🚨 PHISHING DETECTED 🚨

🔗 Suspicious URL: invitetracker[.]work
🔍 Analysis at: https://phishdestroy.io/domain/invitetracker.work/

#WalletDrainers #malware #cybersec #Web3Awareness #PhishingWarning

🕵🏻‍♂️ [InfoSec MASHUP] 20/2026 - The Platform Is the Attack Surface.

The supply chain attack story this week isn't about a sketchy package lurking in a dark corner of npm. It's about #Anthropic Claude.ai shared chats being used to distribute Mac #malware, a fake Hugging Face repository impersonating OpenAI's Privacy Filter trending at #1 with 244,000 downloads, and JDownloader's own website serving swapped installers. The common thread isn't sophistication — it's borrowed credibility. Attackers have figured out that the detection model most users rely on, implicitly or otherwise, is "I've heard of this platform, therefore this thing on it is probably fine."

That assumption has always been fragile. What's changed is how systematically it's being exploited. A trending repo with a quarter-million downloads looks legitimate by every surface signal. A shared Claude.ai chat looks like a helpful resource. A download from the official project website looks like the official project. The trust isn't in the content — it's in the container. And the container is now the attack surface.

→ Week #20/2026 also covers: #ShinyHunters got paid, #TeamPCP hit 170 packages across npm and PyPI, and Cisco's SD-WAN zero-day count hit six for the year

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-20-2026-the-platform-is-the-attack-surface

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel #AI

🚨 PHISHING DETECTED 🚨

🔗 Suspicious URL: liveledgr-en-page[.]wixstudio[.]com
🔍 Analysis at: https://phishdestroy.io/domain/liveledgr-en-page.wixstudio.com/

#CyberFraud #BlockchainSafety #scam #scamalert #malware

Eimeria: five layers from RAR5 to RunPE

https://www.derp.ca/research/eimeria-multi-stage-loader/

Read on HackerWorkspace: https://hackerworkspace.com/article/eimeria-five-layers-from-rar5-to-runpe

#malware #encryption #cybersecurity

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 97

https://securityaffairs.com/192278/security/security-affairs-malware-newsletter-round-97.html

Read on HackerWorkspace: https://hackerworkspace.com/article/security-affairs-malware-newsletter-round-97

#malware #cybersecurity #threatintelligence

FlowerStorm unleashes the KrakVM: PhaaS operators turn to VM-based obfuscation · Blog · Sublime Security

https://sublime.security/blog/flowerstorm-unleashes-the-krakvm-phaas-operators-turn-to-vm-based-obfuscation/

Read on HackerWorkspace: https://hackerworkspace.com/article/flowerstorm-unleashes-the-krakvm-phaas-operators-turn-to-vm-based-obfuscation-blog-sublime-security

#malware #encryption #threatintelligence

Reverse engineering Android malware with Claude Code

https://zanestjohn.com/blog/reing-with-claude-code

#Security #Android #Malware

LinkedIn İş Görüşmelerindeki Sinsi Tehlike: BeaverTail ve Lazarus Grubu

İş arayan geliştiricileri hedef alan, mülakat projesi adı altında sistemlere sızan Kuzey Kore destekli Lazarus Grubu'nun 'BeaverTail' zararlısını analiz ettim. Node.js backend dosyalarına gizlenen sinsi 'eval()' çağrılarını, npoint.io üzerinden dinamik kod çalıştırmayı ve tarayıcı şifrelerini çalan bu mekanizmaya karşı bare-metal koruma disiplinini an

https://yuceltoluyag.github.io/linkedin-is-gorusmesi-dolandiriciligi-beavertail/

#cybersecurity #lazarus #malware #node #scam

‘HELLO BOSS’: Inside the Chinese Realtime Deepfake Software Powering Scams Around the World (404media, 7 May 2026)

https://www.404media.co/hello-boss-inside-the-chinese-realtime-deepfake-software-powering-scams-around-the-world/

#edtechSR #AI #DeepFake #video #malware #MediaLit