Phishing

Cybersecurity
90-Domain SEO Campaign Abuses ScreenConnect to Deploy AsyncRAT
Kaspersky exposed a 90-domain SEO poisoning campaign that installs AsyncRAT on Windows via a fake ScreenConnect installer, targeting users across 10 languages.
Application Security
Unit 42 Confirms 13,000 Malicious Phantom Squatting Sites
Unit 42 documented phantom squatting, with 13,229 malicious URLs active on AI-hallucinated domains and 250,000 more unregistered sites available to attackers.
Application Security
Poisoned Email Turns Claude Desktop Into a Reverse Shell
Red teamers showed that email inbox prompt injection turns Claude Desktop into a reverse shell when MCP connectors with command execution are installed.
Cybersecurity
ChocoPoC RAT Targets Security Researchers via Fake GitHub PoC Repos
ChocoPoC, a new remote access trojan, targets vulnerability researchers through trojanized proof-of-concept exploit repositories on GitHub, stealing credentials and establishing backdoors.
Application Security
BioShocking Attack Turns AI Browsers Into Credential Thieves
LayerX's BioShocking research shows AI browsers including ChatGPT Atlas, Perplexity Comet, and the Claude extension can be tricked into stealing credentials.
Cybersecurity
SBU and FBI Expose Russian FSB and GRU Signal Key Theft Campaign
Ukraine's SBU and the FBI jointly exposed campaigns by Russian FSB-linked UNC5792 and GRU-linked UNC4221 stealing Signal and WhatsApp backup recovery keys.
Cybersecurity
Gizmodo Account Hijacked to Push ClickFix Malware at Readers
A threat actor compromised a Gizmodo account to serve ClickFix malware prompts to readers, exploiting brand trust to push PowerShell-based attacks at scale.
Cybersecurity
Algerian Phishing Marketplace Operator Extradited to US
Algerian national Abdellah Belmili was extradited from Spain to face US bank fraud charges for operating phishing marketplaces Market0Day and Spoxy.
Cybersecurity
macOS ClickFix Variant Silently Mounts DMG to Deploy AMOS Stealer
Unit 42 found a macOS ClickFix variant using hdiutil to silently mount DMG files and deploy AMOS stealer, targeting crypto wallets and iCloud Keychain.
Cybersecurity
WhatsApp Phishing Deploys ManageEngine RMM Malware Across Continents
Kaspersky found a WhatsApp phishing campaign using VBScript to install ManageEngine RMM software across multiple countries, granting attackers remote access.