-
A long-running Telegram influence and fraud campaign where a solo threat actor leveraged stolen Google Gemini API keys and jailbroken AI to automate content generation, credential theft, and infrastructure operations at scale. Tracked as “bandcampro,” …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybercriminal groups are increasingly using Telegram channels and encrypted platforms to sell verified bank and fintech mule accounts, signaling a major shift in how illicit funds are laundered at scale. According to recent threat intelligence findings…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are using Fake interview apps to spread JobStealer malware on macOS and Windows to steal crypto wallets, browser data, and passwords.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A large-scale fraud and malware operation called FEMITBOT that abuses Telegram Mini Apps to steal cryptocurrency and infect Android devices. The campaign shows how trusted in-app web experiences can be turned into powerful tools for social engineering …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A massive fraud network called FEMITBOT uses Telegram Mini Apps and fake brand names like Apple, Disney, and…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers at Guardio Labs have uncovered a massive phishing operation dubbed AccountDumpling that has compromised more than 30,000 Facebook accounts worldwide. Unlike conventional phishing campaigns that rely on spoofed domains or compr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are experimenting with a new Telegram‑focused session stealer that hides in a Pastebin‑hosted PowerShell script posing as a Windows telemetry update, giving defenders a rare view into how such tools are built and tested. The script does not att…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are using Telegram bots and AI tooling to run a structured, at-scale exploitation campaign abusing the critical React2Shell vulnerability (CVE-2025-55182), with evidence of 900+ confirmed compromises. Investigators found an exposed server tied …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
APT37 is running a new targeted intrusion campaign that abuses Facebook, Telegram, and a tampered Wondershare PDFelement installer to gain stealthy access and exfiltrate sensitive data, likely from defense‑related targets. The operation shows a continu…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
New analysis of a fake Telegram installer uploaded to MalwareBazaar shows Silver Fox expanding its ValleyRAT operations with a fresh delivery chain that hides behind a Chinese-language pack-decoy and an uncommon ZPAQ-based packer. The MSI is a WiX-buil…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
