Kuse Web App Abused to Host Phishing Document
Kuse Web App Abused to Host Phishing Document | Trend Micro (US) Content has been added to your Folio Go...
Trend Micro Research : Research
Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories
In some compromised repositories, we observed both techniques being present simultaneously (i.e., the malicious .vscode/tasks.json alongside the appended obfuscated JavaScript)....
Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do
Key takeaways: Attackers rapidly leveraged the Claude Code packaging error incident to distribute credential-stealing malware using fake GitHub repositories. This demonstrates how quickly threat actors can...
Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads
While the immediate threat is the social engineering campaign delivering Vidar, the leaked source code itself presents a distinct and...
TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM
The Telnyx compromise indicates a continued change in the techniques used in TeamPCP’s supply‑chain activity, with adjustments to tooling, delivery...
Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities
Attribution analysis Based on technical artifacts, infrastructure overlaps, and victimology, TrendAI™ Research attributes this campaign to Pawn Storm with high confidence. This...
Copyright Lures Mask a Multi‑Stage PureLog Stealer Attack on Key Industries
The infection begins when the victim manually executes a file disguised as a legal notice: Dokumentation über Verstöße gegen Rechte...
Web Shells, Tunnels, and Ransomware: Dissecting a Warlock Attack
Following initial access, the threat actors conducted extensive lateral movement using a combination of legitimate administration tools and credential abuse....
Through the Lens of MDR: Analysis of KongTuke’s ClickFix Abuse of Compromised WordPress Sites
While the execution of the bytecode was not successful in our tests, we saw that it contains strings and a...
New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages
New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages | Trend Micro (US) Content has been added to your...
Europol, Microsoft, TrendAI™ and Collaborators Halt Tycoon 2FA Operations
The operations of phishing-as-a-service (PhaaS) platform Tycoon 2FA was taken offline this week by the combined effort of law enforcement that includes Europol and other partner agencies, as well...
Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer
Key takeaways Atomic (AMOS) Stealer has evolved from being distributed via cracked software to a more sophisticated supply chain attack...
Spam Campaign Abuses Atlassian Jira, Targets Government and Corporate Entities
Key takeaways Attackers abused Atlassian Cloud’s trusted domain for a spate of spam campaigns. The campaigns tried to leverage the...
PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups
We discovered two threat campaigns that used PeckBirdy in their operations. Based on victimology and the tools, tactics, and procedures...
Watering Hole Attack Targets EmEditor Users with Information-Stealing Malware
Based on its geofencing behavior, we assess that the threat actors are likely of Russian origin, or those from the...
