TamperedChef serves bad ads, with infostealers as the main course
Sophos X-Ops explores a malvertising campaign that leverages Google Ads to distribute an infostealer
Categories: Threat Research
Tags: TamperedChef, EvilAI, infostealer, Sophos X-Ops
Similar Posts
An arrested man’s lawyer claims his client can’t be ShinyHunters’ leader. His argument wasn’t persuasive.
Bys sOn October 14, the attorney for the man whom France claims to be the head of ShinyHunters held a press conference that included some statements on his client’s case. So far, neither France nor the attorney, Juan Branco, has disclosed the arrested man’s name, so we are not really sure who his client is. All……
China accuses US of launching ‘advanced’ cyberattacks, names alleged NSA agents
Bys sLaurie Chen, Farah Master and Liz Lee report: China accused the United States National Security Agency (NSA) on Tuesday of launching “advanced” cyberattacks during the Asian Winter Games in February, targeting essential industries. Police in the northeastern city of Harbin said three alleged NSA agents to a wanted list and also accused the University of…
Ransomware’s new frontier: Extortion attacks evolve in Asia Pacific
Bys sJoanna England reports: Akamai Technologies, the cybersecurity and cloud computing company that powers and protects business online, has found that bad actors are using a new quadruple extortion tactic in ransomware campaigns, while double extortion remains the most common approach. With ransomware accounting for more than half of the total data breaches in this region……
Post Title
Bys sMichael Martin reports: Cherry Health says it is dealing with ongoing technology issues, but days into the disruption, officials have not explained what’s causing them. In a notice posted to their website Monday, the health system said it is “experiencing technology issues across Cherry Health, including our phone system.” Their clinics remain open for scheduled……
Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach
Bys sMicrosoft on Monday announced that it has moved the Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and that it’s also in the process of migrating the Entra ID signing service as well. The disclosure comes about seven months after the tech giant said it completed updates to Microsoft Entra ID and…
cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor
Bys sA threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager (WHM) that could result in an authentication bypass and allow remote attackers to gain elevated control of…