The strange tale of ischhfd83: When cybercriminals eat their own
A simple customer query leads to a rabbit hole of backdoored malware and game cheats
Similar Posts
Typosquatting Is No Longer a User Problem. It’s a Supply Chain Problem
Bys sAI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here’s why your current stack can’t see them, and what detection actually requires. Download the CISO Expert Guide to Typosquatting in the AI Era → TL;DR Typosquatting is no longer a user problem. Attackers now embed lookalike domains inside legitimate…
China-Linked Hackers Exploit Windows Shortcut Flaw to Target European Diplomats
Bys sA China-affiliated threat actor known as UNC6384 has been linked to a fresh set of attacks exploiting an unpatched Windows shortcut vulnerability to target European diplomatic and government entities between September and October 2025. The activity targeted diplomatic organizations in Hungary, Belgium, Italy, and the Netherlands, as well as government agencies in Serbia, Arctic Wolf…
Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure
Bys sIvanti is warning that a critical security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA Gateways has come under active exploitation in the wild beginning mid-December 2024. The security vulnerability in question is CVE-2025-0282 (CVSS score: 9.0), a stack-based buffer overflow that affects Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version…
Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Infects Over 6,000 Devices
Bys sUnpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team. “The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to spread itself automatically over the Internet,” security researchers Ofek Vardi and Matan Mittelman said in a…
Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
Bys sCybersecurity researchers have warned of malicious images pushed to the official “checkmarx/kics” Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and alpine, while also introducing a new v2.1.21 tag that does not correspond to an official…
ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
Bys sThis week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are using the parts we already trust. That is what makes it worrying….