Mastodawn

New write-up: Weak SecOps exposed a ClickFix admin dashboard.

This investigation highlights exposed backups, hardcoded API keys, weak upload validation, and how stolen WordPress credentials were used to spread malware in a worm-like ClickFix campaign that is still active.

Read here:
https://potato.id/en/posts/weak-secops-exposed-clickfix-dashboard/

#CyberSecurity #Infosec #DFIR #ThreatIntelligence #ThreatHunting #IncidentResponse #MalwareAnalysis #WebSecurity #WordPressSecurity #OSINT #C2 #MalwareCampaign #SecOps #tech

How I Get Access ClickFix Dashboard Due to Bad SecOps

Discover how weak SecOps practices exposed a ClickFix admin dashboard. This cybersecurity case study covers reconnaissance techniques, security misconfigurations and key lessons learned.

Jonias Fortuna

Analyst207 Apr 28

LofyGang Revives With Minecraft-Focused LofyStealer Campaign

Meet LofyGang, a notorious threat actor that's back in the game with a sneaky new campaign called LofyStealer, targeting Minecraft fans with malware disguised as a hack called 'Slinky'. This Brazil-based group has a history of infiltrating gaming communities and digital entertainment services.

https://osintsights.com/lofygang-revives-with-minecraft-focused-lofystealer-campaign?utm_source=mastodon&utm_medium=social

#Lofygang #Minecraft #MalwareCampaign #StealerMalware #GamingCommunities

LofyGang Revives With Minecraft-Focused LofyStealer Campaign

LofyGang resurfaces with LofyStealer malware targeting Minecraft gamers, learn how to protect yourself from this cyber threat now.

OSINTSights

Rene Robichaud Jan 5

Malware Campaign Abuses Booking.com Against Hospitality Sector
https://securityboulevard.com/2026/01/malware-campaign-abuses-booking-com-against-hospitality-sector/

#Infosec #Security #Cybersecurity #CeptBiro #MalwareCampaign #Booking.com #HospitalitySector

Malware Campaign Abuses Booking.com Against Hospitality Sector

Securonix is detailing a multi-stage campaign that starts with a bogus Booking.com message that runs through a ClickFix technique and a fake Blue Screen of Death before dropping the DCRat malware that gives the attackers full remote control of the victim's system.

Security Boulevard

Manuel Bissey Dec 24

WebRat malware spreads via fake GitHub exploit repos — attackers are poisoning trust in open source to deliver payloads. Verify before you clone. 🧩⚠️ #OpenSourceSecurity #MalwareCampaign

https://www.bleepingcomputer.com/news/security/webrat-malware-spread-via-fake-vulnerability-exploits-on-github/

WebRAT malware spread via fake vulnerability exploits on GitHub

The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for recently disclosed vulnerabilities.

BleepingComputer

Manuel Bissey Dec 5

ShadyPanda is hijacking popular browser extensions to spy on users — turning everyday tools into covert surveillance channels. Trust no add-on without validation. 🧩🕵️‍♂️ #ExtensionSecurity #MalwareCampaign

https://thehackernews.com/2025/12/shadypanda-turns-popular-browser.html

ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware

ShadyPanda abused browser extensions for seven years, turning 4.3M installs into a multi-phase surveillance and hijacking campaign.

The Hacker News

Manuel Bissey Dec 2, 2025

ShadyPanda extensions racked up 43M installs — turning convenience into mass surveillance. Even “helpful” add-ons can hide hostile code. 🧩⚠️ #ExtensionSecurity #MalwareCampaign

https://www.bleepingcomputer.com/news/security/shadypanda-browser-extensions-amass-43m-installs-in-malicious-campaign/

ShadyPanda browser extensions amass 4.3M installs in malicious campaign

A long-running malware operation known as "ShadyPanda" has amassed over 4.3 million installations of seemingly legitimate Chrome and Edge browser extensions that evolved into malware.

BleepingComputer

The DefendOps Diaries Nov 8, 2025

GlassWorm malware is evolving—using invisible code tricks to sneak into GitHub, NPM, and beyond. Could your favorite dev tools be next in its global pursuit? Read more to find out.

https://thedefendopsdiaries.com/glassworm-malware-campaign-expands-new-platforms-sophisticated-obfuscation-and-global-impact/

#glassworm
#malwarecampaign
#cybersecurity
#obfuscation
#vscodeextensions

GlassWorm Malware Campaign Expands: New Platforms, Sophisticated Obfuscation, and Global Impact

Explore how the GlassWorm malware campaign is evolving with new platforms, advanced obfuscation, and global impact on developers and users.

The DefendOps Diaries

Rene Robichaud Aug 18, 2025

Noodlophile Malware Campaign Expands Global Reach with Copyright Phishing Lures
https://thehackernews.com/2025/08/noodlophile-malware-campaign-expands.html

#Infosec #Security #Cybersecurity #CeptBiro #Noodlophile #MalwareCampaign #GlobalReach #CopyrightPhishingLures

Noodlophile Malware Campaign Expands Global Reach with Copyright Phishing Lures

Noodlophile stealer targets enterprises via copyright phishing since 2024, using Gmail, Dropbox, and Telegram for evasion.

The Hacker News

The DefendOps Diaries Apr 8, 2025

Scammers are twisting SourceForge's trusted face—disguising malware as Microsoft Office add-ins. Ever wondered how they pull off this digital con? Read on to uncover the deception.

https://thedefendopsdiaries.com/unmasking-the-sourceforge-malware-campaign-a-deceptive-attack-on-users/

#sourceforge
#malwarecampaign
#cybersecurity
#microsoftoffice
#cybercrime