[{"channel_id":1142915694,"post_id":5459,"date":1776781449000,"forwards":"3","views":"338","text":"FakeWallet crypto stealer spreading through iOS apps in the App Store<\/b>

During our investigation, we identified 26 phishing apps in the App Store mimicking the following major wallets:

\u2022 MetaMask
\u2022 Ledger
\u2022 Trust Wallet
\u2022 Coinbase
\u2022 TokenPocket
\u2022 imToken
\u2022 Bitpie

https:\/\/securelist.com\/fakewallet-cryptostealer-ios-app-store\/119474\/<\/a>","text_length":334,"media":{"root":"\/011\/UxUAAG6CH0QAAAAAADQIKJ9yKhA","photo":{"thumbs":{"m":{"w":320,"h":160,"hash":"QrTUdC02eRCKpN5U5WDGOg&ts=1776837904"},"x":{"w":800,"h":400,"hash":"sHdTawuWB4ZijeisM3KRCQ&ts=1776837904"},"y":{"w":1200,"h":600,"hash":"OGF_q_jgx_Solw0ET1nlHw&ts=1776837904"},"i":{"bytes":"AUACg|DKCccEGjBxmrME0aRAEgddwI+9TxcRbQDtK9l2\/d96XM+xLfkU8HIpTnZjHSrn2lN4O5fMA\/1m3ikNzFhsbQp6rt+9RzPsF2UsHGcUVammR4SqkHP3VA+7RTTbKWpUxxSjiiimAlA5oooEOIxgjrRRRQUj\/9k="}}}}},{"channel_id":1142915694,"post_id":5457,"date":1776770258000,"forwards":"7","views":"310","comments":"1","fwd_from":[],"text":"Internet Protocol Version 8 (IPv8)

<\/b>coming..

https:\/\/www.ietf.org\/archive\/id\/draft-thain-ipv8-00.html<\/a>","text_length":103,"media":{"root":null,"webpage":{"url":"https:\/\/www.ietf.org\/archive\/id\/draft-thain-ipv8-00.html","type":"article","title":"Internet Protocol Version 8 (IPv8)","site_name":"www.ietf.org","display_url":"ietf.org\/archive\/id\/draft-thain-ipv8-00.html","description":"Internet Protocol Version 8 (IPv8) is a managed network protocol\nsuite that transforms how networks of every scale -- from home\nnetworks to the global internet -- are operated, secured, and\nmonitored. Every manageable element in an IPv8 network is\nauthorised via OAuth2 JWT tokens served from a local cache. Every\nservice a device requires is delivered in a single DHCP8 lease\nresponse. Every packet transiting to the internet is validated\nat egress against a DNS8 lookup and a WHOIS8 registered active\nroute. Network telemetry, authentication, name resolution, time\nsynchronisation, access control, and translation are unified into\na single coherent Zone Server platform. \n IPv4 is a proper subset of IPv8. An IPv8 address with the routing\nprefix field set to zero is an IPv4 address. No existing device,\napplication, or network requires modification. The suite is 100%\nbackward compatible. There is no flag day and no forced migration\nat any layer. \n IPv8 also resolves IPv4 address exhaustion. Each Autonomous\u2026","author":"Jamie Thain"}}},{"channel_id":1142915694,"post_id":5456,"date":1776265072000,"forwards":"4","views":"173","text":"MCPwn: A CVSS 9.8 One-Line MCP Bug That Hands Over Your Nginx to Anyone on the Network \u2013 Actively Exploited in the Wild

https:\/\/pluto.security\/blog\/mcp-bug-nginx-security-vulnerability-cvss-9-8\/<\/a>

Unauthenticated MCP Endpoint Allows Remote Nginx Takeover PoC:

https:\/\/github.com\/0xJacky\/nginx-ui\/security\/advisories\/GHSA-h6c2-x2m2-mwhf<\/a>","text_length":337,"media":{"root":"\/00e\/UBUAAG6CH0QAAAAAsnQjnOIMx3M","photo":{"thumbs":{"m":{"w":320,"h":180,"hash":"ECGimiUfCRwWsmDWMv6uEw&ts=1776837904"},"x":{"w":800,"h":450,"hash":"cPiWv4jc7yxrz-1P4uVI1w&ts=1776837904"},"y":{"w":1024,"h":576,"hash":"OluZGlSqz28k4G1Iz7t-GQ&ts=1776837904"},"i":{"bytes":"AXACg|B64AzT4yjDcpyfpVY4PyseKljJRQFB\/AZrOxtcmC5PNO2DPNC5H3qaxJPHSgYxuWwKKdtIO6igCqvPepkbYvHaiigB\/mZGelBk4J70UUANLllooooA\/9k="}}}}},{"channel_id":1142915694,"post_id":5455,"date":1775125767000,"forwards":"2","views":"328","text":"SecuritySnack - OpenAI Anti-Ads Malware<\/b>

This report details the discovery of a malicious Chrome extension, named "ChatGPT Ad Blocker", found on the Google Chrome Web Store.

https:\/\/dti.domaintools.com\/securitysnacks\/securitysnack-openai-anti-ads-malware<\/a>","text_length":256,"media":{"root":"\/006\/TxUAAG6CH0QAAAAAufPK_jVvA0Q","webpage":{"url":"https:\/\/dti.domaintools.com\/securitysnacks\/securitysnack-openai-anti-ads-malware","type":"photo","title":"DomainTools Investigations | SecuritySnack - OpenAI Anti-Ads Malware","site_name":"Domaintools","display_url":"dti.domaintools.com\/securitysnacks\/securitysnack-openai-anti-ads-malware","description":"Capitalizing on OpenAI's new ad policy, a malicious Chrome extension masked as a ChatGPT ad blocker was quietly stealing your conversations and sending them to a Discord channel.","thumbs":{"m":{"w":320,"h":191,"hash":"qaD-OPnj7wj-CZHfX5g7GA&ts=1776837904"},"x":{"w":800,"h":478,"hash":"VtxtF5PpedYhxfnrS5YE0Q&ts=1776837904"},"y":{"w":1280,"h":765,"hash":"6x17bPiuXTUDFt7wrkZbPg&ts=1776837904"},"w":{"w":1400,"h":837,"hash":"OzGY9Z04mHSxQHkl3wUQig&ts=1776837904"},"i":{"bytes":"AYACg|DXIB60VGyAuTn9KeuAAPSgBaRgHXBGRS1EkKbzJ5eJOuT60ALHGqcqMZopiJCJS3yebk9DzRRYdyQoxJIdh9Mf4U8dKKKAYtNK85yc\/U0UUCFAAooooA\/\/2Q=="}}}}},{"channel_id":1142915694,"post_id":5454,"date":1775116846000,"forwards":"1","views":"346","text":"Operation NoVoice: Rootkit Tells No Tales<\/b>

WhatsApp under attack *

https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-research-operation-novoice-rootkit-malware-android\/<\/a>","text_length":176,"media":{"root":"\/012\/ThUAAG6CH0QAAAAAGw-6gu2tHYg","webpage":{"url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-research-operation-novoice-rootkit-malware-android","type":"article","title":"Operation NoVoice: Rootkit Tells No Tales | McAfee Blog","site_name":"McAfee Blog","display_url":"mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-research-operation-novoice-rootkit-malware-android","description":"Authored By: Ahmad Zubair Zahid\u00a0 McAfee\u2019s mobile research team\u00a0identified\u00a0and investigated an Android rootkit campaign tracked as Operation\u00a0Novoice. The","author":"https:\/\/www.facebook.com\/McAfee\/","thumbs":{"m":{"w":300,"h":200,"hash":"Jaq0M3msiDkTH226_Cfcuw&ts=1776837904"},"i":{"bytes":"AbACg|CRAh6YNWFRcDis60JwPQVoJKudmeaYircqS7qrFAMEbe5qOyuS7GKTlx+tTRxrc3LOWZT90r+FRCzVJ\/MV2HPBxwaXUfQtF+fukUUj9DRTArKxFvIpRtxPHFOiVvkJz15qyeGwMY+lKyjZnHelYExtsoaZpFzg8YqKadvkHTBwasuxQKF4yuaqSjKAnruNDWgdRRdIzsh\/h6ntRUIVeflHPtRTEf\/Z"}}}}},{"channel_id":1142915694,"post_id":5453,"date":1774601876000,"views":"174","text":"How TeamPCP's supply chain attack evolved<\/b>

The malicious campaign that started with Trivy and Checkmarx has shifted to LiteLLM. Here's how \u2014\u00a0and what's different this time:

https:\/\/www.reversinglabs.com\/blog\/teampcp-supply-chain-attack-spreads<\/a>","text_length":244,"media":{"root":"\/002\/TRUAAG6CH0QAAAAAs3WE_c4nIyE","webpage":{"url":"https:\/\/www.reversinglabs.com\/blog\/teampcp-supply-chain-attack-spreads","type":"photo","title":"TeamPCP software supply chain attack spreads to LiteLLM | ReversingLabs","site_name":"ReversingLabs","display_url":"reversinglabs.com\/blog\/teampcp-supply-chain-attack-spreads","description":"What started as a compromise of Checkmarx Open VSX plugins on npm has now spread to PyPI and is targeting LiteLLM.","thumbs":{"m":{"w":320,"h":167,"hash":"QLqnaXZJlk7K8xF4JOXbkg&ts=1776837904"},"x":{"w":800,"h":418,"hash":"uAOn3O5BVv-kUcMUh_XydA&ts=1776837904"},"y":{"w":1280,"h":669,"hash":"pJMds857epWagSMabBYT3g&ts=1776837904"},"w":{"w":1400,"h":732,"hash":"Iz1F0Lrojc8KgkMSUh9ljw&ts=1776837904"},"i":{"bytes":"AVACg|CpExwozVkthgASeR3qphuwOPpUojYDIz1xz9K2TMXEllu2S7RMDavBHrmpGkwGz1qk6MGwxAYDPJ6VIg3R9y3Y596ExOKshhOQBRRsYc4PFFA7EqzyA4DsAO2asQobmNyxx+tFFD2GZQnbfnA+h5q+spwSAAR6fgf60UVESpJCtNKwIMjYPbJoooqyD\/\/Z"}}}}},{"channel_id":1142915694,"post_id":5452,"date":1773903361000,"forwards":"1","views":"326","text":"Inside DarkSword: A New iOS Exploit Kit Delivered Via Compromised Legitimate Websites<\/b>

https:\/\/iverify.io\/blog\/darksword-ios-exploit-kit-explained<\/a>","text_length":146,"media":{"root":"\/00e\/TBUAAG6CH0QAAAAAsnQjnOIMx3M","webpage":{"url":"https:\/\/iverify.io\/blog\/darksword-ios-exploit-kit-explained","type":"photo","title":"Inside DarkSword: A New iOS Exploit Kit Delivered Via Compromised Legitimate Websites","site_name":"iverify.io","display_url":"iverify.io\/blog\/darksword-ios-exploit-kit-explained","description":"Shortly after our publication on the Coruna exploit kit, a collaborating researcher at Lookout flagged a suspicious-looking URL possibly related to the threat actor from Russia linked with Coruna.","thumbs":{"m":{"w":320,"h":180,"hash":"0ppgFXNdd8gM3cbwuEH_7A&ts=1776837904"},"x":{"w":800,"h":450,"hash":"tAI02oj7bLH5ByNF2Y_iDQ&ts=1776837904"},"y":{"w":1280,"h":720,"hash":"6rgRQ8_axLf3Lk6WDFHLdQ&ts=1776837904"},"w":{"w":1920,"h":1080,"hash":"FKA-EiozO4J30MiH_G6_og&ts=1776837904"},"i":{"bytes":"AXACg|DMK4bpxSbPSrEZjBxIc1MkMch+Vhz2waRsoplHaad5XAJ49zWg1vsPyDn9aquhyd3X1NAOBXJAyFHHqaKe0RDbf5UUEcrIyfX86kVsMArtt6Zx3oooEmWBtbgu7Y7E08XCBdhVsDtnP86KKDS5C2GbMZwfbiiiigV2f\/\/Z"}}}}},{"channel_id":1142915694,"post_id":5451,"date":1773225312000,"forwards":"4","views":"213","fwd_from":[],"text":"BlackSanta EDR-Killer<\/b>

A Silent Threat Targeting Recruitment Workflows. Aryaka Threat Labs has uncovered a sophisticated malware campaign:

The malware performs system reconnaissance and conducts environment checks to detect sandboxes, virtual machines, and debugging tools to evade analysis. A key component, BlackSanta, acts as an EDR-killer, disabling security solutions to ensure malicious payloads run undetected.

Once established, the malware communicates with command-and-control servers over encrypted HTTPS to exfiltrate sensitive data, demonstrating a persistent and highly sophisticated cyber threat..","text_length":614,"media":{"root":"\/013\/SxUAAG6CH0QAAAAAE7SviJSdRGU","document":{"file_name":"blacksanta-edr-killer-threat-report.pdf","mime_type":"application\/pdf","size":14384693,"thumbs":{"m":{"w":247,"h":320,"hash":"g5G-xoVydot8oixLK-pBHw&ts=1776837904"},"i":{"bytes":"AoAB8|DMUr\/ECfoacqg9B+GaZV6ydY0+ZRknqRVt2HFXZWYHPTinq+BVi7mDf4VRzTjK5UlysZUyyFVGD0pEQFckN+FL5YJ6N\/n8KT1ITsNZ896YKcybWxSUxNiAjHIpcr\/doooAXHtSUUUCP\/\/Z"}}}}},{"channel_id":1142915694,"post_id":5450,"date":1773110984000,"views":"27","text":"New A0Backdoor Linked to Teams Impersonation and Quick Assist Social Engineering

https:\/\/www.bluevoyant.com\/blog\/new-a0backdoor-linked-to-teams-impersonation-and-quick-assist-social-engineering<\/a>","text_length":194,"media":{"root":"\/00d\/ShUAAG6CH0QAAAAAyfLB9KNdE1g","webpage":{"url":"https:\/\/www.bluevoyant.com\/blog\/new-a0backdoor-linked-to-teams-impersonation-and-quick-assist-social-engineering","type":"photo","title":"New A0Backdoor Linked to Teams Impersonation and Quick Assist Social\u2026","site_name":"BlueVoyant","display_url":"bluevoyant.com\/blog\/new-a0backdoor-linked-to-teams-impersonation-and-quick-assist-social-engineering","description":"BlueVoyant's Security Operations Center (SOC) recently uncovered a new A0Backdoor delivered through Teams impersonation.","thumbs":{"m":{"w":320,"h":168,"hash":"pZLG9rzOaJcsdgInR6tImw&ts=1776837904"},"x":{"w":800,"h":420,"hash":"k_leUy6_89erXhiuAYkSQw&ts=1776837904"},"y":{"w":1200,"h":630,"hash":"0jGFruaGdpszdNNVE-4x6A&ts=1776837904"},"i":{"bytes":"AVACg|CgVPNRbTycH8qt527ucfiaYJBn\/WD8zVSVmJO5WIPoaUZAxtH1xVjfnq4PHcmms3\/TQD8TUjIQ2M8A5HcUUMAMYYHPpRQBakUFaqkfNRRW9bczpgDgZxzSE5oorA0A47UUUUAf\/9k="}}}}},{"channel_id":1142915694,"post_id":5449,"date":1772690664000,"forwards":"2","views":"814","fwd_from":[],"text":"The Forgotten Bug: How a Node.js Core Design Flaw Enables HTTP Request Splitting<\/b>

https:\/\/r3verii.github.io\/cve\/2026\/02\/27\/nodejs-toctou.html<\/a>","text_length":141,"media":{"root":"\/00d\/SRUAAG6CH0QAAAAAyfLB9KNdE1g","webpage":{"url":"https:\/\/r3verii.github.io\/cve\/2026\/02\/27\/nodejs-toctou.html","type":"photo","title":"The Forgotten Bug: How a Node.js Core Design Flaw Enables HTTP Request Splitting","site_name":"CyberSec Notes","display_url":"r3verii.github.io\/cve\/2026\/02\/27\/nodejs-toctou.html","description":"Deep dive into a TOCTOU vulnerability in Node.js\u2019s ClientRequest.path that bypasses CRLF validation and enables Header Injection and HTTP Request Splitting across 7+ major HTTP libraries totaling 160M+ weekly downloads.","author":"Martino Spagnuolo","thumbs":{"m":{"w":320,"h":169,"hash":"nphUOk6vzYj3N3m_OX40Nw&ts=1776837904"},"x":{"w":800,"h":422,"hash":"GEcq3OyqMPtk8MokxR682w&ts=1776837904"},"y":{"w":1200,"h":633,"hash":"reFc-YG0D5jpBDO9VlXgkg&ts=1776837904"},"i":{"bytes":"AVACg|BElZAwI+UDrTS52mRseYTxntVfeRu4BP1NSRq8iBti8d+azsXccPv5cnFNZDs3AZ9ajMg6k1IkyrAR3oZS13I9uaKe8wO08D14ooFci3Hg+tKLh04GOeKKKokjOCelIOT9KKKADOWxRRRQDP\/Z"}}}}},{"channel_id":1142915694,"post_id":5448,"date":1772518587000,"forwards":"2","views":"827","text":"Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel

https:\/\/unit42.paloaltonetworks.com\/gemini-live-in-chrome-hijacking\/<\/a>","text_length":164,"media":{"root":"\/00b\/SBUAAG6CH0QAAAAAkcfjR9fHuYk","webpage":{"url":"https:\/\/unit42.paloaltonetworks.com\/gemini-live-in-chrome-hijacking","type":"photo","title":"Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel","site_name":"Unit 42","display_url":"unit42.paloaltonetworks.com\/gemini-live-in-chrome-hijacking","description":"A high-severity CVE-2026-0628 in Chrome's Gemini allowed local file access and privacy invasion. Google quickly patched the flaw.","author":"Gal Weizman","thumbs":{"m":{"w":320,"h":179,"hash":"ZkAwiP_CB4y_0crJBDdByQ&ts=1776837904"},"x":{"w":800,"h":448,"hash":"rQXEhmcxsbvQ_1AxtIwX1Q&ts=1776837904"},"y":{"w":1100,"h":616,"hash":"YaKwtdgoz5SY8z6VGeEhrw&ts=1776837904"},"i":{"bytes":"AWACg|CkuCfuqKmCDIPlAY6+9QkggHeMZxgClXleJCR6VaJZN+7DDKgDNDBOT5Y4P8IqIyROAjKVP94U5wY++ffHWmSyUouP9WACOhH9c0VUdyx4JP1NFFwsyJ1ZTyc0sTFTjPB60UVJT2Hvkkk9TzTo58Da43L+tFFMXQkCx53ZbntiiiimhH\/\/2Q=="}}}}},{"channel_id":1142915694,"post_id":5447,"date":1772035674000,"forwards":"1","views":"392","comments":"1","text":"Refund scam impersonates Avast to harvest credit card details

https:\/\/www.malwarebytes.com\/blog\/threat-intel\/2026\/02\/refund-scam-impersonates-avast-to-harvest-credit-card-details<\/a>","text_length":179,"media":{"root":"\/013\/RxUAAG6CH0QAAAAAE7SviJSdRGU","webpage":{"url":"https:\/\/www.malwarebytes.com\/blog\/threat-intel\/2026\/02\/refund-scam-impersonates-avast-to-harvest-credit-card-details","type":"photo","title":"Refund scam impersonates Avast to harvest credit card details","site_name":"Malwarebytes","display_url":"malwarebytes.com\/blog\/threat-intel\/2026\/02\/refund-scam-impersonates-avast-to-harvest-credit-card-details","description":"A convincing fake Avast site displays a \u20ac499.99 charge and promises a refund. Instead, it harvests your name, address, and full credit card details.","author":"Stefan Dasic","thumbs":{"m":{"w":320,"h":180,"hash":"Vc6sWV6WtLnY-ZLKpaFqbg&ts=1776837904"},"x":{"w":800,"h":450,"hash":"6ngoYFwK1_jnbDOkR1c7tw&ts=1776837904"},"y":{"w":1200,"h":675,"hash":"XQGNBgJeUYPfWWtMt2pBew&ts=1776837904"},"i":{"bytes":"AXACg|DZqMACXcoGG4b6inscKTVQM4IkLHOc7exqXJIaVy5RVOS98q4ZHX5Bxn34\/wAT+VIb8LnMZGADyaoRdoqKCQyoWIAIYrwc9DiigCWoxDGH3hfmoootcLkmAeoFJtU9VH5UUUALjFFFFAH\/2Q=="}}}}},{"channel_id":1142915694,"post_id":5446,"date":1771589078000,"views":"92","text":"PromptSpy ushers in the era of Android threats using GenAI

https:\/\/www.welivesecurity.com\/en\/eset-research\/promptspy-ushers-in-era-android-threats-using-genai\/<\/a>","text_length":160,"media":{"root":"\/001\/RhUAAG6CH0QAAAAAmFApNOseCgU","webpage":{"url":"https:\/\/www.welivesecurity.com\/en\/eset-research\/promptspy-ushers-in-era-android-threats-using-genai","type":"article","title":"PromptSpy ushers in the era of Android threats using GenAI","site_name":"Welivesecurity","display_url":"welivesecurity.com\/en\/eset-research\/promptspy-ushers-in-era-android-threats-using-genai","description":"ESET researchers discover PromptSpy, the first known Android malware to abuse generative AI in its execution flow.","thumbs":{"m":{"w":320,"h":180,"hash":"PxDP2k5n988wyDekhnxcuA&ts=1776837904"},"x":{"w":800,"h":450,"hash":"5FEaawBUqhjxaI7k4VszMQ&ts=1776837904"},"y":{"w":1280,"h":720,"hash":"OGtWSds3VRQboY5VcXmE9w&ts=1776837904"},"w":{"w":1920,"h":1080,"hash":"sNPWW3ExnilILtR2GuzFvA&ts=1776837904"},"i":{"bytes":"AXACg|DNB3EDtT5CqnCnNMYbD1zSdulUZpXEAzSjrUse3bzTPXA4pFMTiimnrRTJDvT5BiJDRRSKRGDUkTBTkiiigHsNPJOKKKKZJ\/\/Z"}}}}},{"channel_id":1142915694,"post_id":5445,"date":1771497584000,"views":"202","text":"AI in the Middle: Turning Web-Based AI Services into C2 Proxies & The Future Of AI Driven Attacks<\/b>

https:\/\/research.checkpoint.com\/2026\/ai-in-the-middle-turning-web-based-ai-services-into-c2-proxies-the-future-of-ai-driven-attacks\/<\/a>","text_length":231,"media":{"root":"\/001\/RRUAAG6CH0QAAAAAmFApNOseCgU","webpage":{"url":"https:\/\/research.checkpoint.com\/2026\/ai-in-the-middle-turning-web-based-ai-services-into-c2-proxies-the-future-of-ai-driven-attacks","type":"photo","title":"AI in the Middle: Turning Web-Based AI Services into C2 Proxies & The Future Of AI Driven Attacks - Check Point Research","site_name":"Check Point Research","display_url":"research.checkpoint.com\/2026\/ai-in-the-middle-turning-web-based-ai-services-into-c2-proxies-the-future-of-ai-driven-attacks","description":"Key Points Introduction AI is rapidly becoming embedded in day-to-day enterprise workflows, inside browsers, collaboration suites, and developer tooling. As a result, AI service domains increasingly blend into normal corporate traffic, often allowed by default and rarely treated as sensitive egress. Threat actors are already capitalizing on this shift. Across the malware ecosystem, AI is [\u2026]","author":"shlomoo@checkpoint.com","thumbs":{"m":{"w":320,"h":214,"hash":"Y1c-MDnEh_wj5h_u5-027A&ts=1776837904"},"x":{"w":800,"h":534,"hash":"vGMyZKd2ocMW8OvEgSK9kw&ts=1776837904"},"y":{"w":1024,"h":683,"hash":"fFLKKNjM8J2q1x6qjcjoig&ts=1776837904"},"i":{"bytes":"AbACg|CwfJgT97IPbPepVhUkfIpHrWGGMkh3LvJHc1p28hFojIeNmOnek9ALOIgcbVH1FVZSS5ZDhR6AEfyp+B2kIYDcagkZBIWUsMcf5PWpuyrIuPH8mQiAn\/Z6UVWkd5FG\/p3GelFHMKxWjjjR1YsVOePmzip0i\/dt5eOB8ucfjzV\/7FbjpH\/48aPsVueDH\/48aNyrmYIiJthGQMZYNyKkREEIDFWOTyQM1f8AsVupyseD7MaDZW5IzH2\/vGlYSaRQ3qpxwB\/OirwsbY9Y\/wBTRS5S+c\/\/2Q=="}}}}},{"channel_id":1142915694,"post_id":5444,"date":1770805576000,"views":"82","text":"Old-School IRC, New Victims: Inside The Newly Discovered SSHStalker Linux Botnet

https:\/\/flare.io\/learn\/resources\/blog\/old-school-irc-new-victims-inside-the-newly-discovered-sshstalker-linux-botnet<\/a>","text_length":198,"media":{"root":"\/006\/RBUAAG6CH0QAAAAAufPK_jVvA0Q","webpage":{"url":"https:\/\/flare.io\/learn\/resources\/blog\/old-school-irc-new-victims-inside-the-newly-discovered-sshstalker-linux-botnet","type":"photo","title":"Old-School IRC, New Victims: Inside the Newly Discovered SSHStalker Linux Botnet","site_name":"Flare | Threat Exposure Management | Unmatched Visibility into Cybercrime","display_url":"flare.io\/learn\/resources\/blog\/old-school-irc-new-victims-inside-the-newly-discovered-sshstalker-linux-botnet","description":"Flare\u2019s research team has uncovered a previously undocumented Linux botnet operation we\u2019re calling SSHStalker. To the best of our knowledge, no other research team has reported on this threat actor. Our SSH honeypot captured multiple attacks over two months, revealing a sophisticated operation that blends 2009-era Internet Relay Chat (IRC) botnet tactics with modern mass-compromise [\u2026]","author":"Research Team","thumbs":{"m":{"w":320,"h":168,"hash":"Ru4B2R0oFmftua6y2lv36A&ts=1776837904"},"x":{"w":800,"h":420,"hash":"asyLdKkHeop0JOlWD8LcVw&ts=1776837904"},"y":{"w":1030,"h":541,"hash":"2_bFLQo-adi8aQZJEraLPQ&ts=1776837904"},"i":{"bytes":"AVACg|DNG3+IE\/SmMOTgHHbNTwqrISRk59DUvlp6KcZ7H\/GrYyjilGR0q06QHjdtx6CopFQD5GyPpipBIjJBHvRTTRQAZpdxoopiFLnFN3HpRRSGJmiiigR\/\/9k="}}}}}]