New. This relates to CVE-2023-46604, CVE-2023-38646, and CVE-2025-55182.
VulnCheck: The Return of the Kinsing https://www.vulncheck.com/blog/return-of-the-kinsing @vulncheck #infosec #threatresearch #botnet
The Return of the Kinsing | Blog | VulnCheck
Canary Intelligence linked exploitation of CVE-2023-46604, CVE-2023-38646, and CVE-2025-55182 to the same Kinsing infrastructure, including a shared staging host and attacker IP first seen in the canary network on March 12, 2026. The research shows how an older malware family is still adapting by adding new exploit paths while continuing to rely on established infrastructure.
An AI gateway designed to steal your data
Dissecting the supply-chain attack on LiteLLM – a multifunctional gateway used in many AI agents. Explaining the dangers of the malicious code and how to protect yourself.
Coruna: the framework used in Operation Triangulation
Kaspersky GReAT experts look into the Coruna exploit kit targeting iPhones. We discovered that the kernel exploit for CVE-2023-32434 and CVE-2023-38606 is an updated version of the Operation Triangulation exploit.
ShadowPrompt: How Any Website Could Have Hijacked Claude's Chrome Extension
We found a vulnerability in Claude's Chrome Extension that let any website silently inject prompts into your AI-powered browser session. By chaining a wildcard origin allowlist with a DOM-based XSS in a CAPTCHA subdomain, an attacker could steal credentials, read your email, and act as you - all from an invisible iframe.
Kamasers Analysis: A Multi-Vector DDoS Botnet Targeting Organizations Worldwide
See how the Kamasers botnet can disrupt business operations through multi-vector DDoS attacks, resilient infrastructure, and broad attack capabilities.
ClickFix Campaigns Targeting Windows and macOS
Insikt Group reveals five ClickFix social engineering clusters (QuickBooks, Booking.com, Birdeye) targeting Windows and macOS. Learn how threat actors exploit native system tools with malicious, obfuscated commands to gain initial access, and get key mitigations for defense
New.
Securonix: Analyzing FAUX#ELEVATE: Threat Actors Target France with CV Lures to Deploy Crypto miners and Infostealers Targeting Enterprise Environments https://www.securonix.com/blog/faux-elevate-threat-actors-crypto-miners-and-infostealers/
Sekoia: Silver Fox: The Only Tax Audit Where the Fine Print Installs Malware https://blog.sekoia.io/silver-fox-the-only-tax-audit-where-the-fine-print-installs-malware/ @sekoia_io
From yesterday:
Sophos: NICKEL ALLEY strategy: Fake it ‘til you make it https://www.sophos.com/en-us/blog/nickel-alley-strategy-fake-it-til-you-make-it @SophosXOps
Wiz: KICS GitHub Action Compromised: TeamPCP Strikes Again in Supply Chain Attack https://www.wiz.io/blog/teampcp-attack-kics-github-action @wiz #GitHub #infosec #threatresearch #malware #Trivy
Analyzing FAUX#ELEVATE: Threat Actors Target France with CV Lures to Deploy Crypto miners and Infostealers Targeting Enterprise Environments
Securonix Threat Research: FAUX#ELEVATE is a fast-moving phishing campaign using fake resumes and obfuscated VBScript to steal credentials, exfiltrate data, and deploy crypto miners in enterprise environments.
Trivy Supply Chain Attack Expands to Compromised Docker Imag...
Newly published Trivy Docker images (0.69.5 and 0.69.6) were found to contain infostealer IOCs and were pushed to Docker Hub without corresponding Git...
New research shows 3 flaws dubbed #ClaudyDay in Claude AI could be chained to steal user data using fake Google Ads, hidden prompts, and built-in features.
Read: https://hackread.com/claudy-day-flaws-data-theft-fake-claude-ai-ads/
#CyberSecurity #AI #ClaudeAI #InfoSec #DataSecurity #ThreatResearch #Malware #Privacy
“Claudy Day” Flaws Allow Data Theft via Fake Claude AI Ads, Report
Researchers detail “Claudy Day” flaws in Claude AI that could enable data theft using fake Google Ads, hidden prompts, and built-in features.
AA
Hackread.com