-based fraud detection systems while accessing victim networks.

Pulse ID: 6a019c5f0a3344d92c4302a3
Pulse Link: https://otx.alienvault.com/pulse/6a019c5f0a3344d92c4302a3
Pulse Author: AlienVault
Created: 2026-05-11 09:07:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #BankingTrojan #CyberSecurity #Endpoint #France #InfoSec #Italy #Malware #OTX #OpenThreatExchange #Phishing #Proxy #RAT #RCE #SMS #SSH #Trojan #bot #socks5 #AlienVault

New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps

A new variant of the TrickMo Android banking trojan was identified between January and February 2026, representing a substantial platform redesign rather than new capabilities. The malware has migrated its command-and-control infrastructure entirely onto The Open Network (TON) using .adnl endpoints, moving away from conventional internet infrastructure. Active campaigns have targeted banking and wallet users in France, Italy, and Austria. Once accessibility permissions are granted, operators gain real-time device control including credential phishing, keylogging, screen recording, SMS interception, and bidirectional remote control. New features include network reconnaissance capabilities and SSH tunnelling that transform infected devices into programmable network pivots and SOCKS5 proxy exit nodes, enabling operators to bypass IP-based fraud detection systems while accessing victim networks.

Pulse ID: 6a019c5f0a3344d92c4302a3
Pulse Link: https://otx.alienvault.com/pulse/6a019c5f0a3344d92c4302a3
Pulse Author: AlienVault
Created: 2026-05-11 09:07:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #BankingTrojan #CyberSecurity #Endpoint #France #InfoSec #Italy #Malware #OTX #OpenThreatExchange #Phishing #Proxy #RAT #RCE #SMS #SSH #Trojan #bot #socks5 #AlienVault

New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps

A new variant of the TrickMo Android banking trojan was identified between January and February 2026, representing a substantial platform redesign rather than new capabilities. The malware has migrated its command-and-control infrastructure entirely onto The Open Network (TON) using .adnl endpoints, moving away from conventional internet infrastructure. Active campaigns have targeted banking and wallet users in France, Italy, and Austria. Once accessibility permissions are granted, operators gain real-time device control including credential phishing, keylogging, screen recording, SMS interception, and bidirectional remote control. New features include network reconnaissance capabilities and SSH tunnelling that transform infected devices into programmable network pivots and SOCKS5 proxy exit nodes, enabling operators to bypass IP-based fraud detection systems while accessing victim networks.

Pulse ID: 6a019c5f0a3344d92c4302a3
Pulse Link: https://otx.alienvault.com/pulse/6a019c5f0a3344d92c4302a3
Pulse Author: AlienVault
Created: 2026-05-11 09:07:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #BankingTrojan #CyberSecurity #Endpoint #France #InfoSec #Italy #Malware #OTX #OpenThreatExchange #Phishing #Proxy #RAT #RCE #SMS #SSH #Trojan #bot #socks5 #AlienVault

New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps

A new variant of the TrickMo Android banking trojan was identified between January and February 2026, representing a substantial platform redesign rather than new capabilities. The malware has migrated its command-and-control infrastructure entirely onto The Open Network (TON) using .adnl endpoints, moving away from conventional internet infrastructure. Active campaigns have targeted banking and wallet users in France, Italy, and Austria. Once accessibility permissions are granted, operators gain real-time device control including credential phishing, keylogging, screen recording, SMS interception, and bidirectional remote control. New features include network reconnaissance capabilities and SSH tunnelling that transform infected devices into programmable network pivots and SOCKS5 proxy exit nodes, enabling operators to bypass IP-based fraud detection systems while accessing victim networks.

Pulse ID: 6a019c5f0a3344d92c4302a3
Pulse Link: https://otx.alienvault.com/pulse/6a019c5f0a3344d92c4302a3
Pulse Author: AlienVault
Created: 2026-05-11 09:07:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #BankingTrojan #CyberSecurity #Endpoint #France #InfoSec #Italy #Malware #OTX #OpenThreatExchange #Phishing #Proxy #RAT #RCE #SMS #SSH #Trojan #bot #socks5 #AlienVault

New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps

A new variant of the TrickMo Android banking trojan was identified between January and February 2026, representing a substantial platform redesign rather than new capabilities. The malware has migrated its command-and-control infrastructure entirely onto The Open Network (TON) using .adnl endpoints, moving away from conventional internet infrastructure. Active campaigns have targeted banking and wallet users in France, Italy, and Austria. Once accessibility permissions are granted, operators gain real-time device control including credential phishing, keylogging, screen recording, SMS interception, and bidirectional remote control. New features include network reconnaissance capabilities and SSH tunnelling that transform infected devices into programmable network pivots and SOCKS5 proxy exit nodes, enabling operators to bypass IP-based fraud detection systems while accessing victim networks.

Pulse ID: 6a019c5f0a3344d92c4302a3
Pulse Link: https://otx.alienvault.com/pulse/6a019c5f0a3344d92c4302a3
Pulse Author: AlienVault
Created: 2026-05-11 09:07:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #BankingTrojan #CyberSecurity #Endpoint #France #InfoSec #Italy #Malware #OTX #OpenThreatExchange #Phishing #Proxy #RAT #RCE #SMS #SSH #Trojan #bot #socks5 #AlienVault

Uwaga: wyjątkowo sprytny atak na użytkowników mObywatela. Nawet twój iPhone może cię zmylić

Ekipa z Sekuraka bije na alarm, a my podpisujemy się pod tym obiema rękami: trwa nowa kampania phishingowa, która celuje w polskiego podatnika i kierowcę.

Oszuści weszli na wyższy poziom bezczelności – podszywają się pod rządową aplikację mObywatel tak skutecznie, że fałszywa wiadomość pojawia się w tym samym wątku, co autentyczne SMS-y od administracji państwowej.

Mechanizm pułapki: jak oni to robią?

To, co czyni ten atak szczególnie niebezpiecznym, to dwa techniczne aspekty, o których warto pamiętać:

• Sfałszowana nazwa nadawcy (SPOOFING): przestępcy potrafią sfałszować identyfikator nadawcy (tzw. SMS Alpha Tag). Zamiast losowego numeru telefonu, na ekranie Twojego iPhone’a wyświetla się po prostu napis: mObywatel.
• Mieszanie w wątkach: ponieważ systemy iOS i Android grupują wiadomości po nazwie nadawcy, Twój telefon „myśli”, że nowy SMS pochodzi z tego samego źródła, co poprzednie (prawdziwe) powiadomienia od administracji rządowej. W efekcie fałszywe ostrzeżenie o mandacie ląduje tuż pod autentycznymi komunikatami, co drastycznie zwiększa jego wiarygodność.

Scenariusz oszustwa: „Masz mandat”

W treści SMS-a znajduje się informacja o rzekomym mandacie drogowym i link, który ma prowadzić do panelu płatności. Po kliknięciu trafiamy na stronę, która wizualnie kopiuje rządowy interfejs.

Niezależnie od tego, jakie numery rejestracyjne wpiszemy w formularzu, system „znajdzie” mandat i zaproponuje jego szybkie opłacenie. Finałem jest prośba o podanie pełnych danych karty płatniczej. Jeśli to zrobisz, przestępcy natychmiast spróbują wyczyścić Twoje konto.

Jak się chronić?

Pamiętajcie o złotej zasadzie: Rząd nigdy nie przesyła linków do płatności za mandaty w wiadomościach SMS. Jeśli dostaniesz taką wiadomość absolutnie nie klikaj w link.

Jeśli chcesz sprawdzić swoje mandaty, zrób to wyłącznie logując się bezpośrednio do oficjalnej aplikacji mObywatel (pobranej z App Store/Google Play) lub przez stronę mobywatel.gov.pl.

Zwróć uwagę na adres URL w przeglądarce – oszuści używają domen, które tylko udają rządowe. Bądźcie czujni i podajcie tę informację dalej – szczególnie osobom, które mniej sprawnie poruszają się w gąszczu technologicznych pułapek.

Rejestracja działalności gospodarczej ze smartfona. mObywatel dodaje usługę dla przedsiębiorców

In der Schweiz sind in letzter Zeit ein paar Fälle von Phishing mit Hilfe von SMS-Blastern bekannt geworden. Das wird bei uns in AT und DE auch bald passieren.

https://www.youtube.com/watch?v=j_CATqsshZ0

#SMS #Betrug #online #SMSBlaster

Police arrest #SMSBlaster crew that sent malicious messages to thousands across #Toronto

https://techcrunch.com/2026/05/07/police-arrest-sms-blaster-crew-that-sent-malicious-messages-to-thousands-across-toronto/

#SMS #scam #cybersecurity

Fake call logs, real payments: How CallPhantom tricks Android users

ESET researchers discovered 28 fraudulent Android applications on Google Play, collectively named CallPhantom, that falsely claimed to provide call histories, SMS records, and WhatsApp logs for any phone number. These apps were downloaded over 7.3 million times before removal, primarily targeting users in India and the Asia-Pacific region. The apps generate fabricated data using hardcoded names and random phone numbers, displaying this fake information only after payment. CallPhantom employs three payment methods, with some bypassing Google Play's official billing system through third-party UPI payments or direct card entry, making refunds difficult. The scam exploits user curiosity about private information, charging between €5 and $80 for worthless subscriptions that deliver entirely fabricated communication data.

Pulse ID: 69fcc63f67fc5f79f089ed5c
Pulse Link: https://otx.alienvault.com/pulse/69fcc63f67fc5f79f089ed5c
Pulse Author: AlienVault
Created: 2026-05-07 17:05:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Asia #CyberSecurity #ESET #Google #GooglePlay #India #InfoSec #OTX #OpenThreatExchange #RAT #SMS #WhatsApp #bot #iOS #AlienVault

Heizungs-Fernsteuerung per SMS

Ich bin Fernpendler. In meiner "Arbeits"-Wohnung benutze ich nur mobiles Internet. Um die Heizung bei Bedarf anschalten zu können, habe ich eine Steuerung gebaut, die auf SMS reagiert.

#Wettbewerb_Frühling_2026 #Automatisierung #SMS #Python #gammu #Linux

https://gnulinux.ch/heizungs-fernsteuerung-per-sms

⚠️ Uwaga na złośliwe SMS-y od mObywatela!

Otrzymujemy zgłoszenia, że na polskie numery telefonów rozsyłana jest kapania SMS-owa, w ramach której przestępcy wysyłają SMS-y z nazwy “mObywatel” — czyli dokładnie tej samej, którą posługuje się oficjalny rządowy system. Wiadomości brzmią wiarygodnie i dotyczą “wykrycia wykroczenia drogowego”. Oto jak wygląda ścieżka ataku:

Kliknięcie w link z SMS przekierowuje ofiarę na stronę, na której może ona sprawdzić swoje punkty karne. Oczywiście sprawdzenie zawsze kończy się informacją o niepłaconym na 200 PLN mandacie. Próba jego opłacenia wyświetla formularz proszący o wprowadzenie danych karty płatniczej. Jeśli ktoś je wprowadzi i potwierdzi transakcję “płatności” w aplikacji swojego banku, to jego karta płatnicza zostanie dodana go walleta Google, dzięki czemu przestępcy będą nią mogli płacić bez konieczności proszenia o potwierdzenia transakcji i wyzerują konto ofiary.
Jak można wykryć, że to atak i oszustwo?
Jak widać, SMS — choć fałszywy — przychodzi z prawdziwej nazwy (tzw. nadpisu) mObywatel. To powoduje, że fałszywa wiadomość wątkuje się z prawdziwymi wiadomościami, które wcześniej od rządowej usług mObywatel otrzymywała ofiara. To szalenie podnosi wiarygodność ataku. Ale…
Na ten atak nie złapią się osoby, które przestrzegają następujących, podstawowych zasad bezpieczeństwa:

Analizuj linki w wiadomościach SMS przed kliknięciem. (link w SMS od oszustów nie jest poprawnym linkiem usługi rządowej, choć ma w nazwie “gov” i “pl”, to domena nie kończy się na gov.pl)
Podczas płatnością karty w internecie, zawsze zwracaj uwagę na komunikat w aplikacji bankowej — czy to płatność a może dodanie do “portfela Google Pay”? Jaka jest kwota transakcji? Kto jest stroną transakcji?

Otrzymałem taką wiadomość, co robić, jak żyć? [...]

#Cyberalert #MObywatel #Phishing #SMS #Spoofing

https://niebezpiecznik.pl/post/mobywatel-mandat/

Wow... interesting these things work by overloading cell phone towers.

https://techcrunch.com/2026/05/07/police-arrest-sms-blaster-crew-that-sent-malicious-messages-to-thousands-across-toronto/?utm_source=dlvr.it&utm_medium=mastodon

#sms #cybersecurity

today's #pixelfont recreation: codemasters' "micro machines" (1991) on the sega master system https://www.splintered.co.uk/experiments/1715 #SMS #pixelart #retrogaming

Confused by the LPG surrender SMS? Learn about the 2026 'one home, one gas connection' rule, why it's mandatory, and how to verify your status online today. https://english.mathrubhumi.com/news/india/lpg-surrender-rule-one-home-one-gas-connection-message-lyz6yiii?utm_source=dlvr.it&utm_medium=mastodon #LPG #surrender #SMS #Shortage #IndiaNews

Confused by the LPG surrender SMS? Learn about the 2026 'one home, one gas connection' rule, why it's mandatory, and how to verify your status online today. https://english.mathrubhumi.com/news/india/lpg-surrender-rule-one-home-one-gas-connection-message-lyz6yiii?utm_source=dlvr.it&utm_medium=mastodon #LPG #surrender #SMS #Shortage #IndiaNews

Confused by the LPG surrender SMS? Learn about the 2026 'one home, one gas connection' rule, why it's mandatory, and how to verify your status online today. https://english.mathrubhumi.com/news/india/lpg-surrender-rule-one-home-one-gas-connection-message-lyz6yiii?utm_source=dlvr.it&utm_medium=mastodon #LPG #surrender #SMS #Shortage #IndiaNews

Confused by the LPG surrender SMS? Learn about the 2026 'one home, one gas connection' rule, why it's mandatory, and how to verify your status online today. https://english.mathrubhumi.com/news/india/lpg-surrender-rule-one-home-one-gas-connection-message-lyz6yiii?utm_source=dlvr.it&utm_medium=mastodon #LPG #surrender #SMS #Shortage #IndiaNews

Confused by the LPG surrender SMS? Learn about the 2026 'one home, one gas connection' rule, why it's mandatory, and how to verify your status online today. https://english.mathrubhumi.com/news/india/lpg-surrender-rule-one-home-one-gas-connection-message-lyz6yiii?utm_source=dlvr.it&utm_medium=mastodon #LPG #surrender #SMS #Shortage #IndiaNews

CloudZ RAT Uses Pheno Plugin to Hijack SMS and OTPs

Pulse ID: 69fb6028957faa5ed109be66
Pulse Link: https://otx.alienvault.com/pulse/69fb6028957faa5ed109be66
Pulse Author: cryptocti
Created: 2026-05-06 15:37:12

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cloud #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #SMS #bot #cryptocti

watchOS 26.5: Apple fixes SMS bug with Dual-SIM and training alerts

Apple has released the Release Candidate of watchOS 26.5. The update fixes two bugs for Dual-SIM iPhones and training alerts.

https://www.heise.de/en/news/watchOS-26-5-Apple-fixes-SMS-bug-with-Dual-SIM-and-training-alerts-11284475.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Apple #AppleWatch #iMessage #Mobiles #SMS #Updates #WatchOS #news

watchOS 26.5: Apple behebt SMS-Bug bei Dual-SIM und Training-Hinweisen

Apple hat den Release Candidate von watchOS 26.5 veröffentlicht. Das Update behebt zwei Fehler bei Dual-SIM-iPhones und Training-Alerts.

https://www.heise.de/news/watchOS-26-5-Apple-behebt-SMS-Bug-bei-Dual-SIM-und-Training-Hinweisen-11284282.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Apple #AppleWatch #iMessage #Mobiles #SMS #Updates #WatchOS #news

#CloudZ #malware abuses #Microsoft #PhoneLink to steal #SMS and OTPs

https://www.bleepingcomputer.com/news/security/cloudz-malware-abuses-microsoft-phone-link-to-steal-sms-and-otps/

#cybersecurity #OTP #Windows

CloudZ RAT potentially steals OTP messages using Pheno plugin

Cisco Talos uncovered an intrusion active since January 2026 where attackers deployed CloudZ remote access tool and an undocumented plugin called Pheno to steal credentials and one-time passwords. The attack exploits Microsoft Phone Link application by intercepting synchronized mobile data including SMS and OTPs without requiring phone-level infection. CloudZ evades detection through dynamic memory execution and anti-analysis checks. The infection chain begins with a fake ScreenConnect update executable, leading to a Rust-compiled dropper that deploys a .NET loader, ultimately establishing the modular CloudZ RAT. The Pheno plugin monitors Phone Link processes and intercepts SQLite database files containing synchronized phone data. CloudZ employs ConfuserEx obfuscation, multiple configuration layers, and facilitates various commands including browser data exfiltration, shell execution, and plugin management while maintaining persistence through scheduled tasks.

Pulse ID: 69f9f99cd352da334850ef13
Pulse Link: https://otx.alienvault.com/pulse/69f9f99cd352da334850ef13
Pulse Author: AlienVault
Created: 2026-05-05 14:07:24

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cisco #Cloud #CyberSecurity #InfoSec #Microsoft #NET #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #Rust #SMS #SQL #ScreenConnect #Talos #Word #bot #AlienVault

@liz @lardier @kuketzblog
Schon jetzt braucht man keine Telnr. für #Threema!
Das macht Threema deshalb für mich auch zur ersten Wahl bei kommerziellen Anbietern.
Ansonsten empfehle ich #DeltaChat - das hat etwas weniger Komfort/Funktionen, ist aber unabhängiger.
Mir reichen diese beiden völlig aus - alle anderen schreiben mir halt per #SMS!
😁

An In-Depth Analysis of Novel KarstoRAT Malware

KarstoRAT is a newly identified remote access trojan that emerged in early 2026, combining surveillance, credential theft, and remote command execution capabilities. The malware supports extensive post-compromise operations including system reconnaissance, screenshot and audio capture, webcam monitoring, keylogging, and token theft. It communicates with a C2 server at 212.227.65[.]132 using HTTP protocols with the user agent 'SecurityNotifier'. Distribution occurs through gaming-themed lure pages targeting Roblox players and FPS/GTA modders via fake cheat loaders. KarstoRAT employs multiple persistence mechanisms through registry keys, scheduled tasks, and startup folders, while featuring a UAC bypass using the fodhelper.exe technique. The malware has not been publicly advertised on cybercrime forums, suggesting private development and limited operator use rather than commodity distribution.

Pulse ID: 69f3653e6f25eb53d5d343b1
Pulse Link: https://otx.alienvault.com/pulse/69f3653e6f25eb53d5d343b1
Pulse Author: AlienVault
Created: 2026-04-30 14:20:46

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberCrime #CyberSecurity #HTTP #InfoSec #Malware #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #RemoteCommandExecution #SMS #Trojan #bot #AlienVault

Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India

The Silver Fox threat group conducted phishing campaigns in December 2025 and January 2026, impersonating tax authorities in India and Russia. Malicious emails contained archives with a modified Rust-based RustSL loader that deployed ValleyRAT backdoor. Over 1600 malicious emails targeted organizations across industrial, consulting, retail, and transportation sectors. During investigation, a previously undocumented Python-based backdoor named ABCDoor was discovered, active since late 2024. The attacks utilized multi-stage infection chains involving encrypted payloads, custom ValleyRAT modules, and various persistence mechanisms including Phantom Persistence technique. ABCDoor features remote control capabilities, screen broadcasting using ffmpeg, and file manipulation functions. The group employed sophisticated evasion techniques including geofencing, string encryption, and mimicking legitimate VPN services.

Pulse ID: 69f3241b2759ee934874df9f
Pulse Link: https://otx.alienvault.com/pulse/69f3241b2759ee934874df9f
Pulse Author: AlienVault
Created: 2026-04-30 09:42:51

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #Email #Encryption #India #InfoSec #Mimic #OTX #OpenThreatExchange #Phishing #Python #RAT #Russia #Rust #SMS #VPN #bot #AlienVault

Phoenix Rising: Exposing the PhaaS Kit Behind Global Mass Phishing Campaigns

Since January 2025, researchers identified over 2,500 phishing domains targeting more than 70 organizations across financial services, telecommunications, and logistics sectors globally. Two dominant smishing campaigns were discovered: Reward Points phishing impersonating banks and telecom providers, and Failed Parcel Delivery phishing mimicking logistics companies. Despite different themes, both campaigns share infrastructure and utilize the Phoenix System administrative panel, a successor to the Mouse System. This Phishing-as-a-Service platform offers real-time victim monitoring, geofencing, IP-based filtering, and live-phishing interventions to bypass multi-factor authentication. The platform is distributed via Telegram channels for approximately $2,000 annually, providing threat actors with pre-built templates, traffic filtering mechanisms, and real-time victim management dashboards. Attackers potentially leverage fake Base Transceiver Stations to bypass carrier-level filtering and deliver messages app...

Pulse ID: 69f1fa3e73a0897558593b04
Pulse Link: https://otx.alienvault.com/pulse/69f1fa3e73a0897558593b04
Pulse Author: AlienVault
Created: 2026-04-29 12:31:58

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Bank #CyberSecurity #ICS #InfoSec #Mimic #OTX #OpenThreatExchange #Phishing #RAT #RCE #SMS #Smishing #Telecom #Telecommunication #Telegram #bot #AlienVault

🛠️ Title: Gearsystem
🦊️ Idea: A libre & accurate Sega Master System / Game Gear / SG-1000 emulator
🏡️ -
🐣️ https://github.com/drhelius/Gearsystem
🔖 #LinuxEmulation #Sega #sms #GameGear #SG1000
📦️ #Libre #Bin #Arch #Snap
📕️ https://lebottinlinux.vps.a-lec.org/LO.html

🥁️ Update: 3.9.5/6
⚗️ Major release(Stable)🍎️
📌️ Changes: https://github.com/drhelius/Gearsystem/releases
🦣️ From: 🛜️ https://github.com/drhelius/Gearsystem/releases.atom

🎮️ https://www.youtube.com/embed/donJGpnMFFQ
🎮️ https://www.youtube.com/embed/5AuKvjH4Uqs
🎮️ https://www.youtube.com/embed/iKehYUp45e0

https://www.europesays.com/ee/166149/ Delfi #ajaviide #Äri #autoleht #blog #Business #cv #date #defli #delfi #EE #Eesti #EestiKeel #ekaart #email #erootika #Estonia #Estonian #Film #foto #Horoskoop #ilm #ilmaennustus #internet #kaart #kava #kindlustus #kinnisvara #kuulutused #lasteleht #loto #majandus #mängud #mobiil #muusika #naisteleht #naljad #otsing #pank #pilt #raadio #reklaam #seks #sms #solo #Sport #tarkvara #tasuta #töö #tööpakkumised #tutvus #TV #Uudised #valimised #valuuta #video

Multi-Stage Malware Execution Chain Analysis

A sophisticated multi-stage malware execution chain was discovered during proactive threat hunting activities using endpoint telemetry and dynamic analysis. The attack sequence demonstrates advanced techniques including script masquerading, defense evasion mechanisms, staged payload extraction, and establishment of command-and-control communications. The malware exhibits capabilities for downloading additional payloads, presenting risks of data exfiltration and lateral movement within compromised networks. Immediate network isolation of affected systems is critical, with full system reimaging strongly recommended to ensure complete removal of all malicious components. The investigation identified multiple malicious file hashes, a command-and-control IP address, and an associated domain used for maintaining persistent access to compromised environments.

Pulse ID: 69f1e236e4e192f639298d53
Pulse Link: https://otx.alienvault.com/pulse/69f1e236e4e192f639298d53
Pulse Author: AlienVault
Created: 2026-04-29 10:49:26

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Endpoint #InfoSec #Malware #OTX #OpenThreatExchange #RAT #SMS #bot #AlienVault

GachiLoader adopts AI skill lure

Threat actors are exploiting AI agent skill formats as a novel attack vector, using convincingly packaged OpenClaw skills to distribute malicious payloads. The latest campaign employs pure social engineering, with skills containing no malicious code themselves but instead tricking users into downloading Windows binaries. The attack leverages a fake GitHub infrastructure hosting GachiLoader, which delivers Rhadamanthys infostealer through fileless injection. The operation uses two delivery mechanisms: Node.js Single Executable Applications and an Electron dropper, both converging on the same payload. GachiLoader employs sophisticated evasion techniques including anti-VM checks, sandbox detection, and privilege escalation, while using a Polygon blockchain smart contract as its C2 resolver for enhanced persistence and obfuscation.

Pulse ID: 69f16bcf526f3511990485b6
Pulse Link: https://otx.alienvault.com/pulse/69f16bcf526f3511990485b6
Pulse Author: AlienVault
Created: 2026-04-29 02:24:15

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BlockChain #CyberSecurity #GitHub #InfoSec #InfoStealer #Nodejs #OTX #OpenThreatExchange #RAT #Rhadamanthys #SMS #SocialEngineering #Windows #bot #AlienVault

73 Open VSX Sleeper Extensions Linked to Malware Show New Activations

The GlassWorm campaign targeting Open VSX has escalated with 73 newly identified impersonation extensions. These sleeper extensions were initially published without malicious payloads by newly created GitHub accounts, appearing benign to build trust and credibility. At least six extensions have been activated to deliver malware through normal update mechanisms. The extensions clone popular legitimate listings with similar branding, icons, and descriptions, making detection difficult. The threat actor has shifted delivery methods away from embedded loaders toward transitive delivery via extension dependencies, external payload retrieval from GitHub-hosted VSIX files, and native binary execution. Some variants use obfuscated JavaScript to decode and retrieve payloads at runtime. The malicious code targets multiple IDEs including VS Code, Cursor, Windsurf, and VSCodium, installing downloaded extensions through command-line interfaces.

Pulse ID: 69ef8c5eed11e8689f663f34
Pulse Link: https://otx.alienvault.com/pulse/69ef8c5eed11e8689f663f34
Pulse Author: AlienVault
Created: 2026-04-27 16:18:38

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #GitHub #InfoSec #Java #JavaScript #Malware #OTX #OpenThreatExchange #Rust #SMS #Worm #bot #AlienVault

fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet

Researchers uncovered fast16, a cyber sabotage framework from 2005 that predates Stuxnet by five years. The toolset includes fast16.sys, a kernel driver that selectively targets high-precision calculation software by patching code in memory to corrupt computational results. Combined with self-propagation mechanisms via a Lua-powered carrier module (svcmgmt.exe), the framework spreads across facilities to produce consistent inaccurate calculations. This operation represents the first documented instance of strategic cyber sabotage targeting ultra-expensive computing workloads in advanced physics, cryptographic, and nuclear research. The framework uses an embedded Lua virtual machine predating Flame by three years and appears in the ShadowBrokers leak of NSA Territorial Dispute components with the evasion signature: 'fast16 *** Nothing to see here – carry on ***'.

Pulse ID: 69eafa1063a05bb892acea52
Pulse Link: https://otx.alienvault.com/pulse/69eafa1063a05bb892acea52
Pulse Author: AlienVault
Created: 2026-04-24 05:05:20

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ELF #ICS #InfoSec #LUA #Mac #NSA #OTX #OpenThreatExchange #RAT #SMS #bot #AlienVault

Analyzing a Full ClickFix Attack Chain - Part 1

A sophisticated ClickFix campaign was detected in mid-March 2026, beginning with a malicious webpage impersonating Booking.com's visual identity with a fake CAPTCHA. The attack leverages social engineering to trick victims into executing a PowerShell command that downloads and runs a script directly in memory. The JavaScript code automatically copies malicious commands to the clipboard and intercepts copy events. Once executed, the PowerShell dropper performs system fingerprinting, downloads a ZIP payload from a remote server, deploys it to user directories, establishes persistence through registry keys and scheduled tasks, and executes the final payload. The campaign demonstrates well-structured code with fallback mechanisms and real-time telemetry via Telegram, suggesting the use of a ready-to-use attack kit.

Pulse ID: 69ea2d5cd8732f2d8910fceb
Pulse Link: https://otx.alienvault.com/pulse/69ea2d5cd8732f2d8910fceb
Pulse Author: AlienVault
Created: 2026-04-23 14:31:56

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CAPTCHA #Clipboard #CyberSecurity #InfoSec #Java #JavaScript #OTX #OpenThreatExchange #PowerShell #RAT #RCE #SMS #SocialEngineering #Telegram #ZIP #bot #AlienVault