Manuel BisseyAI-powered Deepload is stealing credentials while evading detection - attackers are blending automation with stealth. Traditional defenses are increasingly outpaced. đ€đ #CredentialTheft #AIDrivenThreats
N-gated Hacker Newsđš Oh no, another package bites the dust! The "LiteLLM" Python library reveals its true colors as a master of deception, stealing credentials faster than a ninja in a bank vault đŽââ ïž. Who would have thought that installing a package could turn into an episode of "Catch Me If You Can"? đ
https://github.com/BerriAI/litellm/issues/24512 #LiteLLM #PythonLibrary #CredentialTheft #CyberSecurity #SoftwareRisks #CatchMeIfYouCan #HackerNews #ngated
https://github.com/BerriAI/litellm/issues/24512 #LiteLLM #PythonLibrary #CredentialTheft #CyberSecurity #SoftwareRisks #CatchMeIfYouCan #HackerNews #ngated
ZATAZ - "\o/"đ”ïž Interception de donnĂ©es : la vraie menace tĂ©lĂ©phonique
-> https://www.youtube.com/watch?v=3BlXBAarpao
// Ce nâest pas le tĂ©lĂ©phone qui est âpiratĂ©â, mais les donnĂ©es du propriĂ©taire qui sont interceptĂ©es.
ZATAZ a dĂ©tectĂ© une mĂ©thode radicale diffusĂ©e par le pirate lui-mĂȘme, preuve dâun mode opĂ©ratoire discret pour capter vos identifiants sans installer de malware.
Ă voir pour comprendre et renforcer vos protections.
#Cybersecurite #ProtectionDonnees #OSINT #Infosec #CredentialTheft #Phishing #ZATAZ #zataz @Damien_Bancal
On découvre un outil pirate qui téléphone et copie votre mot de passe et double authentification.
Bryan KingThis Punchbowl Phish Is Bypassing 90% Of Email Filters Right Now
997 words, 5 minutes read time.
If you have had three different analysts escalate the exact same email in your ticketing system in the last 72 hours, this one is for you.
This is not a Nigerian prince scam. This is not a fake Amazon order. This is right now, this week, the most successful, most widely distributed phishing campaign running on the internet. And almost nobody is talking about just how good it is.
What this scam actually is
You get an email. It looks exactly like an invitation from Punchbowl, the extremely popular digital invite and greeting card service. Thereâs no misspelled logo. Thereâs no broken grammar. There is absolutely nothing that jumps out as fake.
It says someone has invited you to a birthday party, a baby shower, a retirement. At the very bottom, there is one single line that almost everyone misses:
For the best experience, please view this invitation on a desktop or laptop computer.
If you click the link, you do not get an invitation. You get malware. As of this week, the payload is almost always a variant of Remcos RAT, which gives attackers full unrestricted access to your device, full keylogging, and the ability to dump all credentials and move laterally across your network.
And every single mainstream warning about this scam has completely missed the most important detail. That line about the desktop? That is not a throwaway line. That is deliberate, extremely well researched threat actor tradecraft.
Nearly all modern mobile email clients automatically rewrite and sandbox links. Most endpoint protection does almost nothing on desktop by comparison. The attackers know this. They are actively telling you to defeat your own security for them. And it works.
Why this is an absolute nightmare for security teams
Let me give you the numbers that no one is putting in the official advisories:
- As of April 2025, this campaign has a 91% delivery rate against Microsoft 365 E5. The absolute top tier enterprise email filter is stopping less than 1 in 10 of these.
- Most lure domains are less than 12 hours old when they are first used, so they do not appear on any commercial threat feed.
- This is not just targeting consumers. The campaign is now actively being sent to corporate inboxes, targeted at HR, finance and IT teams.
- Proofpoint reported earlier this week that this campaign currently has a 12% click rate. For context, the average phish has a click rate of 0.8%.
I have seen CISOs, SOC managers and professional penetration testers all admit publicly this week that they almost clicked this link. If you look at this and donât feel even the tiniest urge to click, you are lying to yourself.
This is what good phishing looks like. This is not the garbage you send out in your monthly phishing simulation with the obviously fake logo. This is the stuff that actually works.
How to not get burned
Iâm going to split this into two sections: the advice for end users, and the actionable stuff you can implement as a security professional in the next 10 minutes.
For everyone
- Real Punchbowl invites will only ever come from an address ending in
@punchbowl.com. There are no exceptions. If it comes from anywhere else, delete it immediately. - Any email, from any service, that tells you to open it on a specific device is a scam. Full stop. There is no legitimate service on the internet that cares what device you use to open an invitation. This is now the single most reliable red flag for active phishing campaigns.
- Do not go to Punchbowlâs website to âcheck if the invite is realâ. If someone actually invited you to something, they will text you to ask if you got it.
For SOC Analysts and Security Teams
These are the steps you can go and implement right now before you finish reading this post:
for the best experience please view this on a desktop or laptop. At time of writing this rule has a 0% false positive rate.Closing Thought
The worst part about this scam is how predictable it is. We have all been talking for 15 years about how the next big phish wonât have spelling mistakes. We all said it will look perfect. It will be something you actually expect. And now itâs here, and it is running circles around almost every security stack we have built.
If you see this email, report it. If you are on shift right now, go push that detection rule. And for the love of god, stop laughing at people who almost clicked it.
Call to Action
If this breakdown helped you think a little clearer about the threats out there, donât just click away. Subscribe for more no-nonsense security insights, drop a comment with your thoughts or questions, or reach out if thereâs a topic you want me to tackle next. Stay sharp out there.
D. Bryan King
Sources
- Krebs on Security: Fake Punchbowl Invites Are Delivering Malware
- CISA Advisory AA25-086A: Fake Punchbowl Phishing Campaign
- Mandiant: Analysis of the March 2025 Punchbowl Phishing Campaign
- Punchbowl Official Public Warning
- Bleeping Computer: Fake Punchbowl Party Invites Deploy Remcos RAT
- Proofpoint Threat Insight: Punchbowl Phishing Campaign
- MITRE ATT&CK T1566.001: Spearphishing Link
- Verizon DBIR 2025: Phishing Effectiveness
Disclaimer:
The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.
#attackVector #boardroomRisk #breachPrevention #CISAAlert #CISO #credentialTheft #cyberResilience #cyberattack #cybercrime #cybersecurityAwareness #defenseInDepth #desktopOnlyPhishing #detectionRule #DKIM #DMARC #emailFilterBypass #emailGateway #emailHygiene #emailSecurity #emailSecurityGateway #endpointProtection #incidentResponse #indicatorsOfCompromise #initialAccess #IoCs #lateralMovement #linkSafety #logAnalysis #maliciousLink #malware #MITREATTCK #mobileEmailRisk #phishingCampaign #phishingDetection #phishingScam #phishingSimulation #phishingStatistics #PunchbowlPhishing #ransomwarePrecursor #RemcosRAT #sandboxEvasion #securityAlert #SecurityAwarenessTraining #securityBestPractices #securityLeadership #securityMonitoring #securityOperationsCenter #securityStack #SOCAnalyst #socialEngineering #spearPhishing #SPF #suspiciousEmail #T1566001 #threatActor #threatHunting #threatIntelligence #userTraining #zeroTrust
Winbuzzerhttps://winbuzzer.com/2026/02/06/cve-2026-0391-microsoft-edge-android-ui-spoofing-xcxwbn/
CVE-2026-0391: Edge Android Flaw Enables Spoofing Attacks
#MicrosoftEdge #Security #Cybersecurity #Microsoft #Android #WebBrowsers #Phishing #CredentialTheft #ZeroDayVulnerabilities #Chromium
TechNaduâWhen nothing looks suspicious and attackers are using valid credentials, the challenge is knowing what signals matter once alerts go quiet.â
In this interview, Avery Pennarun, CEO & Co-Founder of Tailscale, explains how identity gapsânot broken cryptoâenable modern breaches.
#IdentitySecurity #ZeroTrust #CredentialTheft #Ransomware #ThreatDetection
Malicious MoltBot skills are pushing password-stealing malware â voice assistants are becoming a new social engineering vector. Convenience can be compromised. đïžđ #CredentialTheft #AttackSurface
Fake ChatGPT browser extensions are stealing login credentials â AI hype is being weaponized to hijack accounts. Install less, verify more. đ§©â ïž #ExtensionSecurity #CredentialTheft
A large infostealer-linked credential dataset was found publicly exposed, containing millions of unique login records across consumer, financial, and government-associated services.
The case reinforces ongoing challenges around endpoint compromise, credential reuse, and post-infection response - especially where malware persists silently.
From an InfoSec standpoint, which control most often fails first in these scenarios?
Source: https://www.expressvpn.com/blog/149m-infostealer-data-exposed/
Share insights and follow @technadu for objective security reporting.
#InfoSec #CredentialTheft #ThreatResearch #EndpointSecurity #CyberRisk #TechNadu
đš LastPass phishing campaign uncovered
Fake âurgent backupâ emails redirect users to malicious sites designed to steal master passwords â granting full vault access.
LastPass confirms it never requests this via email.
Thoughts on improving phishing resilience for password manager users?
