New widespread EvilTokens kit: device code phishing as-a-service
Pulse ID: 69cb5127f27635be54143fb1
Pulse Link: https://otx.alienvault.com/pulse/69cb5127f27635be54143fb1
Pulse Author: Tr1sa111
Created: 2026-03-31 04:44:23
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #OTX #OpenThreatExchange #Phishing #bot #Tr1sa111
Telnyx Python SDK Compromised to Deliver Credential-Stealing Malware
Pulse ID: 69cb4c8a3f09339f4cb02efc
Pulse Link: https://otx.alienvault.com/pulse/69cb4c8a3f09339f4cb02efc
Pulse Author: Tr1sa111
Created: 2026-03-31 04:24:42
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #Python #bot #Tr1sa111
BreachForums Data Leaks: Technical Analysis and Timeline Attribution (2022–2026)
Pulse ID: 69cb4c7ec2983d5eff7d6d1c
Pulse Link: https://otx.alienvault.com/pulse/69cb4c7ec2983d5eff7d6d1c
Pulse Author: Tr1sa111
Created: 2026-03-31 04:24:30
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #OTX #OpenThreatExchange #bot #Tr1sa111
A cunning predator: How Silver Fox preys on Japanese firms this tax season
Pulse ID: 69cb4c964f8129cc49ac039e
Pulse Link: https://otx.alienvault.com/pulse/69cb4c964f8129cc49ac039e
Pulse Author: Tr1sa111
Created: 2026-03-31 04:24:54
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #Japan #OTX #OpenThreatExchange #bot #Tr1sa111
Security brief: tax scams aim to steal funds from taxpayers
Pulse ID: 69cb4c9d3b0e31336a8bd711
Pulse Link: https://otx.alienvault.com/pulse/69cb4c9d3b0e31336a8bd711
Pulse Author: Tr1sa111
Created: 2026-03-31 04:25:01
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #OTX #OpenThreatExchange #TaxScam #bot #Tr1sa111
TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM
Pulse ID: 69cb4ca4d0792649130a1a2e
Pulse Link: https://otx.alienvault.com/pulse/69cb4ca4d0792649130a1a2e
Pulse Author: Tr1sa111
Created: 2026-03-31 04:25:08
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #ICS #InfoSec #OTX #OpenThreatExchange #bot #Tr1sa111
TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM
TeamPCP launched a sophisticated attack on the Telnyx Python SDK, publishing malicious versions 4.87.1 and 4.87.2 to PyPI. The attack represents an evolution from their previous LiteLLM campaign, incorporating WAV-based steganography, split-file code injection, and expanded platform support. The payload, activated on import, uses stealthy techniques to download and execute credential-stealing malware across Linux, macOS, and Windows systems. Key changes include the use of audio steganography to hide malicious code, improved evasion through split-file injection, and the addition of Windows support with Startup folder persistence. The attackers shifted from HTTPS to plaintext HTTP infrastructure, potentially exposing their activities to network monitoring. Organizations are advised to downgrade to the last clean version and treat affected systems as compromised.
Pulse ID: 69cabb96c63dbeb412355267
Pulse Link: https://otx.alienvault.com/pulse/69cabb96c63dbeb412355267
Pulse Author: AlienVault
Created: 2026-03-30 18:06:14
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CodeInjection #CyberSecurity #HTTP #HTTPS #ICS #InfoSec #Linux #Mac #MacOS #Malware #OTX #OpenThreatExchange #PyPI #Python #RAT #Steganography #Windows #bot #AlienVault
ClickFix Variant Exploiting Rundll32 and WebDAV for Evasion
A new ClickFix variant abuses rundll32.exe and WebDAV to execute
malicious DLLs while evading detection. It uses fake CAPTCHA pages to
trick users into running commands, then operates filelessly and injects
into legitimate processes for stealth.
Pulse ID: 69cae9f67d974aa2e5a39c86
Pulse Link: https://otx.alienvault.com/pulse/69cae9f67d974aa2e5a39c86
Pulse Author: cryptocti
Created: 2026-03-30 21:24:06
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CAPTCHA #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #SSL #bot #cryptocti
CrySome RAT Stealth-Oriented Malware Built on .NET
CrySome is a Remote Access Trojan (RAT) developed in C# for the .NET platform, designed to establish and maintain a persistent command-and- control (C2) connection over TCP, enabling attackers to execute remote actions on compromised systems.
Pulse ID: 69caea76eb0e8d15bcb7c207
Pulse Link: https://otx.alienvault.com/pulse/69caea76eb0e8d15bcb7c207
Pulse Author: cryptocti
Created: 2026-03-30 21:26:14
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #Malware #NET #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #TCP #Trojan #bot #cryptocti
BreachForums Data Leaks: Technical Analysis and Timeline Attribution (2022–2026)
This analysis examines multiple data leaks attributed to BreachForums between 2022 and 2026, focusing on distinguishing between leak publication dates and actual data timelines. The study covers four datasets associated with different domain names (.vc, .co, .hn, .bf) used by the platform. Each dataset is analyzed based on publication date, format, database structure, and the 'lastactive' field in the user table. The analysis reveals that the domain associated with a leak does not necessarily indicate the timing of the compromise, but rather the context of data collection. The article emphasizes the importance of differentiating between publication date and actual data timeline to avoid misattribution in cyber threat intelligence activities.
Pulse ID: 69c785cd73b8fcad9668be22
Pulse Link: https://otx.alienvault.com/pulse/69c785cd73b8fcad9668be22
Pulse Author: AlienVault
Created: 2026-03-28 07:39:57
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #bot #AlienVault
OTX Bot
