-
A novel evolution of LLMjacking: a threat actor leveraging a publicly exposed Ollama model server as the reasoning engine for an automated, multi-stage offensive framework. Rather than using the model for chat or resale, the attacker integrated unauthe…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Multiple instances of typosquatting domains hosting malicious content generated with AI-powered website creation tools. One striking campaign combined an AI-created fake Brazilian bank site with a ClickFix social-engineering lure to deliver a PowerShe…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A recent engagement demonstrates how persuasive pretexts and careful reconnaissance let attackers bypass technical controls by exploiting human trust at the executive level. Rather than inventing a sophisticated exploit, testers impersonated a journali…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Malicious LNK files masquerading as job resumes are being used in targeted campaigns against corporate employees, combining social engineering with multi-stage malware delivery to achieve stealthy persistence and remote access. Attackers craft filename…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated social‑engineering campaign is leveraging AI‑generated YouTube narrators, ghost accounts across multiple platforms, and manipulated reputation signals to distribute a Rust‑based clipboard hijacker that steals cryptocurrency by replacing…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated, long-running phishing operation has evolved into a serverless, modular campaign that weaponizes GitHub Pages to harvest payment card data, credentials, and customer identifiers from banking customers in Mexico. The campaign’s architect…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated ClickFix social engineering campaign in May 2026 triggered a full hands-on-keyboard intrusion spanning 11 hosts, deploying a novel trio of malicious tools: Potemkin loader, RMMProject RAT, and EtherRAT. The attack chain began when the u…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in Google Cloud’s Vertex AI has been discovered, allowing attackers to hijack machine learning model uploads, poison artifacts, and achieve cross-tenant remote code execution (RCE) without any prior access to the victim&#…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A large-scale software supply chain attack has compromised more than 140 npm packages under the widely used Mastra namespace, exposing developers, CI/CD pipelines, and enterprise environments to a stealthy cross-platform infostealer. The campaign, unco…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Sapphire Sleet’s latest macOS campaign uses crafted .scpt AppleScript lures that pipe curl output directly to osascript, enabling a compact, multi-stage payload chain that executes entirely within Script Editor and evades many built‑in macOS protection…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
