How to copy a string from GNOME Shell Looking Glass (lg) #2404 #gnomeshell #clipboard #lookingglass

https://askubuntu.com/q/1565857/612

Live C2 Dump Recovering Every Stage of the Kill Chain: CHM Dropper, VBScript Stager, PowerShell Keylogger

On April 11, 2026, researchers analyzed a CHM file (api_reference.chm) tagged as Kimsuky that initiated a three-stage attack chain. The C2 server at check[.]nid-log[.]com had directory listing enabled, allowing recovery of complete source code for all payload stages: a 6,338-byte VBScript performing system reconnaissance and establishing persistence via scheduled task, a 449-byte VBScript bridge to PowerShell, and a 6,234-byte PowerShell keylogger with clipboard monitoring and timed exfiltration. The infrastructure included 79+ domains across 5 C2 IPs spanning Korean VPS providers. The server responded with "Million OK !!!!" signature, matching previously documented Kimsuky infrastructure while showing upgraded Apache/PHP stack. The operation targeted Korean Naver users through credential phishing and tax authority impersonation, with infrastructure linked to previously documented Kimsuky campaigns via shared DAOU Technology subnets.

Pulse ID: 69dd07742196e34ee1615b73
Pulse Link: https://otx.alienvault.com/pulse/69dd07742196e34ee1615b73
Pulse Author: AlienVault
Created: 2026-04-13 15:10:44

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APAC #Apache #Clipboard #CyberSecurity #InfoSec #KeyLogger #Kimsuky #Korea #OTX #OpenThreatExchange #PHP #Phishing #PowerShell #RAT #RCE #UK #VBS #bot #AlienVault

REFUNDEE: Inside a Shadow Panel Phishing-as-a-Service Operation

An open directory discovery at refundonex[.]com exposed a complete Phishing-as-a-Service and RAT-as-a-Service platform targeting Spanish and Portuguese-speaking victims. The investigation uncovered 3,788 files including weaponized LNK, VBS, and AES-encrypted PowerShell payloads delivering a remote access trojan. The platform, called Shadow Panel, operates from Bulgarian infrastructure and offers capabilities including remote shell execution, screenshot capture, file management, browser credential theft, clipboard hijacking for cryptocurrency wallets, and multi-operator support. The C2 panel's frontend JavaScript was publicly accessible, revealing 29 API endpoints and the complete architecture. Infrastructure analysis linked the operation to nikola4010@proton[.]me through WHOIS data and historical malicious domain associations dating back to 2021, indicating a long-running cybercriminal operation with minimal detection coverage.

Pulse ID: 69dd066f59e22e6d1ee7315b
Pulse Link: https://otx.alienvault.com/pulse/69dd066f59e22e6d1ee7315b
Pulse Author: AlienVault
Created: 2026-04-13 15:06:23

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Bulgaria #Clipboard #CyberSecurity #Endpoint #InfoSec #Java #JavaScript #LNK #Nim #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #RemoteAccessTrojan #Trojan #VBS #bot #cryptocurrency #AlienVault

Bilder einfügen mit Copy/Paste

Built in shortcuts let you copy text straight to clipboard fast.

#clipboard #shortcuts #tips

Operation DualScript: Multi-Stage PowerShell Malware Targets Crypto

Operation DualScript is a sophisticated multi-stage malware campaign targeting cryptocurrency and financial activities. It utilizes Windows Scheduled Tasks, VBScript launchers, and PowerShell execution to maintain persistence while minimizing disk artifacts. The attack operates through two parallel chains: a web-based PowerShell loader deploying a cryptocurrency clipboard hijacker, and a secondary chain executing the RetroRAT implant in memory. RetroRAT monitors user activity, captures keystrokes, and tracks interactions with financial services to harvest sensitive information. The malware employs various anti-analysis techniques and establishes a command-and-control channel for remote access and data exfiltration. This campaign highlights the growing abuse of trusted system utilities and in-memory execution techniques to evade traditional detection mechanisms.

Pulse ID: 69cb7349f3c70800ebef7310
Pulse Link: https://otx.alienvault.com/pulse/69cb7349f3c70800ebef7310
Pulse Author: AlienVault
Created: 2026-03-31 07:10:01

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Clipboard #CyberSecurity #InfoSec #Malware #Nim #OTX #OpenThreatExchange #PowerShell #RAT #Rust #SMS #VBS #Windows #bot #cryptocurrency #AlienVault

clipboard-mcp: даём AI-ассистентам доступ к буферу обмена

AI-ассистенты в 2026 году умеют писать код, анализировать данные и управлять инфраструктурой. Но попросите Claude прочитать то, что вы только что скопировали — и он разведёт руками. Буфер обмена — одна из самых базовых вещей в десктопном workflow, и AI к нему доступа не имеет. Я написал clipboard-mcp , чтобы это исправить.

https://habr.com/ru/articles/1015844/

#rust #mcp #clipboard #ai #claude #open_source #model_context_protocol

ClipCascade is an open-source lightweight utility that automatically syncs the clipboard across devices

https://squeet.me/display/962c3e10-d36568fa-ed470aa1f42ca3cb

ClipCascade is an open-source lightweight utility that automatically syncs the clipboard across devices

This is a nice private option to sync across all your devices in real-time, and you can self-host you own sync device, rely on peer-to-peer between devices, or use their cloud sync. Traffic is end-to-end encrypted. It can support multiple users keep ...continues

See https://gadgeteer.co.za/clipcascade-is-an-open-source-lightweight-utility-that-automatically-syncs-the-clipboard-across-devices/

#clipboard #opensource #privacy #technology