Hackers Exploit FortiClient Flaw to Deliver Infostealer Malware

Hackers are exploiting a vulnerability in FortiClient Enterprise Management Server to deliver infostealer malware, cleverly disguising the payload as a legitimate Fortinet endpoint update. This sneaky tactic uses FortiClient-managed VPN scripting workflows to execute the malicious code, putting security teams on high alert.

https://osintsights.com/hackers-exploit-forticlient-flaw-to-deliver-infostealer-malware?utm_source=mastodon&utm_medium=social

#Forticlient #Cve202635616 #InfostealerMalware #Exploit #ArbitraryCodeExecution

Hugging Face Repository Exploits Typosquatting to Spread Infostealer Malware

Security researchers have uncovered a cunning malware attack on Hugging Face, where a fake repository mimicked a popular AI project, racking up over 244,000 downloads and 667 likes in just 18 hours. The malicious repository used a classic typosquatting trick to deceive users searching for the genuine project.

https://osintsights.com/hugging-face-repository-exploits-typosquatting-to-spread-infostealer-malware?utm_source=mastodon&utm_medium=social

#Typosquatting #InfostealerMalware #AiSecurity #HuggingFace #MalwareOperations

Malicious Hugging Face repository targets Windows users with infostealer malware

Malicious actors on Hugging Face tricked Windows users into downloading infostealer malware by creating a fake repository that mimicked OpenAI's popular Privacy Filter release. The rogue repository briefly shot to the top of Hugging Face's trending list, racking up 244,000 downloads before being swiftly removed.

https://osintsights.com/malicious-hugging-face-repository-targets-windows-users-with-infostealer-malware?utm_source=mastodon&utm_medium=social

#InfostealerMalware #HuggingFace #Typosquatting #AiModelAbuse #WindowsMalware

Ukraine Arrests Hackers Behind 610,000 Roblox Account Breach

Ukrainian authorities have cracked down on a group of hackers responsible for breaching over 610,000 Roblox accounts in a months-long phishing scam that harvested credentials and tokens. The stolen access was used to snag in-game items and Robux, Roblox's virtual currency.

https://osintsights.com/ukraine-arrests-hackers-behind-610000-roblox-account-breach?utm_source=mastodon&utm_medium=social

#Roblox #Ukraine #Phishing #InfostealerMalware #AccountBreach

Credential Theft is on the Rise! Our CPO Dan Featherman shares the inside scoop on infostealer malware, password spraying, brute force, and credential stuffing attacks, as well as how they are used to break into accounts and sensitive systems. https://www.lmgsecurity.com/the-insiders-guide-to-password-spraying-brute-force-credential-stuffing-attacks/

#CyberSecurity #BruteForce #CredentialStuffing #IT #infostealermalware