Monday’s recap shows attackers increasingly weaponizing trusted paths—third-party tools, update channels, and browser extensions—to gain stealthy, multi-stage access and run code largely in memory. High-profile incidents include the Vercel breach tied to Context.ai and campaigns delivering PHANTOMPULSE, STX RAT, Lumma Stealer, and widespread malicious Chrome extensions. #Vercel #PHANTOMPULSE
Keypoints
- Attackers exploit trusted third parties and legitimate update/download channels to obtain internal access.
- Campaigns use multi-stage, in-memory payloads and slower check-ins to evade detection and forensic analysis.
- Browser extensions and common tools (e.g., ScreenConnect, QEMU) are abused for data exfiltration and defense evasion.
- Supply-chain escalation and infostealer lookup services are broadening impact and lowering the barrier to initial access.
- Prioritize monitoring trusted paths, patching exposed installers, and addressing high-impact CVEs to reduce risk.
Read More: https://thehackernews.com/2026/04/weekly-recap-vercel-hack-push-fraud.html