ToddyCat APT Deploys Umbrij Malware to Hijack Gmail via OAuth Token Theft
A new malware strain named Umbrij, attributed to the advanced persistent threat (APT) group ToddyCat, is abusing OAuth 2.0 tokens to gain…
A new malware strain named Umbrij, attributed to the advanced persistent threat (APT) group ToddyCat, is abusing OAuth 2.0 tokens to gain…
Attackers are distributing a data-stealing trojan named ChocoPoC through fake proof-of-concept (PoC) exploit repositories on GitHub, specifically targeting vulnerability researchers. The malware,…
ChocoPoC is a remote access trojan that hides in Python dependencies of fake PoC exploit repositories on GitHub. It steals credentials, cookies,…
MUT-1244 is a campaign that used fake PoC repositories to steal SSH keys and cloud credentials from red teamers and researchers, similar…
The recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were…
A large-scale credential-harvesting operation targeting FortiGate firewalls globally, stealing over 110 million credentials and linked to INC and Lynx ransomware operations.
An information stealer deployed via exploitation of CVE-2026-35616 in Fortinet FortiClient EMS, targeting credentials from Chromium-based browsers and Firefox.
Montana Empire is a phishing kit used in phantom squatting attacks. It clones real storefronts in real time to steal credit card…
An unknown threat actor is exploiting CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp (CVSS 10.0), to deliver two new malware families:…
An information stealer targeting Windows, macOS, and Linux. Harvests credentials from cloud platforms, source control, package registries, AI assistants, browsers, SSH, and…