OTX Bot2d ago

Cyber-Enabled Maritime Sanctions Evasion

Iranian and Russian shadow fleet vessels are utilizing sophisticated online infrastructure consisting of over 36 inauthentic websites to facilitate sanctions evasion. These websites impersonate ship registries, national maritime administrations, seafarer training organizations, protection and indemnity clubs, and classification societies from jurisdictions including Comoros, Benin, Bhutan, Cameroon, Chad, Equatorial Guinea, Gambia, Haiti, Malawi, Nicaragua, and Zambia. The infrastructure operates through three identified clusters designated Alpha, Bravo, and Charlie, which demonstrate technical overlaps suggesting a broader ecosystem supporting multiple sanctions evasion networks. Operators employ tactics including automated document generation, typosquatting, identity spoofing, and mutual endorsement loops between fraudulent entities. Attribution includes links to Indian web development company Oceaniek Technologies and two Syrian nationals. The infrastructure has documented connections to seventeen vesse...

Pulse ID: 6a2add68a8beede13c14c559
Pulse Link: https://otx.alienvault.com/pulse/6a2add68a8beede13c14c559
Pulse Author: AlienVault
Created: 2026-06-11 16:08:08

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #India #InfoSec #Iran #OTX #OpenThreatExchange #RAT #Russia #Syria #TypoSquatting #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
OTX Bot2d ago

How Lookalike Domains Exploit Human Judgment

Lookalike attacks exploit human cognitive shortcuts rather than technical vulnerabilities, designing domain names that resemble legitimate services to bypass security controls. These attacks leverage predictable patterns in how people read and process text, using techniques including homographs, typosquatting, domain embedding, and keyword association. The domain name itself embeds targeting intent, making attacks visible in DNS infrastructure before malicious activity occurs. Attackers face deliberate tradeoffs between plausibility and uniqueness, often maintaining domains in dormant states between campaigns to evade takedown. DNS provides early structural signals about attacker intent and brand targeting, though ambiguity remains inherent as legitimate services often exhibit similar patterns. Effective detection requires separating targets from imposters and understanding that domain-based analysis surfaces risk rather than definitive verdicts.

Pulse ID: 6a2ae2fd2f480b5e67ea0de6
Pulse Link: https://otx.alienvault.com/pulse/6a2ae2fd2f480b5e67ea0de6
Pulse Author: AlienVault
Created: 2026-06-11 16:31:57

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DNS #ELF #InfoSec #OTX #OpenThreatExchange #RAT #TypoSquatting #Word #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
OTX Bot2d ago

World Cup 2026 Mobile Targeted Phishing: The Global Social Engineering Threat

Threat intelligence has uncovered a significant increase in digital scams and phishing campaigns exploiting the FIFA World Cup 2026, specifically targeting mobile users. Three primary attack campaigns have been identified: The first uses typosquatting and institutional spoofing with fake domains like fifa-tickets[.]vip to deceive ticket buyers. The second mimics major sports retailers such as Nike and Adidas, hiding infrastructure behind Cloudflare to steal payment credentials. The third campaign, dubbed OffsideHire, exploits tournament hiring through sophisticated recruitment fraud using an Adversary-in-the-Middle platform targeting corporate Google Workspace accounts with real-time MFA bypass capabilities. These campaigns leverage emotional urgency, ticket scarcity, and mobile device usage patterns to bypass traditional security controls, posing risks to both individuals and enterprise environments through credential harvesting and session hijacking.

Pulse ID: 6a2b24146ff879b6eec74176
Pulse Link: https://otx.alienvault.com/pulse/6a2b24146ff879b6eec74176
Pulse Author: AlienVault
Created: 2026-06-11 21:09:40

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AdversaryInTheMiddle #Cloud #CredentialHarvesting #CyberSecurity #Google #ICS #InfoSec #MFA #Mimic #OTX #OpenThreatExchange #Phishing #RAT #SocialEngineering #TypoSquatting #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
OTX Bot2d ago

World Cup 2026 Mobile Targeted Phishing: The Global Social Engineering Threat

Threat intelligence analysis reveals a significant surge in phishing campaigns exploiting the FIFA World Cup 2026, specifically targeting mobile users. Three distinct attack campaigns have been identified: The first deploys typosquatting and institutional spoofing through fake domains to trap ticket buyers. The second mimics major sports retailers like Nike and Adidas, hiding infrastructure behind Cloudflare for credential harvesting. The third exploits tournament hiring opportunities through sophisticated recruitment fraud, implementing an Adversary-in-the-Middle platform targeting corporate Google Workspace accounts with MFA bypass capabilities. These campaigns leverage SMS, WhatsApp, and search engines to exploit emotional urgency and ticket scarcity, creating enterprise security risks as employees use personal devices for work access.

Pulse ID: 6a2b24120e38cab4c6d62f51
Pulse Link: https://otx.alienvault.com/pulse/6a2b24120e38cab4c6d62f51
Pulse Author: AlienVault
Created: 2026-06-11 21:09:38

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AdversaryInTheMiddle #Cloud #CredentialHarvesting #CyberSecurity #Google #ICS #InfoSec #MFA #Mimic #OTX #OpenThreatExchange #Phishing #RAT #SMS #SocialEngineering #TypoSquatting #WhatsApp #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
sekurak NewsJun 5

Nowa fala ataków na programistów. Cyberprzestępcy zatruwają wyniki wyszukiwania (SEO poisoning), aby dystrybuować złośliwe instalatory Gemini CLI oraz Claude Code

Badacze bezpieczeństwa z EclecticIQ alarmują o trwającej kampanii cyberprzestępczej, wycelowanej głównie w programistów szukających instalatorów GeminiCLI oraz Claude Code. Atakujący używają techniki SEO poisoning (zatruwanie wyników wyszukiwania), aby pozycjonować fałszywe domeny nad oficjalnymi witrynami. Strony perfekcyjnie odzwierciedlają autentyczne witryny instalacyjne poszczególnych agentów. Jednak w pakiecie, oprócz instalacji samego agenta, użytkownik...

#Aktualności #ClaudeCode #Cli #Gemini #Infostealer #Malware #Typosquatting

https://sekurak.pl/nowa-fala-atakow-na-programistow-cyberprzestepcy-zatruwaja-wyniki-wyszukiwania-seo-poisoning-aby-dystrybuowac-zlosliwe-instalatory-gemini-cli-oraz-claude-code/

Nowa fala ataków na programistów. Cyberprzestępcy zatruwają wyniki wyszukiwania (SEO poisoning), aby dystrybuować złośliwe instalatory Gemini CLI oraz Claude Code

Badacze bezpieczeństwa z EclecticIQ alarmują o trwającej kampanii cyberprzestępczej, wycelowanej głównie w programistów szukających instalatorów GeminiCLI oraz Claude Code. Atakujący używają techniki SEO poisoning (zatruwanie wyników wyszukiwania), aby pozycjonować fałszywe domeny nad oficjalnymi witrynami. Strony perfekcyjnie odzwierciedlają autentyczne witryny instalacyjne poszczególnych agentów. Jednak w pakiecie, oprócz instalacji samego agenta, użytkownik...

Sekurak
13Jun 5
Nowa fala ataków na programistów. Cyberprzestępcy zatruwają wyniki wyszukiwania (SEO poisoning), aby dystrybuować złośliwe instalatory Gemini CLI oraz Claude Code https://sekurak.pl/nowa-fala-atakow-na-programistow-cyberprzestepcy-zatruwaja-wyniki-wyszukiwania-seo-poisoning-aby-dystrybuowac-zlosliwe-instalatory-gemini-cli-oraz-claude-code/ #Aktualnoci #Claudecode #Cli #Gemini #Infostealer #Malware #Typosquatting
Nowa fala ataków na programistów. Cyberprzestępcy zatruwają wyniki wyszukiwania (SEO poisoning), aby dystrybuować złośliwe instalatory Gemini CLI oraz Claude Code

Badacze bezpieczeństwa z EclecticIQ alarmują o trwającej kampanii cyberprzestępczej, wycelowanej głównie w programistów szukających instalatorów GeminiCLI oraz Claude Code. Atakujący używają techniki SEO poisoning (zatruwanie wyników wyszukiwania), aby pozycjonować fałszywe domeny nad oficjalnymi witrynami. Strony perfekcyjnie odzwierciedlają autentyczne witryny instalacyjne poszczególnych agentów. Jednak w pakiecie, oprócz instalacji samego agenta, użytkownik...

Sekurak
Analyst207May 29

Malicious npm Packages Target Cloud Credentials

Malicious actors are targeting cloud credentials by publishing fake npm packages that mimic popular projects, allowing them to infiltrate developer environments and gain access to sensitive AWS and Elastic credentials. In just four hours, a single attacker published 14 malicious packages using cleverly disguised names.

https://osintsights.com/malicious-npm-packages-target-cloud-credentials?utm_source=mastodon&utm_medium=social

#CloudCredentials #MaliciousPackages #Npm #Typosquatting #Aws

Malicious npm Packages Target Cloud Credentials

Learn how attackers delivered 14 malicious npm packages targeting cloud credentials via typosquatting and impersonating popular projects - read the details now and stay secure.

OSINTSights
RedPacket SecurityMay 29

Typosquatted npm packages used to steal cloud and CI/CD secrets - https://www.redpacketsecurity.com/typosquatted-npm-packages-used-to-steal-cloud-and-ci-cd-secrets/

#threatintel
#typosquatting
#npm
#supply-chain-attack
#cloud-security
#credential-theft

Typosquatted npm packages used to steal cloud and CI/CD secrets - RedPacket Security

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly

RedPacket Security
Analyst207May 28

Malicious Packages Exploit Realistic Identities

Malicious open source packages are getting smarter, with 91% using realistic identities and naming-variant tactics to blend in with legitimate projects, making them harder to spot. This shift away from simple typosquatting tricks means developers need to be extra vigilant when adding dependencies to their workflows.

https://osintsights.com/malicious-packages-exploit-realistic-identities?utm_source=mastodon&utm_medium=social

#MaliciousPackages #OpenSourceSecurity #SupplyChain #NamingvariantTactics #Typosquatting

Malicious Packages Exploit Realistic Identities

Discover how 91% of malicious packages exploit realistic identities using naming-variant tactics, and learn how to protect your projects now with expert insights.

OSINTSights
Scienza et MagiaMay 21

L'Italia fra le nazioni più colpite da frodi informatiche. I brand più falsificati dal phishing in Italia sono PayPal, Amazon e Poste Italiane. Nei loro attacchi phishing i cybercriminali sfruttano marchi molto noti per aumentare la credibilità di email, sms e notifiche fraudolente.
I truffatori operano continuamente e ...

https://scienzamagia.eu/world-wide-web/litalia-fra-le-nazioni-piu-colpite-da-frodi-informatiche/

#Cybercrime #cybercriminali #ingegneriasociale #phishing #Poliziapostale #Quishing #smartphone #smishing #truffeinformatiche #typosquatting