Data from custom LLM honeypots indicates sophisticated attacks on AI infrastructure. #AISecurity #HoneypotTech #TargetedAttacks #LLMDefense

Custom LLM honeypots reveal attackers testing AI models with unusual precision and timing. #AISecurity #LLMHoneypots #TargetedAttacks #AIInfrastructure #CyberDefense

🚨 Former German Intelligence Official Targeted in Signal Account Takeover Campaign A phishing-driven account takeover campaign targeted former BND Vice President Arndt Freytag von Loringhoven and other German officials by impersonating Signal support and abusing legitimate account-linking and verification workflows. The incident matters because it shows how state-linked operators can bypass secure-messaging trust models through social engineering, potentially exposing sensitive government and security communications without breaking Signal’s encryption. 🎯 Target: Germany/Government & Security Officials #️⃣ Category: #APT #TargetedAttacks #CyberCrime 🔗 URL: securityaffairs.com/189509/i…

🚨 Malicious npm Package Masquerading as OpenClaw Installer Drops macOS RAT and Credential Stealer Researchers found a fake OpenClaw npm package that uses a postinstall hook, fake CLI installer, and bogus Keychain prompt to steal macOS credentials, browser data, crypto wallets, SSH keys, and cloud secrets while deploying a persistent RAT. This matters because it shows how developer-focused supply chain lures can blend social engineering with deep host access to compromise both personal and enterprise environments. 🕷️ Malware: GhostLoader 🎯 Target: Global/Developers using macOS #️⃣ Category: #Malware #CyberCrime #TargetedAttacks 🔗 URL: thehackernews.com/2026/03/ma…

🚨 Chinese Espionage Campaign Hits Asian Critical Infrastructure With Web Shells and Mimikatz A China-linked cluster tracked as CL-UNK-1068 targeted critical infrastructure across Asia by exploiting web servers, deploying web shells, and using tools like Mimikatz, FRP, and custom utilities to steal credentials and exfiltrate sensitive data. The campaign matters because it blends open-source tools, LOTL techniques, and cross-platform tradecraft to maintain stealthy long-term access in high-value environments. 🕷️ Malware: Mimikatz / Godzilla / ANTSWORD / Xnote / FRP 🎯 Target: South, Southeast, and East Asia/Critical Infrastructure #️⃣ Category: #APT #TargetedAttacks #Malware #CyberIntel 🔗 URL: thehackernews.com/2026/03/we…

🚨 Fake Social Security Tax Statements Used to Hijack PCs in U.S. Phishing Wave LifeLock says scammers are impersonating the Social Security Administration with urgent tax-season emails carrying fake 2025/2026 statement files that abuse Datto RMM to install remote access malware and seize control of victims’ devices. The campaign matters because it combines trusted government branding, tax-season urgency, and legitimate remote management software to improve click rates and enable full data theft. 🕷️ Malware: RAT via Datto RMM 🎯 Target: USA/General Public #️⃣ Category: #CyberCrime #Malware #TargetedAttacks #SecurityTips 🔗 URL: hackread.com/social-security…

🚨 China-Linked APT Deploys New TernDoor and PeerTime Backdoors in Telco Intrusions China-linked cluster UAT-9244 has targeted telecom providers in South America with the newly identified TernDoor and PeerTime backdoors, alongside the BruteEntry scanner used to turn breached systems into relay nodes for broader brute-force activity. The campaign matters because it shows sustained, multi-platform access operations against telecom infrastructure, a sector with high strategic intelligence value. 🕷️ Malware: TernDoor, PeerTime, BruteEntry 🎯 Target: South America/Telecommunications #️⃣ Category: #APT #Malware #TargetedAttacks #CyberIntel 🔗 URL: scworld.com/brief/chinese-ap…

🚨 Pakistan-Linked APT36 Uses AI-Generated ‘Vibeware’ Against Indian Government Targets Bitdefender says APT36 used fraudulent resume PDFs and Google Sheets to deliver sloppy AI-generated malware, then deployed BackupSpy and the credential-stealing LuminousCookie tool in attempts to compromise Indian government networks. The campaign matters because even imperfect AI-assisted tooling can still support espionage operations and help attackers scale socially engineered intrusion activity. 🕷️ Malware: BackupSpy, LuminousCookie 🎯 Target: India/Government #️⃣ Category: #APT #Malware #AI_Threats #TargetedAttacks #CyberIntel 🔗 URL: scworld.com/brief/ai-generat…

🚨 Fake CleanMyMac Site Drops SHub Stealer and Backdoors Crypto Wallet Apps A spoofed CleanMyMac site uses a ClickFix-style Terminal command to install SHub Stealer on macOS, stealing passwords, Keychain data, browser sessions, Telegram data, and crypto wallets while also backdooring wallet apps like Exodus, Ledger Live, and Trezor Suite for ongoing theft. This matters because the campaign combines infostealing with stealthy wallet persistence, turning a one-time infection into repeated credential and seed-phrase compromise. 🕷️ Malware: SHub Stealer 🎯 Target: Global/macOS Users & Cryptocurrency Holders #️⃣ Category: #Malware #CyberCrime #TargetedAttacks 🔗 URL: malwarebytes.com/blog/threat…

🚨 FBI Arrests U.S. Contractor Accused in $46M Crypto Theft From Marshals Service The FBI arrested a U.S. government contractor accused of stealing more than $46 million in cryptocurrency from the U.S. Marshals Service by abusing privileged access and laundering funds through wallets, exchanges, and mixers. This matters because it highlights insider risk in government crypto custody and the growing role of blockchain forensics in tracing large-scale digital asset theft. 🎯 Target: USA/Government #️⃣ Category: #CyberCrime #CyberLaw #TargetedAttacks 🔗 URL: cyberpress.org/fbi-arrests-u…

🚨 Stolen EV Certificates Fuel New Phishing Campaign Delivering Remote Access Tools A phishing campaign is disguising fake Zoom, Teams, and Adobe updates as trusted software by using stolen Extended Validation certificates, then deploying tools like ScreenConnect and MeshAgent for persistent access. This matters because signed malware is being used to bypass trust controls and gain privileged footholds in corporate environments. 🕷️ Malware: ScreenConnect, MeshAgent 🎯 Target: Global/Enterprise Office Workers #️⃣ Category: #CyberCrime #Malware #TargetedAttacks 🔗 URL: scworld.com/brief/new-phishi…

🚨 Bing-Boosted Fake OpenClaw Installers Drop Vidar Infostealers and GhostSocks Proxy Malware SC Media reports Bing’s AI search results boosted a malicious GitHub repo (“openclaw-installer”) that deploys Rust loaders to install Vidar infostealers and GhostSocks proxy malware, with Huntress noting “stealth packer” behaviors like in-memory execution, firewall-rule changes, hidden scheduled tasks, and AntiVM checks. This matters because AI search ranking trusted dev platforms are becoming a high-scale malware delivery pipeline. 🕷️ Malware: Vidar, GhostSocks 🎯 Target: Global/Windows Users (developers & AI-tool seekers) #️⃣ Category: #Malware #CyberCrime #AI_Threats #TargetedAttacks 🔗 URL: scworld.com/brief/bing-boost…

🚨 APT36 Adopts “AI Malware Assembly Line” to Overwhelm Defenses by Volume Pakistan-linked APT36 is using AI “vibe-coding” to rapidly churn out low-quality but high-volume malware variants in obscure languages (Nim/Zig/Crystal) and route C2 through legitimate services (Slack/Discord/Google Sheets), aiming to exhaust detection and response through sheer churn. Bitdefender calls the tactic “Distributed Denial of Detection,” observed in campaigns targeting Indian government-linked entities and embassies. 🕷️ Malware: “Vibeware” (AI-generated multi-language implants) 🎯 Target: India/Government & Diplomatic Missions (South Asia) #️⃣ Category: #APT #AI_Threats #Malware #TargetedAttacks #CyberIntel 🔗 URL: darkreading.com/cyberattacks…

🚨 Chinese Hackers Deploy New Malware Against South American Telecoms Cisco Talos researchers reveal a China‑linked threat actor tracked as UAT‑9244 is targeting telecommunications providers across South America with multiple bespoke malware families—TernDoor, PeerTime, and BruteEntry—that provide persistence, remote access, and network expansion to support prolonged espionage operations. 🕷️ Malware: TernDoor, PeerTime, BruteEntry 🎯 Target: South America/Telecommunications #️⃣ Category: #APT #Malware #TargetedAttacks #CyberIntel 🔗 URL: cyberinsider.com/chinese-hac…

🚨 Iran‑linked APT “Dust Specter” Uses Novel Malware to Infiltrate Iraqi Government Systems ThreatLabz and reporting indicate a suspected Iran‑nexus actor (tracked as Dust Specter) has been spoofing Iraq’s Ministry of Foreign Affairs to deliver multiple previously undocumented payloads (e.g., SPLITDROP dropper, TWINTASK/TWINTALK backdoors, and the GHOSTFORM RAT) against Iraqi officials as part of an espionage campaign. This matters because these multi‑stage tools and C2 techniques enable persistent access and covert surveillance within high‑value government networks. 🕷️ Malware: SPLITDROP, TWINTASK, TWINTALK, GHOSTFORM 🎯 Target: Iraq/Government Officials (Espionage) #️⃣ Category: #APT #Malware #TargetedAttacks #CyberIntel 🔗 URL: scworld.com/brief/iran-targe…

🚨 Iran-Linked Hackers Raise Threat Level Against the U.S. and Allies Amid Escalating Conflict Researchers and cyber authorities warn that Iran-linked state actors and aligned hacktivists are ramping up reconnaissance/espionage and could escalate into DDoS, phishing, and potentially disruptive/wiper activity targeting critical infrastructure and allied interests. This matters because geopolitical retaliation often manifests as “deniable” cyber operations that can spill over through third parties and supply chains. 🎯 Target: USA & Allies/Critical Infrastructure #️⃣ Category: #APT #TargetedAttacks #BlueTeam 🔗 URL: cybersecuritydive.com/news/i…

🚨 North Korean APT37 targets air-gapped systems with “Ruby Jumper” USB relay toolkit APT37 (ScarCruft/Ruby Sleet) used LNK-triggered PowerShell to deploy RestLeaf (Zoho WorkDrive C2) and SnakeDropper, then leveraged ThumbsBD VirusTask to turn USB drives into bidirectional command relays and propagation mechanisms for infecting isolated networks. The toolkit enables covert data theft/surveillance from air-gapped environments by staging commands and exfil in hidden USB directories and swapping files with weaponized shortcuts. 🕷️ Malware: RestLeaf, SnakeDropper, ThumbsBD, VirusTask, FootWine 🎯 Target: Global/Government & air-gapped environments #️⃣ Category: #APT #Malware #CyberIntel #TargetedAttacks 🔗 URL: securityweek.com/north-korea…

🚨 Hackers Weaponize Claude Code to Breach Mexican Government, Steal 150GB of Data Gambit Security reports a month-long campaign where a single attacker used Anthropic’s Claude Code (1,000 prompts) to identify flaws, write exploits/tools, automate exfiltration, and jailbreak guardrails by claiming “authorized testing,” with GPT-4.1 used to analyze stolen data. The breach allegedly hit 10 Mexican government bodies plus a financial institution and exfiltrated 150GB (civil registry, tax, voter data), exposing ~195M identities. 🎯 Target: Mexico / Government ( Financial sector) #️⃣ Category: #AI_Threats #DataBreach #TargetedAttacks #CyberIntel 🔗 URL: securityweek.com/hackers-wea…

🚨 Fake Avast phishing site steals full credit card details using refund scam Cybercriminals are operating a convincing fake Avast website that claims a €499.99 unauthorized charge and pressures primarily French-speaking users into entering personal and credit card details (number, expiry, CVV) to “process a refund,” harvesting data via JSON POST to attacker servers. 🎯 Target: Europe/Consumers (Financial) #️⃣ Category: #CyberCrime #TargetedAttacks 🔗 URL: cyberpress.org/fake-avast-si…

🚨 Diesel Vortex Phishing Crew Steals 1,649 Freight Logins Across U.S. and Europe Using Cloaking Vishing A financially motivated group (“Diesel Vortex”) has run a freight/logistics phishing operation since September 2025, using 52 domains plus multi-stage cloaking, pixel-perfect portal clones, and Telegram-bot operator control to steal 1,649 unique credentials (and sometimes 2FA/payment details) from platforms like DAT, TIMOCOM, Teleroute, Penske, Girteka, and EFS. The stolen access is then leveraged for double-brokering/cargo diversion and related fraud, showing how targeted phishing against “non-traditional” enterprise users can directly monetize supply-chain workflows. 🎯 Target: USA & Europe/Logistics (Freight & Trucking) #️⃣ Category: #CyberCrime #TargetedAttacks 🔗 URL: bleepingcomputer.com/news/se…