Carnival - 7,531,359 breached accounts - https://www.redpacketsecurity.com/carnival-7-531-359-breached-accounts/

#databreach #HaveIBeenPwnedLatestBreaches #HIBP #OSINT #Security #threatintel #TroyHunt

(socket.dev) Escalation of GlassWorm Campaign: Sleeper Extensions Target Open VSX Marketplace with Advanced Evasion Techniques

GlassWorm campaign escalates with 73 sleeper extensions targeting Open VSX, using advanced evasion and transitive delivery techniques. At least six extensions activated, others flagged as high-confidence sleepers.

In brief - The GlassWorm threat actor is exploiting the Open VSX marketplace with impersonation extensions that initially appear benign but are later weaponized. The campaign uses social engineering, cloned listings, and multi-stage delivery to evade detection, posing a significant supply chain risk to developers.

Technically - GlassWorm employs sleeper extensions mimicking legitimate tools, leveraging `extensionPack` and `extensionDependencies` for transitive malware delivery. Payloads include GitHub-hosted VSIX files, obfuscated JavaScript, and bundled `.node` binaries with embedded GitHub release URLs. The campaign resolves CLI paths for multiple IDEs (VS Code, Cursor, VSCodium) and uses dead-drop channels like Solana transaction memos for runtime payload retrieval. Obfuscation techniques, such as encrypted URL decoding at runtime, further hinder detection.

Source: https://socket.dev/blog/73-open-vsx-sleeper-extensions-glassworm

#Cybersecurity #ThreatIntel

[INCRANSOM] - Ransomware Victim: krauseundco - https://www.redpacketsecurity.com/incransom-ransomware-victim-krauseundco/

#incransom #dark_web #data_breach #OSINT #ransomware #threatintel #tor

Cobalt Strike Beacon Detected - 43[.]143[.]242[.]10:5555 - https://www.redpacketsecurity.com/cobalt-strike-beacon-detected-43-143-242-10-port-5555-7/

#CobaltStrikeBeaconDetected #OSINT #ThreatIntel

Cobalt Strike Beacon Detected - 156[.]245[.]144[.]203:4443 - https://www.redpacketsecurity.com/cobalt-strike-beacon-detected-156-245-144-203-port-4443-12/

#CobaltStrikeBeaconDetected #OSINT #ThreatIntel

Cobalt Strike Beacon Detected - 106[.]75[.]215[.]96:8081 - https://www.redpacketsecurity.com/cobalt-strike-beacon-detected-106-75-215-96-port-8081-60/

#CobaltStrikeBeaconDetected #OSINT #ThreatIntel

Cobalt Strike Beacon Detected - 139[.]224[.]16[.]185:1234 - https://www.redpacketsecurity.com/cobalt-strike-beacon-detected-139-224-16-185-port-1234-31/

#CobaltStrikeBeaconDetected #OSINT #ThreatIntel

Cobalt Strike Beacon Detected - 103[.]117[.]120[.]98:5555 - https://www.redpacketsecurity.com/cobalt-strike-beacon-detected-103-117-120-98-port-5555-8/

#CobaltStrikeBeaconDetected #OSINT #ThreatIntel

Cobalt Strike Beacon Detected - 47[.]122[.]47[.]221:8880 - https://www.redpacketsecurity.com/cobalt-strike-beacon-detected-47-122-47-221-port-8880-14/

#CobaltStrikeBeaconDetected #OSINT #ThreatIntel

Cobalt Strike Beacon Detected - 47[.]76[.]96[.]68:5555 - https://www.redpacketsecurity.com/cobalt-strike-beacon-detected-47-76-96-68-port-5555-4/

#CobaltStrikeBeaconDetected #OSINT #ThreatIntel