AA7h ago

New.

Sophos: Incident responders, s'il vous plait: Invites lead to odd malware events https://www.sophos.com/en-us/blog/incident-responders-s-il-vous-plait @SophosXOps #infosec #threatresearch #phishing #malware

Incident responders, s'il vous plait: Invites lead to odd malware events

A phishing campaign targeting multiple organizations led to RMM installations – but not much else (yet). A threat actor experimenting, or an access-as-a-service attack underway?

SOPHOS
AA7h ago

New.

Sekoia: New widespread EvilTokens kit: device code phishing as-a-service – Part 1 https://blog.sekoia.io/new-widespread-eviltokens-kit-device-code-phishing-as-a-service-part-1/ @sekoia_io #infosec #threatresearch #phishing #cybercrime

New widespread EvilTokens kit: device code phishing as-a-service - Part 1

Uncover the new sophisticated EvilTokens device code phishing as-a-service, with AI-augmented features facilitating BEC fraud

Sekoia.io Blog
AA7h ago
Proofpoint: Security brief: tax scams aim to steal funds from taxpayers https://www.proofpoint.com/us/blog/threat-insight/security-brief-tax-scams-aim-steal-funds-taxpayers #infosec #threatresearch #scam
Security brief: tax scams aim to steal funds from taxpayers | Proofpoint US

What happened  Threat actors love to take advantage of tax season. It’s peak social engineering time: combine monetary concerns with often stressful responsibilities, sprinkle in the

Proofpoint
AA7h ago

New.

"A single malicious prompt could activate a hidden exfiltration channel inside a regular ChatGPT conversation."

Check Point: ChatGPT Data Leakage via a Hidden Outbound Channel in the Code Execution Runtime https://research.checkpoint.com/2026/chatgpt-data-leakage-via-a-hidden-outbound-channel-in-the-code-execution-runtime/ #infosec #vulnerability #threatresearch #ChatGPT #OpenAI

ChatGPT Data Leakage via a Hidden Outbound Channel in the Code Execution Runtime - Check Point Research

Key Takeaways What Happened AI assistants now handle some of the most sensitive data people own. Users discuss symptoms and medical history. They ask questions about taxes, debts, and personal finances, upload PDFs, contracts, lab results, and identity-rich documents that contain names, addresses, account details, and private records. That trust depends on a simple expectation: […]

Check Point Research
AA8h ago

Posted yesterday, if you missed it.

WatchTower: Please, We Beg, Just One Weekend Free Of Appliances (Citrix NetScaler CVE-2026-3055 Memory Overread Part 2) https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-citrix-netscaler-cve-2026-3055-memory-overread-part-2/ #infosec #Citrix #threatresearch

Please, We Beg, Just One Weekend Free Of Appliances (Citrix NetScaler CVE-2026-3055 Memory Overread Part 2)

Today, we woke up with a nagging feeling: what if Citrix had, in fact, patched multiple Memory Overread vulnerabilities as part of CVE-2026-3055? While we've been using our analysis from Part 1 (please read it first, as this post will be brief) to accurately identify exploitable Citrix NetScaler appliances across

watchTowr Labs
AA9h ago

New.

ReliaQuest: DeepLoad Malware Pairs ClickFix Delivery with AI-Generated Evasion https://reliaquest.com/blog/threat-spotlight-deepload-malware-pairs-clickfix-delivery-with-ai-generated-evasion/

More:

Infosecurity-Magazine: https://www.infosecurity-magazine.com/news/deepload-malware-clickfix-ai-code/ #infosec #threatresearch #malware

DeepLoad Malware Pairs ClickFix Delivery with AI-Generated Evasion

DeepLoad malware bypasses file-based defenses with fileless execution and live credential theft. ReliaQuest breaks down the full TDIR approach to stop it.

ReliaQuest
AA4d ago

New. This relates to CVE-2023-46604, CVE-2023-38646, and CVE-2025-55182.

VulnCheck: The Return of the Kinsing https://www.vulncheck.com/blog/return-of-the-kinsing @vulncheck #infosec #threatresearch #botnet

The Return of the Kinsing | Blog | VulnCheck

Canary Intelligence linked exploitation of CVE-2023-46604, CVE-2023-38646, and CVE-2025-55182 to the same Kinsing infrastructure, including a shared staging host and attacker IP first seen in the canary network on March 12, 2026. The research shows how an older malware family is still adapting by adding new exploit paths while continuing to rely on established infrastructure.

VulnCheck
AA4d ago

New.

Kaspersky: An AI gateway designed to steal your data https://securelist.com/litellm-supply-chain-attack/119257/ @Kaspersky #infosec #Python #LLM #threatresearch

An AI gateway designed to steal your data

Dissecting the supply-chain attack on LiteLLM – a multifunctional gateway used in many AI agents. Explaining the dangers of the malicious code and how to protect yourself.

Kaspersky
AA4d ago

New.

CISA: MAR-25993211-r1.v2 Ivanti Connect Secure (RESURGE) https://www.cisa.gov/news-events/analysis-reports/ar25-087a

Summary: CISA Issues Updated RESURGE Malware Analysis Highlighting a Stealthy but Active Threat https://www.cisa.gov/news-events/news/cisa-issues-updated-resurge-malware-analysis-highlighting-stealthy-active-threat #CISA #malware #infosec #threatresearch

AA4d ago

New.

Kaspsersky: Coruna: the framework used in Operation Triangulation https://securelist.com/coruna-framework-updated-operation-triangulation-exploit/119228/

More:

The Hacker News: Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass Attacks https://thehackernews.com/2026/03/coruna-ios-kit-reuses-2023.html @thehackernews #iOS #Apple #infosec #threatresearch

Coruna: the framework used in Operation Triangulation

Kaspersky GReAT experts look into the Coruna exploit kit targeting iPhones. We discovered that the kernel exploit for CVE-2023-32434 and CVE-2023-38606 is an updated version of the Operation Triangulation exploit.

Kaspersky