VoidProxy: AitM Phishing-as-a-Service Quietly Bypasses MFA at Scale
VoidProxy: AitM Phishing-as-a-Service Quietly Bypasses MFA at Scale
PoisonSeed: supply-chain phish, seed-phrase theft, MFA bypass
If your bulk email or CRM gets popped, PoisonSeed rides your good reputation straight past filters and users’ instincts. Here’s the fast path to detect and blunt it—without boiling the ocean.
SaaS Data Theft: How UNC3944, UNC6040, and UNC6395 Quietly Redefined Cloud Risk
UNC3944, UNC6040, and UNC6395 are executing targeted campaigns against SaaS, cloud, and virtualization environments, leveraging vishing, OAuth abuse, and supply-chain compromise. Their TTPs require precise, telemetry-driven controls and detection.
Shamos macOS Infostealer: Malvertising Lures, BYOD Gaps, and Sector Expansion
Shamos, a new Atomic macOS Stealer (AMOS) variant attributed to COOKIE SPIDER, is targeting U.S. tech and education sectors via malvertising and fake support sites.
Ransomware gangs just got a speed boost – and it’s bad news for your SOC.
HeartCrypt’s “Packer-as-a-Service” is basically DoorDash for malware: pay the fee, get your payloads wrapped in next-gen obfuscation that laughs at static/dynamic analysis…
Dark Partners: Multi-Platform Crypto Theft via Fake AI, VPN, and Software Sites
Think your AI download is legit? Dark Partners turned 250+ spoofed sites into a crypto vacuum—dropping Poseidon (macOS) & PayDay (Windows) right past your AV with stolen certs
The Cutting Edge of eCrime Research is...
If you haven’t checked out THE eCrime conference, you’re…