Wide-scale, opportunistic SMS pumping attacks target customer sign-up pages

A widespread SMS pumping campaign has been identified, targeting customer sign-up pages. The attackers, designated as O-UNC-036, use disposable email infrastructure and proxy services to launch high-volume, automated attacks against public API endpoints. Their objective is to create numerous accounts and trigger SMS messages to actor-controlled phone numbers, generating significant financial costs for target organizations. The attack pattern involves reconnaissance, infrastructure setup, and high-volume requests using known high-cost phone country codes. The campaign has been active since at least March 2024, affecting multiple tenants and organizations. Recommended protective measures include implementing FIDO Authentication, blocking suspicious domains and ASNs, and enhancing monitoring and response capabilities.

Pulse ID: 69b4567b03ea40d6ffd8a0f7
Pulse Link: https://otx.alienvault.com/pulse/69b4567b03ea40d6ffd8a0f7
Pulse Author: AlienVault
Created: 2026-03-13 18:24:59

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Email #Endpoint #InfoSec #OTX #OpenThreatExchange #Proxy #RAT #SMS #Troll #bot #AlienVault

CastleRAT attack first to abuse Deno JavaScript runtime to evade enterprise security

A sophisticated infection chain has been discovered that installs CastleRAT malware without leaving traces on disk. The attack uniquely abuses the Deno runtime as a malicious framework, combining social engineering, steganography, and in-memory execution to evade detection. The process involves tricking users into executing a command, installing Deno, running obfuscated JavaScript, and decoding a payload hidden in a JPEG image. CastleRAT then gains total control, performing host fingerprinting, keylogging, clipboard hijacking, digital identity theft, and audio/video surveillance. This campaign demonstrates the evolution of malware towards invisibility and the need for advanced endpoint behavioral monitoring to detect such threats.

Pulse ID: 69b14da6cb1bf921c7ac6d22
Pulse Link: https://otx.alienvault.com/pulse/69b14da6cb1bf921c7ac6d22
Pulse Author: AlienVault
Created: 2026-03-11 11:10:30

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Clipboard #CyberSecurity #Endpoint #InfoSec #Java #JavaScript #Malware #OTX #OpenThreatExchange #RAT #SocialEngineering #Steganography #bot #AlienVault

My guide for endpoint security startups is out now.

The path between competing against entrenched platforms and becoming a feature they bundle is narrow. The guide walks through the questions that founders, buyers, and investors should answer to tell the difference.

I got to know this space when leading product at Minerva Labs (now part of Rapid7), but much has changed since then.

https://zeltser.com/endpoint-security-startup-questions

#cybersecurity #infosec #startups #productmanagement #endpoint

Cloudflare oznámil, že služba Browser Rendering nyní obsahuje nový endpoint /crawl, který umožňuje procházet (crawlovat) celý web jediným API voláním. Tento nástroj je nyní dostupný v otevřené beta verzi pro uživatele s bezplatnými i placenými plány.

Co umí /crawl:• Stačí poslat URL startovní stránky a Cloudflare automaticky objeví a zpracuje všechny stránky […]

Cloudflare Crawl Endpoint

https://developers.cloudflare.com/changelog/post/2026-03-10-br-crawl-endpoint/

#HackerNews #Cloudflare #Crawl #Endpoint #Cloudflare #Developers #Web #Development #Tech #News

CVE Alert: CVE-2026-1603 - Ivanti - Endpoint Manager - https://www.redpacketsecurity.com/cve-alert-cve-2026-1603-ivanti-endpoint-manager/

#OSINT #ThreatIntel #CyberSecurity #cve-2026-1603 #ivanti #endpoint-manager

China-Nexus Hackers attacks Telecommunication Providers with New Malware

A China linked threat actor tracked as UAT – 9244 has been actively targeting telecommunication providers including Windows and Linux based endpoints and edge devices. Three new malware implants were identified in this campaign named as TernDoor, PeerTime and BruteEntry.

Pulse ID: 69ac69331b0d758dcad5860b
Pulse Link: https://otx.alienvault.com/pulse/69ac69331b0d758dcad5860b
Pulse Author: cryptocti
Created: 2026-03-07 18:06:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#China #CyberSecurity #Edge #Endpoint #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Telecom #Telecommunication #Windows #bot #cryptocti

OAuth redirection abuse enables phishing and malware delivery

Microsoft has discovered phishing campaigns exploiting OAuth's redirection mechanisms to bypass conventional defenses. Attackers create malicious applications with redirect URIs pointing to malicious domains, then distribute phishing links prompting targets to authenticate. The attack abuses OAuth's error handling to redirect users from trusted providers to attacker-controlled sites for phishing or malware delivery. Campaigns targeted government and public sectors using e-signature, financial, and political lures. Some attacks led to malware downloads and endpoint compromise via PowerShell and DLL side-loading. Mitigation involves governing OAuth apps, limiting user consent, reviewing permissions, and implementing cross-domain detection across email, identity, and endpoint.

Pulse ID: 69a607fdcc012dd2b4b2852d
Pulse Link: https://otx.alienvault.com/pulse/69a607fdcc012dd2b4b2852d
Pulse Author: AlienVault
Created: 2026-03-02 21:58:21

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Email #Endpoint #Government #InfoSec #Malware #Microsoft #OTX #OpenThreatExchange #Phishing #PowerShell #Rust #SMS #Troll #bot #AlienVault

Windows File Explorer and WebDAV abused by Hackers for Stealthy Malware Delivery

Attackers are actively abusing a legacy feature within Windows File Explorer to distribute malware, bypassing traditional web browser security and endpoint detection controls.

Pulse ID: 69a2f919d9fa0270a970f7bf
Pulse Link: https://otx.alienvault.com/pulse/69a2f919d9fa0270a970f7bf
Pulse Author: cryptocti
Created: 2026-02-28 14:18:01

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #CyberSecurity #Endpoint #InfoSec #Malware #OTX #OpenThreatExchange #Windows #bot #cryptocti

Moonrise RAT: A New Low-Detection Threat with High-Cost Consequences

A new Go-based remote access trojan named Moonrise has been discovered, operating without early static detection and establishing active C2 communication before vendor alerts. The RAT supports credential theft, remote command execution, persistence, and user monitoring, enabling full remote control of infected endpoints. Its capabilities include stealing passwords, executing remote commands, uploading files, capturing screens, and accessing webcams and microphones. The malware's silent operation increases business exposure, extending dwell time and raising risks of data loss and operational disruption. The attack chain involves session registration, host environment visibility, direct system interaction, credential access, active user monitoring, and privilege manipulation. Early detection strategies involve monitoring for weak signals, rapid triage with behavior confirmation, and threat hunting to prevent repeat incidents.

Pulse ID: 699dd912a5b53c853ec6c4c4
Pulse Link: https://otx.alienvault.com/pulse/699dd912a5b53c853ec6c4c4
Pulse Author: AlienVault
Created: 2026-02-24 17:00:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Endpoint #InfoSec #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RemoteAccessTrojan #RemoteCommandExecution #Trojan #Word #bot #AlienVault