Leaked internal documents show Knownsec operates as a state-aligned cyber contractor supplying a vertically integrated espionage stack—ZoomEye/TargetDB reconnaissance, o_data_* identity correlation, GhostX/Un‑Mail exploitation and mailbox takeover, and Passive Radar PCAP-based internal mapping—to Chinese public‑security, military, and regulator customers. The corpus includes organizational charts, employee emails, high‑confidence IOCs targeting Taiwanese critical infrastructure, and detailed tradecraft emphasizing persistence, anti‑forensics, and APT‑style operational workflows. #Knownsec #GhostX
Tag: SSO
Container-first infrastructure is now standard, with microservices powering production workloads and driving digital innovation, but security frameworks struggle to keep pace, contributing to an 82% container breach rate reported in the latest ActiveState report. Adopting secure, trusted open source from dedicated providers can cut CVEs by 60-99% and reclaim up to 30% of developer time, by starting secure and staying secure over time. #ActiveState #CVE
PcComponentes, a leading Spanish retailer, has denied a major data breach but confirmed a credential stuffing attack affecting some customer accounts. The incident involved leaked order details and personal data from compromised accounts, prompting enhanced security measures. #CredentialStuffing #InfostealingMalware
A widespread spam wave exploits unsecured Zendesk support systems, flooding users with alarming and bizarre emails. Companies like Dropbox, 2K, and Discord were affected, highlighting vulnerabilities in support platform security. #ZendeskRelaySpam #UnsecuredSupportSystems
This article discusses the Contagious Interview campaign linked to North Korean threat actor PurpleBravo, which has targeted over 3,000 IP addresses across multiple sectors in various regions. It highlights the use of malicious code, fake job offers, and sophisticated infrastructure to conduct cyber espionage and financial theft, emphasizing the vulnerabilities in…
Recorded Future / Insikt Group documents PurpleBravo, a North Korean-linked campaign that uses fraudulent developer/recruiter personas and malicious GitHub repositories to deliver infostealers and multi-platform RATs (BeaverTail, GolangGhost/PylangGhost, InvisibleFerret) targeting software developers—especially in the cryptocurrency sector and South Asia. The report details obfuscated JavaScript (Base64 + XOR), RC4/MD5 C2 protocols, registry Run-key persistence, Chrome credential-theft techniques (including DPAPI and app-bound bypasses), extensive C2 infrastructure (dozens of IPs and Astrill VPN nodes), and overlap with PurpleDelta activity. #PurpleBravo #BeaverTail
Even experienced cybersecurity professionals can fall victim to sophisticated phishing attacks due to human factors like distraction and emotional state. Modern phishing tactics leverage AI, automation, and an industrialized ecosystem to deceive users at scale. #PhaaS #PhishGPT
Researchers discovered a ClickFix-style macOS lure (macclouddrive.com/s2) that tricks users into pasting a Terminal one-liner which downloads a daemonized Zsh stager that executes a remote AppleScript to harvest browser credentials, Keychain data, crypto wallets, and other sensitive files. The campaign uses the MacSync infostealer with rotating jmpbowl.* C2 domains and conditionally trojanizes Electron wallet apps (Ledger Wallet.app, Trezor Suite.app) to capture PINs and recovery phrases for long-term phishing. #MacSync #jmpbowl
JA3 TLS fingerprints are still useful as durable, tool-level behavioral indicators that can reveal new malicious tooling and enable clustering of related activity when enriched with context. ANY.RUN shows how JA3 frequency analysis and TI Lookup link specific JA3 hashes to malware and exfiltration channels, e.g., Remcos and Skuld. #Remcos #Skuld…
Security vulnerabilities in the open-source AI framework Chainlit, known as ChainLeak, can lead to data leaks and lateral movement within organizations. These flaws, addressed in version 2.9.4, highlight the growing security risks associated with AI infrastructure and third-party components. #Chainlit #ChainLeak #CVEs #AIvulnerabilities #ServerSideRequestForgery…
OnlineSkills, a Russian educational platform, experienced a major data breach exposing over 1.5 million records, including personal and payment information. The breach affects users across Russia, Belarus, and Moldova, with data initially shared on Telegram and later on a hacker forum. #OnlineSkills #DataBreach #PersonalInformation…
A cybersecurity breach has compromised Britain International Academy in Kuwait, exposing sensitive internal data and source code. The attack affected the organization’s portal, mobile apps, and various development assets. #BritainInternationalAcademy #DataLeakage…
These vulnerabilities in Rockwell Automation Verve Asset Manager could allow attackers to access sensitive data stored in environment variables and during playbook execution. The issues impact various versions and are associated with insecure storage practices—highlighting the importance of securing industrial control systems. #RockwellAutomation #VerveAssetManager…
Thegentlemen has claimed to have attacked Sibca, a family-owned company in the United Arab Emirates, indicating a potential security breach. The target’s focus on technical expertise and community investment has made it a notable victim in the region. #UnitedArabEmirates
The UK is exploring the possibility of banning social media for children aged 15 and under, inspired by Australia’s recent law. This initiative aims to improve children’s online wellbeing through measures like stricter age verification and platform restrictions. #Australia #SocialMediaBan #ChildrenOnlineSafety…