#social-engineering — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #social-engineering, aggregated by home.social.
-
ClickLock Stealer: Paste Once, Lose Everything
A new modular macOS information stealer named ClickLock Stealer has been discovered targeting users primarily in Europe, North America, and the Middle East. The malware is likely distributed via ClickFix social engineering pages that trick victims into pasting malicious commands into Terminal. Once executed, it deploys four components: a credential stealer, a Keychain stealer targeting Chrome's encryption key, a comprehensive crypto wallet harvester, and a persistent GSocket-based backdoor. The malware employs an aggressive 'locker' technique, killing all visible applications except password dialogs to force user compliance. It targets data from eight browsers, 31 crypto wallet extensions, seven password managers, desktop wallets, macOS Keychain, and shell history. The campaign has compromised at least 100 victims across 33 countries since May 2026, using compromised WordPress domains and Telegram for command and control and exfiltration.
Pulse ID: 6a58c1a90a160ce1e25e78e7
Pulse Link: https://otx.alienvault.com/pulse/6a58c1a90a160ce1e25e78e7
Pulse Author: AlienVault
Created: 2026-07-16 11:34:01Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #Browser #Chrome #CyberSecurity #Encryption #Europe #InfoSec #Mac #MacOS #Malware #MiddleEast #NorthAmerica #OTX #OpenThreatExchange #Password #RAT #RCE #RDP #SocialEngineering #Telegram #Word #Wordpress #bot #AlienVault
-
ClickLock Stealer: Paste Once, Lose Everything
A new modular macOS information stealer named ClickLock Stealer has been discovered targeting users primarily in Europe, North America, and the Middle East. The malware is likely distributed via ClickFix social engineering pages that trick victims into pasting malicious commands into Terminal. Once executed, it deploys four components: a credential stealer, a Keychain stealer targeting Chrome's encryption key, a comprehensive crypto wallet harvester, and a persistent GSocket-based backdoor. The malware employs an aggressive 'locker' technique, killing all visible applications except password dialogs to force user compliance. It targets data from eight browsers, 31 crypto wallet extensions, seven password managers, desktop wallets, macOS Keychain, and shell history. The campaign has compromised at least 100 victims across 33 countries since May 2026, using compromised WordPress domains and Telegram for command and control and exfiltration.
Pulse ID: 6a58c1a90a160ce1e25e78e7
Pulse Link: https://otx.alienvault.com/pulse/6a58c1a90a160ce1e25e78e7
Pulse Author: AlienVault
Created: 2026-07-16 11:34:01Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #Browser #Chrome #CyberSecurity #Encryption #Europe #InfoSec #Mac #MacOS #Malware #MiddleEast #NorthAmerica #OTX #OpenThreatExchange #Password #RAT #RCE #RDP #SocialEngineering #Telegram #Word #Wordpress #bot #AlienVault
-
ClickLock Stealer: Paste Once, Lose Everything
A new modular macOS information stealer named ClickLock Stealer has been discovered targeting users primarily in Europe, North America, and the Middle East. The malware is likely distributed via ClickFix social engineering pages that trick victims into pasting malicious commands into Terminal. Once executed, it deploys four components: a credential stealer, a Keychain stealer targeting Chrome's encryption key, a comprehensive crypto wallet harvester, and a persistent GSocket-based backdoor. The malware employs an aggressive 'locker' technique, killing all visible applications except password dialogs to force user compliance. It targets data from eight browsers, 31 crypto wallet extensions, seven password managers, desktop wallets, macOS Keychain, and shell history. The campaign has compromised at least 100 victims across 33 countries since May 2026, using compromised WordPress domains and Telegram for command and control and exfiltration.
Pulse ID: 6a58c1a90a160ce1e25e78e7
Pulse Link: https://otx.alienvault.com/pulse/6a58c1a90a160ce1e25e78e7
Pulse Author: AlienVault
Created: 2026-07-16 11:34:01Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #Browser #Chrome #CyberSecurity #Encryption #Europe #InfoSec #Mac #MacOS #Malware #MiddleEast #NorthAmerica #OTX #OpenThreatExchange #Password #RAT #RCE #RDP #SocialEngineering #Telegram #Word #Wordpress #bot #AlienVault
-
ClickLock Stealer: Paste Once, Lose Everything
A new modular macOS information stealer named ClickLock Stealer has been discovered targeting users primarily in Europe, North America, and the Middle East. The malware is likely distributed via ClickFix social engineering pages that trick victims into pasting malicious commands into Terminal. Once executed, it deploys four components: a credential stealer, a Keychain stealer targeting Chrome's encryption key, a comprehensive crypto wallet harvester, and a persistent GSocket-based backdoor. The malware employs an aggressive 'locker' technique, killing all visible applications except password dialogs to force user compliance. It targets data from eight browsers, 31 crypto wallet extensions, seven password managers, desktop wallets, macOS Keychain, and shell history. The campaign has compromised at least 100 victims across 33 countries since May 2026, using compromised WordPress domains and Telegram for command and control and exfiltration.
Pulse ID: 6a58c1a90a160ce1e25e78e7
Pulse Link: https://otx.alienvault.com/pulse/6a58c1a90a160ce1e25e78e7
Pulse Author: AlienVault
Created: 2026-07-16 11:34:01Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #Browser #Chrome #CyberSecurity #Encryption #Europe #InfoSec #Mac #MacOS #Malware #MiddleEast #NorthAmerica #OTX #OpenThreatExchange #Password #RAT #RCE #RDP #SocialEngineering #Telegram #Word #Wordpress #bot #AlienVault
-
ClickLock Stealer: Paste Once, Lose Everything
A new modular macOS information stealer named ClickLock Stealer has been discovered targeting users primarily in Europe, North America, and the Middle East. The malware is likely distributed via ClickFix social engineering pages that trick victims into pasting malicious commands into Terminal. Once executed, it deploys four components: a credential stealer, a Keychain stealer targeting Chrome's encryption key, a comprehensive crypto wallet harvester, and a persistent GSocket-based backdoor. The malware employs an aggressive 'locker' technique, killing all visible applications except password dialogs to force user compliance. It targets data from eight browsers, 31 crypto wallet extensions, seven password managers, desktop wallets, macOS Keychain, and shell history. The campaign has compromised at least 100 victims across 33 countries since May 2026, using compromised WordPress domains and Telegram for command and control and exfiltration.
Pulse ID: 6a58c1a90a160ce1e25e78e7
Pulse Link: https://otx.alienvault.com/pulse/6a58c1a90a160ce1e25e78e7
Pulse Author: AlienVault
Created: 2026-07-16 11:34:01Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #Browser #Chrome #CyberSecurity #Encryption #Europe #InfoSec #Mac #MacOS #Malware #MiddleEast #NorthAmerica #OTX #OpenThreatExchange #Password #RAT #RCE #RDP #SocialEngineering #Telegram #Word #Wordpress #bot #AlienVault
-
Novel Starland RAT and bespoke WLDR C2 implant deployed in financially motivated campaign
A sophisticated Russian-speaking financially motivated adversary designated UAT-11795 has been conducting malicious operations targeting users in the United States and Europe since June 2025. The campaign delivers a Python-based remote access tool called Starland RAT and a PowerShell-based command-and-control memory implant known as the WLDR agent. The actor distributes trojanized installers disguised as legitimate software including MobaXterm, WebEx, Zoom, DBeaver, and FACEIT through likely ClickFix social engineering techniques. The operation targets victims' credentials and cryptocurrency wallet assets while establishing persistent connections for additional payload delivery. Alternative payloads include CastleStealer and Remcos RAT. The infrastructure utilizes distributed staging and C2 domains, Telegram bots for notifications, and a Polygon smart contract as a fallback mechanism for C2 domain resolution. The WLDR agent features encrypted beaconing, task queuing, and a Runspace execution engine for exe...
Pulse ID: 6a58c1aa702b1130710d1bfb
Pulse Link: https://otx.alienvault.com/pulse/6a58c1aa702b1130710d1bfb
Pulse Author: AlienVault
Created: 2026-07-16 11:34:02Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #Europe #InfoSec #OTX #OpenThreatExchange #PowerShell #Python #RAT #Remcos #RemcosRAT #Russia #SocialEngineering #Telegram #Trojan #UnitedStates #Zoom #bot #cryptocurrency #AlienVault
-
Novel Starland RAT and bespoke WLDR C2 implant deployed in financially motivated campaign
A sophisticated Russian-speaking financially motivated adversary designated UAT-11795 has been conducting malicious operations targeting users in the United States and Europe since June 2025. The campaign delivers a Python-based remote access tool called Starland RAT and a PowerShell-based command-and-control memory implant known as the WLDR agent. The actor distributes trojanized installers disguised as legitimate software including MobaXterm, WebEx, Zoom, DBeaver, and FACEIT through likely ClickFix social engineering techniques. The operation targets victims' credentials and cryptocurrency wallet assets while establishing persistent connections for additional payload delivery. Alternative payloads include CastleStealer and Remcos RAT. The infrastructure utilizes distributed staging and C2 domains, Telegram bots for notifications, and a Polygon smart contract as a fallback mechanism for C2 domain resolution. The WLDR agent features encrypted beaconing, task queuing, and a Runspace execution engine for exe...
Pulse ID: 6a58c1aa702b1130710d1bfb
Pulse Link: https://otx.alienvault.com/pulse/6a58c1aa702b1130710d1bfb
Pulse Author: AlienVault
Created: 2026-07-16 11:34:02Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #Europe #InfoSec #OTX #OpenThreatExchange #PowerShell #Python #RAT #Remcos #RemcosRAT #Russia #SocialEngineering #Telegram #Trojan #UnitedStates #Zoom #bot #cryptocurrency #AlienVault
-
Novel Starland RAT and bespoke WLDR C2 implant deployed in financially motivated campaign
A sophisticated Russian-speaking financially motivated adversary designated UAT-11795 has been conducting malicious operations targeting users in the United States and Europe since June 2025. The campaign delivers a Python-based remote access tool called Starland RAT and a PowerShell-based command-and-control memory implant known as the WLDR agent. The actor distributes trojanized installers disguised as legitimate software including MobaXterm, WebEx, Zoom, DBeaver, and FACEIT through likely ClickFix social engineering techniques. The operation targets victims' credentials and cryptocurrency wallet assets while establishing persistent connections for additional payload delivery. Alternative payloads include CastleStealer and Remcos RAT. The infrastructure utilizes distributed staging and C2 domains, Telegram bots for notifications, and a Polygon smart contract as a fallback mechanism for C2 domain resolution. The WLDR agent features encrypted beaconing, task queuing, and a Runspace execution engine for exe...
Pulse ID: 6a58c1aa702b1130710d1bfb
Pulse Link: https://otx.alienvault.com/pulse/6a58c1aa702b1130710d1bfb
Pulse Author: AlienVault
Created: 2026-07-16 11:34:02Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #Europe #InfoSec #OTX #OpenThreatExchange #PowerShell #Python #RAT #Remcos #RemcosRAT #Russia #SocialEngineering #Telegram #Trojan #UnitedStates #Zoom #bot #cryptocurrency #AlienVault
-
Novel Starland RAT and bespoke WLDR C2 implant deployed in financially motivated campaign
A sophisticated Russian-speaking financially motivated adversary designated UAT-11795 has been conducting malicious operations targeting users in the United States and Europe since June 2025. The campaign delivers a Python-based remote access tool called Starland RAT and a PowerShell-based command-and-control memory implant known as the WLDR agent. The actor distributes trojanized installers disguised as legitimate software including MobaXterm, WebEx, Zoom, DBeaver, and FACEIT through likely ClickFix social engineering techniques. The operation targets victims' credentials and cryptocurrency wallet assets while establishing persistent connections for additional payload delivery. Alternative payloads include CastleStealer and Remcos RAT. The infrastructure utilizes distributed staging and C2 domains, Telegram bots for notifications, and a Polygon smart contract as a fallback mechanism for C2 domain resolution. The WLDR agent features encrypted beaconing, task queuing, and a Runspace execution engine for exe...
Pulse ID: 6a58c1aa702b1130710d1bfb
Pulse Link: https://otx.alienvault.com/pulse/6a58c1aa702b1130710d1bfb
Pulse Author: AlienVault
Created: 2026-07-16 11:34:02Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #Europe #InfoSec #OTX #OpenThreatExchange #PowerShell #Python #RAT #Remcos #RemcosRAT #Russia #SocialEngineering #Telegram #Trojan #UnitedStates #Zoom #bot #cryptocurrency #AlienVault
-
Novel Starland RAT and bespoke WLDR C2 implant deployed in financially motivated campaign
A sophisticated Russian-speaking financially motivated adversary designated UAT-11795 has been conducting malicious operations targeting users in the United States and Europe since June 2025. The campaign delivers a Python-based remote access tool called Starland RAT and a PowerShell-based command-and-control memory implant known as the WLDR agent. The actor distributes trojanized installers disguised as legitimate software including MobaXterm, WebEx, Zoom, DBeaver, and FACEIT through likely ClickFix social engineering techniques. The operation targets victims' credentials and cryptocurrency wallet assets while establishing persistent connections for additional payload delivery. Alternative payloads include CastleStealer and Remcos RAT. The infrastructure utilizes distributed staging and C2 domains, Telegram bots for notifications, and a Polygon smart contract as a fallback mechanism for C2 domain resolution. The WLDR agent features encrypted beaconing, task queuing, and a Runspace execution engine for exe...
Pulse ID: 6a58c1aa702b1130710d1bfb
Pulse Link: https://otx.alienvault.com/pulse/6a58c1aa702b1130710d1bfb
Pulse Author: AlienVault
Created: 2026-07-16 11:34:02Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #Europe #InfoSec #OTX #OpenThreatExchange #PowerShell #Python #RAT #Remcos #RemcosRAT #Russia #SocialEngineering #Telegram #Trojan #UnitedStates #Zoom #bot #cryptocurrency #AlienVault
-
📬 Scattered Spider: Live gestreamter Cyberangriff endet mit 5,5 Jahren Haft
#Cyberangriffe #Rechtssachen #Cyberangriff #Cybercrime #Cyberkriminalität #Datenklau #Hackergruppe #Ransomware #ScatteredSpider #socialengineering #TfLHack #TransportforLondon https://sc.tarnkappe.info/91653a -
📬 Scattered Spider: Live gestreamter Cyberangriff endet mit 5,5 Jahren Haft
#Cyberangriffe #Rechtssachen #Cyberangriff #Cybercrime #Cyberkriminalität #Datenklau #Hackergruppe #Ransomware #ScatteredSpider #socialengineering #TfLHack #TransportforLondon https://sc.tarnkappe.info/91653a -
📬 Scattered Spider: Live gestreamter Cyberangriff endet mit 5,5 Jahren Haft
#Cyberangriffe #Rechtssachen #Cyberangriff #Cybercrime #Cyberkriminalität #Datenklau #Hackergruppe #Ransomware #ScatteredSpider #socialengineering #TfLHack #TransportforLondon https://sc.tarnkappe.info/91653a -
📬 Scattered Spider: Live gestreamter Cyberangriff endet mit 5,5 Jahren Haft
#Cyberangriffe #Rechtssachen #Cyberangriff #Cybercrime #Cyberkriminalität #Datenklau #Hackergruppe #Ransomware #ScatteredSpider #socialengineering #TfLHack #TransportforLondon https://sc.tarnkappe.info/91653a -
📬 Scattered Spider: Live gestreamter Cyberangriff endet mit 5,5 Jahren Haft
#Cyberangriffe #Rechtssachen #Cyberangriff #Cybercrime #Cyberkriminalität #Datenklau #Hackergruppe #Ransomware #ScatteredSpider #socialengineering #TfLHack #TransportforLondon https://sc.tarnkappe.info/91653a -
I participated in a LinkedIn-based social engineering attempt
The playbook:
✅ LinkedIn message
✅ Calendly meeting invite
✅ No camera ("technical issue")
✅ Gmail account, not corporate email
✅ Request to share your screen
✅ Excessive praise regardless of your answers
✅ Links to external sites + requests to install softwareStay vigilant.
https://www.alanbonnici.com/2026/07/warning-increase-in-social-engineering.html
#CyberSecurity #Phishing #SocialEngineering #LinkedIn #ScamAlert #TTMO
-
I participated in a LinkedIn-based social engineering attempt
The playbook:
✅ LinkedIn message
✅ Calendly meeting invite
✅ No camera ("technical issue")
✅ Gmail account, not corporate email
✅ Request to share your screen
✅ Excessive praise regardless of your answers
✅ Links to external sites + requests to install softwareStay vigilant.
https://www.alanbonnici.com/2026/07/warning-increase-in-social-engineering.html
#CyberSecurity #Phishing #SocialEngineering #LinkedIn #ScamAlert #TTMO
-
I participated in a LinkedIn-based social engineering attempt
The playbook:
✅ LinkedIn message
✅ Calendly meeting invite
✅ No camera ("technical issue")
✅ Gmail account, not corporate email
✅ Request to share your screen
✅ Excessive praise regardless of your answers
✅ Links to external sites + requests to install softwareStay vigilant.
https://www.alanbonnici.com/2026/07/warning-increase-in-social-engineering.html
#CyberSecurity #Phishing #SocialEngineering #LinkedIn #ScamAlert #TTMO
-
I participated in a LinkedIn-based social engineering attempt
The playbook:
✅ LinkedIn message
✅ Calendly meeting invite
✅ No camera ("technical issue")
✅ Gmail account, not corporate email
✅ Request to share your screen
✅ Excessive praise regardless of your answers
✅ Links to external sites + requests to install softwareStay vigilant.
https://www.alanbonnici.com/2026/07/warning-increase-in-social-engineering.html
#CyberSecurity #Phishing #SocialEngineering #LinkedIn #ScamAlert #TTMO
-
I participated in a LinkedIn-based social engineering attempt
The playbook:
✅ LinkedIn message
✅ Calendly meeting invite
✅ No camera ("technical issue")
✅ Gmail account, not corporate email
✅ Request to share your screen
✅ Excessive praise regardless of your answers
✅ Links to external sites + requests to install softwareStay vigilant.
https://www.alanbonnici.com/2026/07/warning-increase-in-social-engineering.html
#CyberSecurity #Phishing #SocialEngineering #LinkedIn #ScamAlert #TTMO
-
macOS Stealer Uses Coercion Loop to Force Password Entry
A new macOS stealer malware has hit over 100 victims across 33 countries in just two months, with a clever coercion loop trick that forces users to enter their passwords. The attack starts with a simple paste-and-run lure, where victims unknowingly paste a command into Terminal after visiting a malicious webpage.
#MacosStealer #MalwareOperations #EmergingThreats #SocialEngineering #Europe
-
TELEPUZ: a modular MaaS malware spreading via CLICKFIX-VIDAR chains
TELEPUZ is a newly emerged modular malware-as-a-service first detected in April 2026, spreading through CLICKFIX-VIDAR infection chains. The lightweight, full-featured threat employs sophisticated evasion techniques including indirect syscalls, NTDLL unhooking, and anti-VM checks. It establishes persistence through service installation, communicates via WebSockets with C2 servers, and downloads additional modules for keylogging, credential theft, and web injection. The infection begins with social engineering tricks prompting victims to execute PowerShell commands, deploying VIDAR as a second stage which then delivers TELEPUZ components. Despite limited C2 infrastructure, high daily build volumes indicate active development and expanding operations by likely a small team or solo developer offering malware-as-a-service.
Pulse ID: 6a584223f539e1c98cd537cb
Pulse Link: https://otx.alienvault.com/pulse/6a584223f539e1c98cd537cb
Pulse Author: AlienVault
Created: 2026-07-16 02:29:55Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #MaaS #Malware #MalwareAsAService #OTX #OpenThreatExchange #PowerShell #RAT #SocialEngineering #Vidar #bot #AlienVault
-
TELEPUZ: a modular MaaS malware spreading via CLICKFIX-VIDAR chains
TELEPUZ is a newly emerged modular malware-as-a-service first detected in April 2026, spreading through CLICKFIX-VIDAR infection chains. The lightweight, full-featured threat employs sophisticated evasion techniques including indirect syscalls, NTDLL unhooking, and anti-VM checks. It establishes persistence through service installation, communicates via WebSockets with C2 servers, and downloads additional modules for keylogging, credential theft, and web injection. The infection begins with social engineering tricks prompting victims to execute PowerShell commands, deploying VIDAR as a second stage which then delivers TELEPUZ components. Despite limited C2 infrastructure, high daily build volumes indicate active development and expanding operations by likely a small team or solo developer offering malware-as-a-service.
Pulse ID: 6a584223f539e1c98cd537cb
Pulse Link: https://otx.alienvault.com/pulse/6a584223f539e1c98cd537cb
Pulse Author: AlienVault
Created: 2026-07-16 02:29:55Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #MaaS #Malware #MalwareAsAService #OTX #OpenThreatExchange #PowerShell #RAT #SocialEngineering #Vidar #bot #AlienVault
-
TELEPUZ: a modular MaaS malware spreading via CLICKFIX-VIDAR chains
TELEPUZ is a newly emerged modular malware-as-a-service first detected in April 2026, spreading through CLICKFIX-VIDAR infection chains. The lightweight, full-featured threat employs sophisticated evasion techniques including indirect syscalls, NTDLL unhooking, and anti-VM checks. It establishes persistence through service installation, communicates via WebSockets with C2 servers, and downloads additional modules for keylogging, credential theft, and web injection. The infection begins with social engineering tricks prompting victims to execute PowerShell commands, deploying VIDAR as a second stage which then delivers TELEPUZ components. Despite limited C2 infrastructure, high daily build volumes indicate active development and expanding operations by likely a small team or solo developer offering malware-as-a-service.
Pulse ID: 6a584223f539e1c98cd537cb
Pulse Link: https://otx.alienvault.com/pulse/6a584223f539e1c98cd537cb
Pulse Author: AlienVault
Created: 2026-07-16 02:29:55Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #MaaS #Malware #MalwareAsAService #OTX #OpenThreatExchange #PowerShell #RAT #SocialEngineering #Vidar #bot #AlienVault
-
TELEPUZ: a modular MaaS malware spreading via CLICKFIX-VIDAR chains
TELEPUZ is a newly emerged modular malware-as-a-service first detected in April 2026, spreading through CLICKFIX-VIDAR infection chains. The lightweight, full-featured threat employs sophisticated evasion techniques including indirect syscalls, NTDLL unhooking, and anti-VM checks. It establishes persistence through service installation, communicates via WebSockets with C2 servers, and downloads additional modules for keylogging, credential theft, and web injection. The infection begins with social engineering tricks prompting victims to execute PowerShell commands, deploying VIDAR as a second stage which then delivers TELEPUZ components. Despite limited C2 infrastructure, high daily build volumes indicate active development and expanding operations by likely a small team or solo developer offering malware-as-a-service.
Pulse ID: 6a584223f539e1c98cd537cb
Pulse Link: https://otx.alienvault.com/pulse/6a584223f539e1c98cd537cb
Pulse Author: AlienVault
Created: 2026-07-16 02:29:55Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #MaaS #Malware #MalwareAsAService #OTX #OpenThreatExchange #PowerShell #RAT #SocialEngineering #Vidar #bot #AlienVault
-
TELEPUZ: a modular MaaS malware spreading via CLICKFIX-VIDAR chains
TELEPUZ is a newly emerged modular malware-as-a-service first detected in April 2026, spreading through CLICKFIX-VIDAR infection chains. The lightweight, full-featured threat employs sophisticated evasion techniques including indirect syscalls, NTDLL unhooking, and anti-VM checks. It establishes persistence through service installation, communicates via WebSockets with C2 servers, and downloads additional modules for keylogging, credential theft, and web injection. The infection begins with social engineering tricks prompting victims to execute PowerShell commands, deploying VIDAR as a second stage which then delivers TELEPUZ components. Despite limited C2 infrastructure, high daily build volumes indicate active development and expanding operations by likely a small team or solo developer offering malware-as-a-service.
Pulse ID: 6a584223f539e1c98cd537cb
Pulse Link: https://otx.alienvault.com/pulse/6a584223f539e1c98cd537cb
Pulse Author: AlienVault
Created: 2026-07-16 02:29:55Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #MaaS #Malware #MalwareAsAService #OTX #OpenThreatExchange #PowerShell #RAT #SocialEngineering #Vidar #bot #AlienVault
-
DATE: July 15, 2026 at 06:01PM
SOURCE: HEALTHCARE INFO SECURITYDirect article link at end of text block below.
Why AI in #Healthcare Demands Stronger Data Oversight https://t.co/Pcq4pIJE48
Here are any URLs found in the article text:
Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"
-------------------------------------------------
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.
-------------------------------------------------
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
-
DATE: July 15, 2026 at 06:01PM
SOURCE: HEALTHCARE INFO SECURITYDirect article link at end of text block below.
Why AI in #Healthcare Demands Stronger Data Oversight https://t.co/Pcq4pIJE48
Here are any URLs found in the article text:
Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"
-------------------------------------------------
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.
-------------------------------------------------
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
-
DATE: July 15, 2026 at 06:01PM
SOURCE: HEALTHCARE INFO SECURITYDirect article link at end of text block below.
Why AI in #Healthcare Demands Stronger Data Oversight https://t.co/Pcq4pIJE48
Here are any URLs found in the article text:
Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"
-------------------------------------------------
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.
-------------------------------------------------
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
-
DATE: July 15, 2026 at 06:01PM
SOURCE: HEALTHCARE INFO SECURITYDirect article link at end of text block below.
Why AI in #Healthcare Demands Stronger Data Oversight https://t.co/Pcq4pIJE48
Here are any URLs found in the article text:
Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"
-------------------------------------------------
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.
-------------------------------------------------
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
-
📬 Telegram: Angeblich stehen 182 Millionen Nutzer-Datensätze zum Verkauf
#Cyberangriffe #Datenschutz #CyberNews #Identitätsdiebstahl #NutzerDatensätze #Phishing #Reddit #socialengineering #Telegram https://sc.tarnkappe.info/6e0c38 -
📬 Telegram: Angeblich stehen 182 Millionen Nutzer-Datensätze zum Verkauf
#Cyberangriffe #Datenschutz #CyberNews #Identitätsdiebstahl #NutzerDatensätze #Phishing #Reddit #socialengineering #Telegram https://sc.tarnkappe.info/6e0c38 -
📬 Telegram: Angeblich stehen 182 Millionen Nutzer-Datensätze zum Verkauf
#Cyberangriffe #Datenschutz #CyberNews #Identitätsdiebstahl #NutzerDatensätze #Phishing #Reddit #socialengineering #Telegram https://sc.tarnkappe.info/6e0c38 -
📬 Telegram: Angeblich stehen 182 Millionen Nutzer-Datensätze zum Verkauf
#Cyberangriffe #Datenschutz #CyberNews #Identitätsdiebstahl #NutzerDatensätze #Phishing #Reddit #socialengineering #Telegram https://sc.tarnkappe.info/6e0c38 -
📬 Telegram: Angeblich stehen 182 Millionen Nutzer-Datensätze zum Verkauf
#Cyberangriffe #Datenschutz #CyberNews #Identitätsdiebstahl #NutzerDatensätze #Phishing #Reddit #socialengineering #Telegram https://sc.tarnkappe.info/6e0c38 -
DATE: July 14, 2026 at 05:40PM
SOURCE: HEALTHCARE INFO SECURITYDirect article link at end of text block below.
How #AI Can Speed Up Discovery of Safer #PainRelief Options: Nii Osae of #MindbeamAI Describes Project to Identify Promising New Treatments https://t.co/9wulCCspBV
Here are any URLs found in the article text:
Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"
-------------------------------------------------
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.
-------------------------------------------------
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
-
DATE: July 14, 2026 at 05:40PM
SOURCE: HEALTHCARE INFO SECURITYDirect article link at end of text block below.
How #AI Can Speed Up Discovery of Safer #PainRelief Options: Nii Osae of #MindbeamAI Describes Project to Identify Promising New Treatments https://t.co/9wulCCspBV
Here are any URLs found in the article text:
Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"
-------------------------------------------------
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.
-------------------------------------------------
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
-
DATE: July 14, 2026 at 05:40PM
SOURCE: HEALTHCARE INFO SECURITYDirect article link at end of text block below.
How #AI Can Speed Up Discovery of Safer #PainRelief Options: Nii Osae of #MindbeamAI Describes Project to Identify Promising New Treatments https://t.co/9wulCCspBV
Here are any URLs found in the article text:
Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"
-------------------------------------------------
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.
-------------------------------------------------
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
-
DATE: July 14, 2026 at 05:40PM
SOURCE: HEALTHCARE INFO SECURITYDirect article link at end of text block below.
How #AI Can Speed Up Discovery of Safer #PainRelief Options: Nii Osae of #MindbeamAI Describes Project to Identify Promising New Treatments https://t.co/9wulCCspBV
Here are any URLs found in the article text:
Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"
-------------------------------------------------
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.
-------------------------------------------------
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
-
The Scam Will Go On: Beware of Fake Offers for Celine Dion Concert Tickets
A sophisticated multi-layered scam operation targets fans seeking tickets for Celine Dion's French tour through two primary vectors. Fraudsters embed themselves in Facebook Groups and Marketplace, using social engineering to create artificial urgency and selling tickets before official presale dates. They exploit Ticketmaster's legitimate transfer feature to resell identical digital tickets to multiple victims, accepting direct bank transfers from compromised accounts. Simultaneously, threat actors deploy fraudulent websites impersonating official distributors like AXS and Ticketmaster, exploiting Shopify's payment infrastructure to appear legitimate. These sites share common technical indicators suggesting use of a recycled phishing kit previously deployed for other major concert events, including Oasis and Taylor Swift tours. The scheme combines emotional manipulation with technical deception to defraud victims desperate for concert access.
Pulse ID: 6a566597fbaff52dd5288ce4
Pulse Link: https://otx.alienvault.com/pulse/6a566597fbaff52dd5288ce4
Pulse Author: AlienVault
Created: 2026-07-14 16:36:39Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Bank #CyberSecurity #Facebook #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #SocialEngineering #bot #AlienVault
-
The Scam Will Go On: Beware of Fake Offers for Celine Dion Concert Tickets
A sophisticated multi-layered scam operation targets fans seeking tickets for Celine Dion's French tour through two primary vectors. Fraudsters embed themselves in Facebook Groups and Marketplace, using social engineering to create artificial urgency and selling tickets before official presale dates. They exploit Ticketmaster's legitimate transfer feature to resell identical digital tickets to multiple victims, accepting direct bank transfers from compromised accounts. Simultaneously, threat actors deploy fraudulent websites impersonating official distributors like AXS and Ticketmaster, exploiting Shopify's payment infrastructure to appear legitimate. These sites share common technical indicators suggesting use of a recycled phishing kit previously deployed for other major concert events, including Oasis and Taylor Swift tours. The scheme combines emotional manipulation with technical deception to defraud victims desperate for concert access.
Pulse ID: 6a566597fbaff52dd5288ce4
Pulse Link: https://otx.alienvault.com/pulse/6a566597fbaff52dd5288ce4
Pulse Author: AlienVault
Created: 2026-07-14 16:36:39Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Bank #CyberSecurity #Facebook #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #SocialEngineering #bot #AlienVault
-
The Scam Will Go On: Beware of Fake Offers for Celine Dion Concert Tickets
A sophisticated multi-layered scam operation targets fans seeking tickets for Celine Dion's French tour through two primary vectors. Fraudsters embed themselves in Facebook Groups and Marketplace, using social engineering to create artificial urgency and selling tickets before official presale dates. They exploit Ticketmaster's legitimate transfer feature to resell identical digital tickets to multiple victims, accepting direct bank transfers from compromised accounts. Simultaneously, threat actors deploy fraudulent websites impersonating official distributors like AXS and Ticketmaster, exploiting Shopify's payment infrastructure to appear legitimate. These sites share common technical indicators suggesting use of a recycled phishing kit previously deployed for other major concert events, including Oasis and Taylor Swift tours. The scheme combines emotional manipulation with technical deception to defraud victims desperate for concert access.
Pulse ID: 6a566597fbaff52dd5288ce4
Pulse Link: https://otx.alienvault.com/pulse/6a566597fbaff52dd5288ce4
Pulse Author: AlienVault
Created: 2026-07-14 16:36:39Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Bank #CyberSecurity #Facebook #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #SocialEngineering #bot #AlienVault
-
The Scam Will Go On: Beware of Fake Offers for Celine Dion Concert Tickets
A sophisticated multi-layered scam operation targets fans seeking tickets for Celine Dion's French tour through two primary vectors. Fraudsters embed themselves in Facebook Groups and Marketplace, using social engineering to create artificial urgency and selling tickets before official presale dates. They exploit Ticketmaster's legitimate transfer feature to resell identical digital tickets to multiple victims, accepting direct bank transfers from compromised accounts. Simultaneously, threat actors deploy fraudulent websites impersonating official distributors like AXS and Ticketmaster, exploiting Shopify's payment infrastructure to appear legitimate. These sites share common technical indicators suggesting use of a recycled phishing kit previously deployed for other major concert events, including Oasis and Taylor Swift tours. The scheme combines emotional manipulation with technical deception to defraud victims desperate for concert access.
Pulse ID: 6a566597fbaff52dd5288ce4
Pulse Link: https://otx.alienvault.com/pulse/6a566597fbaff52dd5288ce4
Pulse Author: AlienVault
Created: 2026-07-14 16:36:39Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Bank #CyberSecurity #Facebook #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #SocialEngineering #bot #AlienVault
-
The Scam Will Go On: Beware of Fake Offers for Celine Dion Concert Tickets
A sophisticated multi-layered scam operation targets fans seeking tickets for Celine Dion's French tour through two primary vectors. Fraudsters embed themselves in Facebook Groups and Marketplace, using social engineering to create artificial urgency and selling tickets before official presale dates. They exploit Ticketmaster's legitimate transfer feature to resell identical digital tickets to multiple victims, accepting direct bank transfers from compromised accounts. Simultaneously, threat actors deploy fraudulent websites impersonating official distributors like AXS and Ticketmaster, exploiting Shopify's payment infrastructure to appear legitimate. These sites share common technical indicators suggesting use of a recycled phishing kit previously deployed for other major concert events, including Oasis and Taylor Swift tours. The scheme combines emotional manipulation with technical deception to defraud victims desperate for concert access.
Pulse ID: 6a566597fbaff52dd5288ce4
Pulse Link: https://otx.alienvault.com/pulse/6a566597fbaff52dd5288ce4
Pulse Author: AlienVault
Created: 2026-07-14 16:36:39Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Bank #CyberSecurity #Facebook #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #SocialEngineering #bot #AlienVault
-
Tomorrowland 2026, Belgium: People of Tomorrow, Targets of Today
Tomorrowland Belgium 2026, spanning two weekends in July at De Schorre in Boom, sold out rapidly, creating opportunities for cybercriminals. Investigation uncovered approximately a dozen fraudulent websites impersonating the festival brand to target ticket seekers and travellers. These scams include fake ticket shops mimicking official sales with countdown timers and fraudulent biometric checks, travel sites offering bogus accommodation and transport packages, and affiliate schemes. The operations harvest complete identity data, payment credentials, and personal information through sophisticated social engineering. Victims lose money with no recourse, face identity theft risks, and ultimately receive invalid or non-existent tickets. The scammers exploit high demand, tight supply, and rushed purchasing decisions, with sites registered weeks in advance and pushed hardest when official tickets are sold out.
Pulse ID: 6a55e306b92e2ed9438ab45f
Pulse Link: https://otx.alienvault.com/pulse/6a55e306b92e2ed9438ab45f
Pulse Author: AlienVault
Created: 2026-07-14 07:19:34Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Biometric #CyberSecurity #InfoSec #Mimic #OTX #OpenThreatExchange #RAT #SocialEngineering #bot #AlienVault
-
Tomorrowland 2026, Belgium: People of Tomorrow, Targets of Today
Tomorrowland Belgium 2026, spanning two weekends in July at De Schorre in Boom, sold out rapidly, creating opportunities for cybercriminals. Investigation uncovered approximately a dozen fraudulent websites impersonating the festival brand to target ticket seekers and travellers. These scams include fake ticket shops mimicking official sales with countdown timers and fraudulent biometric checks, travel sites offering bogus accommodation and transport packages, and affiliate schemes. The operations harvest complete identity data, payment credentials, and personal information through sophisticated social engineering. Victims lose money with no recourse, face identity theft risks, and ultimately receive invalid or non-existent tickets. The scammers exploit high demand, tight supply, and rushed purchasing decisions, with sites registered weeks in advance and pushed hardest when official tickets are sold out.
Pulse ID: 6a55e306b92e2ed9438ab45f
Pulse Link: https://otx.alienvault.com/pulse/6a55e306b92e2ed9438ab45f
Pulse Author: AlienVault
Created: 2026-07-14 07:19:34Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Biometric #CyberSecurity #InfoSec #Mimic #OTX #OpenThreatExchange #RAT #SocialEngineering #bot #AlienVault
-
Tomorrowland 2026, Belgium: People of Tomorrow, Targets of Today
Tomorrowland Belgium 2026, spanning two weekends in July at De Schorre in Boom, sold out rapidly, creating opportunities for cybercriminals. Investigation uncovered approximately a dozen fraudulent websites impersonating the festival brand to target ticket seekers and travellers. These scams include fake ticket shops mimicking official sales with countdown timers and fraudulent biometric checks, travel sites offering bogus accommodation and transport packages, and affiliate schemes. The operations harvest complete identity data, payment credentials, and personal information through sophisticated social engineering. Victims lose money with no recourse, face identity theft risks, and ultimately receive invalid or non-existent tickets. The scammers exploit high demand, tight supply, and rushed purchasing decisions, with sites registered weeks in advance and pushed hardest when official tickets are sold out.
Pulse ID: 6a55e306b92e2ed9438ab45f
Pulse Link: https://otx.alienvault.com/pulse/6a55e306b92e2ed9438ab45f
Pulse Author: AlienVault
Created: 2026-07-14 07:19:34Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Biometric #CyberSecurity #InfoSec #Mimic #OTX #OpenThreatExchange #RAT #SocialEngineering #bot #AlienVault
-
Tomorrowland 2026, Belgium: People of Tomorrow, Targets of Today
Tomorrowland Belgium 2026, spanning two weekends in July at De Schorre in Boom, sold out rapidly, creating opportunities for cybercriminals. Investigation uncovered approximately a dozen fraudulent websites impersonating the festival brand to target ticket seekers and travellers. These scams include fake ticket shops mimicking official sales with countdown timers and fraudulent biometric checks, travel sites offering bogus accommodation and transport packages, and affiliate schemes. The operations harvest complete identity data, payment credentials, and personal information through sophisticated social engineering. Victims lose money with no recourse, face identity theft risks, and ultimately receive invalid or non-existent tickets. The scammers exploit high demand, tight supply, and rushed purchasing decisions, with sites registered weeks in advance and pushed hardest when official tickets are sold out.
Pulse ID: 6a55e306b92e2ed9438ab45f
Pulse Link: https://otx.alienvault.com/pulse/6a55e306b92e2ed9438ab45f
Pulse Author: AlienVault
Created: 2026-07-14 07:19:34Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Biometric #CyberSecurity #InfoSec #Mimic #OTX #OpenThreatExchange #RAT #SocialEngineering #bot #AlienVault
-
Tomorrowland 2026, Belgium: People of Tomorrow, Targets of Today
Tomorrowland Belgium 2026, spanning two weekends in July at De Schorre in Boom, sold out rapidly, creating opportunities for cybercriminals. Investigation uncovered approximately a dozen fraudulent websites impersonating the festival brand to target ticket seekers and travellers. These scams include fake ticket shops mimicking official sales with countdown timers and fraudulent biometric checks, travel sites offering bogus accommodation and transport packages, and affiliate schemes. The operations harvest complete identity data, payment credentials, and personal information through sophisticated social engineering. Victims lose money with no recourse, face identity theft risks, and ultimately receive invalid or non-existent tickets. The scammers exploit high demand, tight supply, and rushed purchasing decisions, with sites registered weeks in advance and pushed hardest when official tickets are sold out.
Pulse ID: 6a55e306b92e2ed9438ab45f
Pulse Link: https://otx.alienvault.com/pulse/6a55e306b92e2ed9438ab45f
Pulse Author: AlienVault
Created: 2026-07-14 07:19:34Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Biometric #CyberSecurity #InfoSec #Mimic #OTX #OpenThreatExchange #RAT #SocialEngineering #bot #AlienVault
-
DATE: July 13, 2026 at 05:46PM
SOURCE: HEALTHCARE INFO SECURITYDirect article link at end of text block below.
#Bipartisan House Bill Pushes #AI for #PediatricCancer Care: Would Create AI Coordinator, Expand Data Interoperability shttps://www.healthcareinfosecurity.com/bipartisan-house-bill-pushes-ai-for-pediatric-cancer-care-a-32216 #Cancerresearch @RepMcCaul @RepBera @MikeKellyPA
Here are any URLs found in the article text:
Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"
-------------------------------------------------
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.
-------------------------------------------------
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
-
DATE: July 13, 2026 at 05:46PM
SOURCE: HEALTHCARE INFO SECURITYDirect article link at end of text block below.
#Bipartisan House Bill Pushes #AI for #PediatricCancer Care: Would Create AI Coordinator, Expand Data Interoperability shttps://www.healthcareinfosecurity.com/bipartisan-house-bill-pushes-ai-for-pediatric-cancer-care-a-32216 #Cancerresearch @RepMcCaul @RepBera @MikeKellyPA
Here are any URLs found in the article text:
Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"
-------------------------------------------------
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.
-------------------------------------------------
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
-
DATE: July 13, 2026 at 05:46PM
SOURCE: HEALTHCARE INFO SECURITYDirect article link at end of text block below.
#Bipartisan House Bill Pushes #AI for #PediatricCancer Care: Would Create AI Coordinator, Expand Data Interoperability shttps://www.healthcareinfosecurity.com/bipartisan-house-bill-pushes-ai-for-pediatric-cancer-care-a-32216 #Cancerresearch @RepMcCaul @RepBera @MikeKellyPA
Here are any URLs found in the article text:
Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"
-------------------------------------------------
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.
-------------------------------------------------
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
-
DATE: July 13, 2026 at 05:46PM
SOURCE: HEALTHCARE INFO SECURITYDirect article link at end of text block below.
#Bipartisan House Bill Pushes #AI for #PediatricCancer Care: Would Create AI Coordinator, Expand Data Interoperability shttps://www.healthcareinfosecurity.com/bipartisan-house-bill-pushes-ai-for-pediatric-cancer-care-a-32216 #Cancerresearch @RepMcCaul @RepBera @MikeKellyPA
Here are any URLs found in the article text:
Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"
-------------------------------------------------
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.
-------------------------------------------------
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
-
Sign here… and install an unwanted RMM
A sophisticated phishing campaign impersonates DocuSign's branding to compromise victims through malicious JavaScript embedded in fraudulent webpages. The attack leverages social engineering to trick users into downloading MSI installers disguised as legitimate DocuSign updates or documents. These payloads establish remote access through legitimate Remote Monitoring and Management tools from Atera Network Ltd and ConnectWise/ScreenConnect. Investigation revealed extensive attacker infrastructure spanning hundreds of domains, with tracking mechanisms via Telegram bots collecting detailed victim telemetry including IP addresses, geolocation, ISP information, and user-agent strings. The campaign targets both Windows and macOS systems, utilizing deployment kits across multiple infrastructures with similar URL patterns and JavaScript mechanisms.
Pulse ID: 6a512b20f12a5adf6bf2c1b3
Pulse Link: https://otx.alienvault.com/pulse/6a512b20f12a5adf6bf2c1b3
Pulse Author: AlienVault
Created: 2026-07-10 17:25:52Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#ConnectWise #CyberSecurity #InfoSec #Java #JavaScript #Mac #MacOS #OTX #OpenThreatExchange #Phishing #SMS #ScreenConnect #SocialEngineering #Telegram #Windows #bot #AlienVault
-
Sign here… and install an unwanted RMM
A sophisticated phishing campaign impersonates DocuSign's branding to compromise victims through malicious JavaScript embedded in fraudulent webpages. The attack leverages social engineering to trick users into downloading MSI installers disguised as legitimate DocuSign updates or documents. These payloads establish remote access through legitimate Remote Monitoring and Management tools from Atera Network Ltd and ConnectWise/ScreenConnect. Investigation revealed extensive attacker infrastructure spanning hundreds of domains, with tracking mechanisms via Telegram bots collecting detailed victim telemetry including IP addresses, geolocation, ISP information, and user-agent strings. The campaign targets both Windows and macOS systems, utilizing deployment kits across multiple infrastructures with similar URL patterns and JavaScript mechanisms.
Pulse ID: 6a512b20f12a5adf6bf2c1b3
Pulse Link: https://otx.alienvault.com/pulse/6a512b20f12a5adf6bf2c1b3
Pulse Author: AlienVault
Created: 2026-07-10 17:25:52Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#ConnectWise #CyberSecurity #InfoSec #Java #JavaScript #Mac #MacOS #OTX #OpenThreatExchange #Phishing #SMS #ScreenConnect #SocialEngineering #Telegram #Windows #bot #AlienVault
-
Operation Capsule Vault: RokRAT Attack Chain Analysis Using EMBED_PAYLOAD_v2
A sophisticated spear-phishing campaign targeted individuals in research, policy, and academic fields through emails disguised as materials from an actual academic conference. The attack leveraged a cloud storage link delivering a malicious ISO file containing a PIF executable disguised as a PDF document. The multi-stage loader used EMBED_PAYLOAD_v2 structure to embed both legitimate documents and malicious payloads, which were sequentially extracted and executed in memory. Shellcode injection into explorer.exe ultimately deployed a RokRAT variant communicating with cloud-based C2 infrastructure via pCloud, Dropbox, and Yandex Cloud. The campaign demonstrated advanced social engineering by exploiting information from a real event, combined with sophisticated evasion techniques including process injection and cloud-based command-and-control operations. Attribution analysis linked the activity to APT37 based on infrastructure overlap, code similarities, and operational patterns.
Pulse ID: 6a5414fab18f9d7456d7eda8
Pulse Link: https://otx.alienvault.com/pulse/6a5414fab18f9d7456d7eda8
Pulse Author: AlienVault
Created: 2026-07-12 22:28:10Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#APT37 #Cloud #CodeInjection #CyberSecurity #Dropbox #Email #InfoSec #OTX #OpenThreatExchange #PDF #Phishing #RAT #ShellCode #SocialEngineering #SpearPhishing #bot #pCloud #AlienVault
-
Operation Capsule Vault: RokRAT Attack Chain Analysis Using EMBED_PAYLOAD_v2
A sophisticated spear-phishing campaign targeted individuals in research, policy, and academic fields through emails disguised as materials from an actual academic conference. The attack leveraged a cloud storage link delivering a malicious ISO file containing a PIF executable disguised as a PDF document. The multi-stage loader used EMBED_PAYLOAD_v2 structure to embed both legitimate documents and malicious payloads, which were sequentially extracted and executed in memory. Shellcode injection into explorer.exe ultimately deployed a RokRAT variant communicating with cloud-based C2 infrastructure via pCloud, Dropbox, and Yandex Cloud. The campaign demonstrated advanced social engineering by exploiting information from a real event, combined with sophisticated evasion techniques including process injection and cloud-based command-and-control operations. Attribution analysis linked the activity to APT37 based on infrastructure overlap, code similarities, and operational patterns.
Pulse ID: 6a5414fab18f9d7456d7eda8
Pulse Link: https://otx.alienvault.com/pulse/6a5414fab18f9d7456d7eda8
Pulse Author: AlienVault
Created: 2026-07-12 22:28:10Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#APT37 #Cloud #CodeInjection #CyberSecurity #Dropbox #Email #InfoSec #OTX #OpenThreatExchange #PDF #Phishing #RAT #ShellCode #SocialEngineering #SpearPhishing #bot #pCloud #AlienVault
-
Experiment of the week.
We've submitted Episode 16, "GDPR Enters the Chat", to The Pod Radar to see how our podcast performs on a community-driven discovery platform.
If you've listened to the episode and feel it deserves a recommendation, we'd appreciate your vote. It's a small gesture that can help other IT professionals discover the show.
Link: https://thepodradar.com/episode/8d5b7bd2-13d4-4ee1-a7c5-059debf2643d
#Podcast #Technology #CyberSecurity #InformationSecurity #SocialEngineering #GDPR
-
Experiment of the week.
We've submitted Episode 16, "GDPR Enters the Chat", to The Pod Radar to see how our podcast performs on a community-driven discovery platform.
If you've listened to the episode and feel it deserves a recommendation, we'd appreciate your vote. It's a small gesture that can help other IT professionals discover the show.
Link: https://thepodradar.com/episode/8d5b7bd2-13d4-4ee1-a7c5-059debf2643d
#Podcast #Technology #CyberSecurity #InformationSecurity #SocialEngineering #GDPR
-
71% der Schweizer Firmen berichten Cybervorfälle - inside-it[.]ch https://www.inside-it.ch/71percent-der-schweizer-firmen-berichten-cybervorfaelle-20260708 #Malware #Ransomware #phishing #SocialEngineering