Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
@rectifyq
172 subscribers
2 files
1.92K links
rectifyq.com
Rectifyq Cybersecurity News with approximate relevancy to Malaysia and contextualized using MISP Galaxies.

Relevancy
πŸ”΄- e.g. APT target πŸ‡²πŸ‡Ύ.
🟑- e.g. APT target Asian country.
πŸ”΅- e.g. Infostealers impact globally.
⚫- Good to know only.
Download Telegram
About
Blog
Apps
Platform
Join
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
172 subscribers
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Breaking the code: Multi-stage 'code of conduct' phishing campaign leads to AiTM token compromise
πŸ“…Date: 2026-05-04
πŸ”—References:
https://www.microsoft.com/en-us/security/blog/2026/05/04/breaking-the-code-multi-stage-code-of-conduct-phishing-campaign-leads-to-aitm-token-compromise/

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="campaign-analysis"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ no-samples-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Microsoft"
β€’ target-information="United States"
mitre-attack-pattern=['T1557', 'T1539', 'T1204.002', 'T1588.006', 'T1566.002', 'T1598.003', 'T1566.001', 'T1583.005', 'T1071', 'T1583.001', 'T1090', 'T1608.005', 'T1204', 'T1566', 'T1078', 'T1027', 'T1598', 'T1071.001', 'T1078.004', 'T1557.001']

MISP event uuid: 8175eed5-358d-4fa1-8078-eb1ffbbb5bf9
Microsoft News
Breaking the code: Multi-stage β€˜code of conduct’ phishing campaign leads to AiTM token compromise
Microsoft Defender Research observed a large-scale credential theft campaign that exemplifies this trend, using code of conduct-themed lures, a multi-step attack chain, and legitimate email services to distribute fully authenticated messages from attacker…
23 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Four published versions of a fake "tanstack" package uploaded in 27 minutes that want to steal your .env files
πŸ“…Date: 2026-04-29
πŸ”—References:
https://www.aikido.dev/blog/fake-tanstack-packages-steal-env-files

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="campaign-analysis"
β€’ topic="supply-chain"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ no-samples-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
mitre-attack-pattern=['T1059.007', 'T1036.005', 'T1082', 'T1005', 'T1552.001', 'T1027', 'T1195.002', 'T1567.002', 'T1213', 'T1071.001', 'T1105']

MISP event uuid: e7c079a3-fcc8-49de-a399-d94d074031cc
www.aikido.dev
Four published versions of a fake "tanstack" package uploaded in 27 minutes that want to steal your .env files
A fake "tanstack" npm package published four malicious versions in 27 minutes today, exfiltrating .env files via a postinstall hook. Here's what happened, who was affected, and how to rotate your credentials.
26 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Popular DAEMON Tools software compromised
πŸ“…Date: 2026-05-05
πŸ”—References:
https://securelist.com/tr/daemon-tools-backdoor/119654/

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="malware-analysis"
β€’ topic="supply-chain"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Kaspersky"
β€’ target-information="Belarus"
β€’ target-information="Russia"
β€’ target-information="Thailand"
β€’ target-information="Brazil"
β€’ target-information="China"
β€’ target-information="France"
β€’ target-information="Germany"
β€’ target-information="Italy"
β€’ target-information="Spain"
β€’ target-information="Turkey"
mitre-attack-pattern=['T1033', 'T1218.011', 'T1071.004', 'T1573.001', 'T1082', 'T1140', 'T1016', 'T1057', 'T1059.001', 'T1547.001', 'T1055.012', 'T1027', 'T1195.002', 'T1001.003', 'T1518.001', 'T1059.003', 'T1070.004', 'T1071.001', 'T1105', 'T1055.001']

MISP event uuid: 21f675fc-977d-426a-9622-aed934c463c8
34 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: CloudZ RAT potentially steals OTP messages using Pheno plugin
πŸ“…Date: 2026-05-05
πŸ”—References:
https://blog.talosintelligence.com/cloudz-pheno-infostealer/

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="malware-analysis"
β€’ sub-category="campaign-analysis"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Cisco Talos Intelligence Group"
mitre-attack-pattern=['T1053.005', 'T1113', 'T1033', 'T1497.001', 'T1082', 'T1005', 'T1140', 'T1036', 'T1055', 'T1497.003', 'T1555.003', 'T1083', 'T1041', 'T1059.001', 'T1027', 'T1573', 'T1218.009', 'T1059.003', 'T1071.001', 'T1105']

MISP event uuid: 552c3029-2b75-4490-beb5-ef279efdd44e
Cisco Talos
CloudZ RAT potentially steals OTP messages using Pheno plugin
Cisco Talos discovered an intrusion, active since at least January 2026, where an unknown attacker implanted a CloudZ remote access tool (RAT) and a previously undocumented plugin called β€œPheno.”
47 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: UAT-8302 and its box full of malware
πŸ“…Date: 2026-05-05
πŸ”—References:
https://blog.talosintelligence.com/uat-8302/

πŸ”–Rectifyq Taxonomies:
Relevancy: 🟑 Somewhat Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="TA-profile"
β€’ TA-category="APT"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Cisco Talos Intelligence Group"
β€’ target-information="Japan"
β€’ target-information="Russia"
β€’ malpedia="SNAPPYBEE"
β€’ malpedia="DracuLoader"
β€’ malpedia="SNOWLIGHT"
β€’ threat-actor="Earth Estries"
β€’ threat-actor="LongNosedGoblin"
β€’ threat-actor="REF7707"
β€’ threat-actor="UNC5174"
β€’ malpedia="Vshell"
β€’ malpedia="STOWAWAY"
β€’ region="005 - South America"
β€’ region="035 - South-eastern Asia"
β€’ sector="Government, Administration"
β€’ region="039 - Southern Europe"
mitre-attack-pattern=['T1053.005', 'T1003', 'T1069', 'T1071.004', 'T1087.002', 'T1087.001', 'T1135', 'T1190', 'T1055', 'T1090', 'T1482', 'T1083', 'T1059.001', 'T1078', 'T1027', 'T1570', 'T1071.001', 'T1018', 'T1574.002', 'T1105']

MISP event uuid: 8fc2d3cc-7ec3-45b7-84f8-38e23b894b54
Cisco Talos
UAT-8302 and its box full of malware
Cisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat (APT) group targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025.
26 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Iranian-Nexus Operation Against Oman's Government: 12 Ministries Hit and 26,000 Citizen Records Exposed
πŸ“…Date: 2026-05-05
πŸ”—References:
https://hunt.io/blog/iranian-nexus-oman-government-intrusion

πŸ”–Rectifyq Taxonomies:
Relevancy: ⚫ Not Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="infra-profile"
β€’ TA-category="APT"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ no-samples-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Hunt.io"
β€’ country="iran"
β€’ target-information="Oman"
β€’ sector="Government, Administration"
β€’ threat-actor="MuddyWater"
β€’ threat-actor="OilRig"
mitre-attack-pattern=['T1053.005', 'T1110.001', 'T1133', 'T1548.002', 'T1003.002', 'T1087.002', 'T1543.003', 'T1074.002', 'T1190', 'T1567', 'T1572', 'T1505.003', 'T1090', 'T1083', 'T1552.001', 'T1041', 'T1059.001', 'T1098', 'T1078', 'T1059.003', 'T1071.001', 'T1136']

MISP event uuid: 1d22e8ac-9b2e-42be-8bcc-f3e462b6f63a
hunt.io
Iranian-Nexus Operation Against Oman's Government: 12 Ministries Hit and 26,000 Citizen Records Exposed
An exposed UAE-hosted VPS revealed an Iranian-nexus operation against Oman's government, with 26,000 citizen records pulled from the Justice Ministry.
20 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Malicious OpenClaw Skill Distributes Remcos RAT and GhostLoader
πŸ“…Date: 2026-05-05
πŸ”—References:
https://www.zscaler.com/blogs/security-research/malicious-openclaw-skill-distributes-remcos-rat-and-ghostloader

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="from-original-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="campaign-analysis"
β€’ topic="ai"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Zscaler"
β€’ malpedia="Remcos"
mitre-attack-pattern=['T1059.007', 'T1539', 'T1555.001', 'T1204.002', 'T1497.001', 'T1218.007', 'T1005', 'T1552.004', 'T1056.002', 'T1059.004', 'T1562.001', 'T1027', 'T1195.002', 'T1059.003', 'T1071.001', 'T1574.002']

MISP event uuid: f4b731dc-f335-424d-883c-086d4f415791
Zscaler
OpenClaw Skill Distributes Remcos & GhostLoader | ThreatLabz
Technical analysis of a fake OpenClaw β€œDeepSeek-Claw” skill that tricks AI agents and developers into running hidden payloads that deploy Remcos RAT and GhostLoader.
14 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Operation Silent Rotor: Rust-Based Malware Targets Eurasian Unmanned Aviation Sector Ahead of Moscow Summit
πŸ“…Date: 2026-05-06
πŸ”—References:
https://www.seqrite.com/blog/operation-silent-rotor-rust-malware-unmanned-aviation-sector/

πŸ”–Rectifyq Taxonomies:
Relevancy: ⚫ Not Relevant
Category: βš” Threat
β€’ mitre-att&ck="from-original-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="campaign-analysis"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ no-samples-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Seqrite"
β€’ target-information="Russia"
β€’ target-information="Tajikistan"
β€’ sector="Civil Aviation"
β€’ region="143 - Central Asia"
mitre-attack-pattern=['T1033', 'T1204.002', 'T1566.001', 'T1082', 'T1106', 'T1140', 'T1016', 'T1083', 'T1036.004', 'T1041', 'T1027', 'T1059.003', 'T1071.001', 'T1105', 'T1090.001']

MISP event uuid: 879be2a3-1617-4328-910c-155eac2ec686
Seqrite Labs
Operation Silent Rotor: Targeted Campaign Compromises Unmanned Aviation Sector Ahead of Moscow Summit
<p>Table of Content Introduction Key Targets Industries Affected Geographical focus Infection Chain Initial Findings Looking into the Decoy Documents Technical Analysis Stage 1 – Analysis of Malicious Executable Stage 2 – Second stage payload dropper Infrastructure…
10 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: OceanLotus suspected of distributing ZiChatBot malware via wheel packages in PyPI
πŸ“…Date: 2026-05-06
πŸ”—References:
https://securelist.com/oceanlotus-suspected-pypi-zichatbot-campaign/119603/

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="from-original-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="campaign-analysis"
β€’ topic="supply-chain"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Kaspersky"
mitre-attack-pattern=['T1132.001', 'T1195.001', 'T1036.005', 'T1204.002', 'T1574.001', 'T1106', 'T1140', 'T1055', 'T1547.001', 'T1059.004', 'T1027', 'T1102.002', 'T1059.006', 'T1070.004', 'T1027.002', 'T1071.001']

MISP event uuid: 25b75e79-d053-4462-b023-07d0549f2905
8 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Data Extortion Groups Intensify Pressure On Global Aerospace Supply Chains
πŸ“…Date: 2026-05-06
πŸ”—References:
https://cyberpress.org/aerospace-supply-chains-targeted/

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="campaign-analysis"
β€’ TA-category="Ransomware"
β€’ target="broad-based"
β€’ topic="supply-chain"
β€’ no-samples-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ ransomware="lockbit5"
β€’ sector="Aerospace"
mitre-attack-pattern=['T1583', 'T1133', 'T1082', 'T1071', 'T1562', 'T1195', 'T1190', 'T1567', 'T1589', 'T1021', 'T1070', 'T1041', 'T1199', 'T1566', 'T1078', 'T1027', 'T1486', 'T1598', 'T1588', 'T1213']

MISP event uuid: a7d2cb24-3c7b-4553-9fea-d3228368f8a1
Cyber Security News
Data Extortion Groups Intensify Pressure On Global Aerospace Supply Chains
Cyber risk in the global aviation and aerospace sector is rapidly evolving, with a marked shift toward ransomware, identity-based intrusions.
12 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Threat Actors Weaponize Tiflux RMMs in Malspam Attacks
πŸ“…Date: 2026-05-07
πŸ”—References:
https://www.huntress.com/blog/tiflux-rmm-install

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="intrusion-analysis"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ no-samples-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Huntress"
mitre-attack-pattern=['T1113', 'T1036.005', 'T1204.002', 'T1543.003', 'T1566.002', 'T1082', 'T1219', 'T1112', 'T1070.001', 'T1552.001', 'T1547.001', 'T1562.001', 'T1078', 'T1068', 'T1027', 'T1573', 'T1071.001', 'T1574.002']

MISP event uuid: 66e683a8-e077-43de-b903-1a8d01c2429d
Huntress
Threat Actors Weaponize Tiflux RMMs in Malspam Attacks | Huntress
We dug into a recent malspam campaign that involved an installer for a commercially sold remote monitoring and management (RMM) tool called Tiflux.
13 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials at Scale
πŸ“…Date: 2026-05-07
πŸ”—References:
https://www.sentinelone.com/labs/cloud-worm-evicts-teampcp-and-steals-credentials-at-scale/

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="campaign-analysis"
β€’ topic="supply-chain"
β€’ topic="cloud"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="SentinelOne"
mitre-attack-pattern=['T1613', 'T1132.001', 'T1552.005', 'T1053.003', 'T1021.004', 'T1190', 'T1525', 'T1552.004', 'T1087', 'T1609', 'T1083', 'T1552.001', 'T1041', 'T1212', 'T1059.004', 'T1078', 'T1027', 'T1570', 'T1059.006', 'T1071.001', 'T1543.002', 'T1046', 'T1105', 'T1552.007']

MISP event uuid: 695fc11f-d4b5-4df4-8563-1b8a8a3a8c7d
SentinelOne
PCPJacked | A Supply Chain Attacker Becomes the Target
Cloud attack framework skips cryptomining, harvests financial, messaging, and enterprise credentials for fraud, spam, and potential extortion.
❀1
16 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Custom Attack Tooling Including Undisclosed C2 Infrastructure Targeting Malaysian Organizations
πŸ“…Date: 2026-05-15
πŸ”—References:
https://oasis-security.io/blog/malaysian-government-with-undisclosed-c2-infrastructure

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΄ Highly Relevant
Category: βš” Threat
β€’ sub-category="infra-profile"
β€’ target="targeted"
β€’ mitre-att&ck="none-from-src"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ target-information="Malaysia"
β€’ sector="Government, Administration"
β€’ online-service="8206e5d7-9189-4d8b-855d-339fa45e9c47"
mitre-attack-pattern=['T1100', 'T1505.003', 'T1552.001', 'T1567.002', 'T1190', 'T1587.001', 'T1003.003', 'T1059.001', 'T1059.006', 'T1003.002', 'T1071.001', 'T1021.006']

MISP event uuid: a30d2c51-b056-4b55-ad4d-971722af82d8
oasis-security.io
Custom Attack Tooling Including Undisclosed C2 Infrastructure Targeting Malaysian Organizations
Oasis Security identified a targeted intrusion campaign against multiple Malaysian government organizations, characterized by purpose-built Python tooling per target for internal enumeration and data exfiltration, active webshell deployment, and previously…
14 viewsedited  
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ pinned Β«πŸ“ƒTitle: Zu*** Fi*** Malaysia Data Leak Claims πŸ“…Date: 2026-05-02 πŸ”—References: https://x.com/DailyDarkWeb/status/2050382328489447468?s=20 πŸ”–Rectifyq Taxonomies: Relevancy: πŸ”΄ Highly Relevant Category: πŸ’₯ Data Breach β€’ sub-category="leak-forums" β€’ target="targeted"…»
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ pinned Β«πŸ“ƒTitle: Per****** Eko**** Malaysia (Malaysian Eco***** A**********) πŸ“…Date: 2026-05-02 πŸ”—References: https://x.com/DailyDarkWeb/status/2050389330498130111?s=20 πŸ”–Rectifyq Taxonomies: Relevancy: πŸ”΄ Highly Relevant Category: πŸ’₯ Data Breach β€’ sub-category="leak…»
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ pinned Β«πŸ“ƒTitle: Custom Attack Tooling Including Undisclosed C2 Infrastructure Targeting Malaysian Organizations πŸ“…Date: 2026-05-15 πŸ”—References: https://oasis-security.io/blog/malaysian-government-with-undisclosed-c2-infrastructure πŸ”–Rectifyq Taxonomies: Relevancy:…»
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: 5 Malicious NuGet Packages Impersonate Chinese UI Libraries to Distribute Crypto Wallet and Credential Stealer
πŸ“…Date: 2026-05-06
πŸ”—References:
https://socket.dev/blog/5-malicious-nuget-packages-impersonate-chinese-ui-libraries

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="from-original-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="campaign-analysis"
β€’ topic="crypto-related"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ no-samples-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
mitre-attack-pattern=['T1056.001', 'T1539', 'T1204.002', 'T1497.001', 'T1082', 'T1106', 'T1005', 'T1140', 'T1055', 'T1560', 'T1555.003', 'T1055.013', 'T1059', 'T1083', 'T1552.001', 'T1041', 'T1027', 'T1195.002', 'T1071.001']

MISP event uuid: fd4d5ee1-41ff-493f-bb7b-8f5a25b1c947
Socket
5 Malicious NuGet Packages Impersonate Chinese UI Libraries ...
Five malicious NuGet packages impersonate Chinese .NET libraries to deploy a stealer targeting browser credentials, crypto wallets, SSH keys, and loca...
14 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Donuts and Beagles: Fake Claude site spreads backdoor
πŸ“…Date: 2026-05-07
πŸ”—References:
https://www.sophos.com/en-us/blog/donuts-and-beagles-fake-claude-site-spreads-backdoor

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="campaign-analysis"
β€’ topic="ai"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Sophos"
mitre-attack-pattern=['T1573.001', 'T1106', 'T1140', 'T1059', 'T1083', 'T1204', 'T1041', 'T1547.001', 'T1566', 'T1027', 'T1132', 'T1070.004', 'T1071.001', 'T1574.002', 'T1105']

MISP event uuid: 7865b246-7bcb-4626-aabe-c50b31d21a89
SOPHOS
Donuts and Beagles: Fake Claude site spreads backdoor
A malicious imitation of Anthropic’s Claude site leads to DLL sideloading – and a backdoor
9 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Fake call logs, real payments: How CallPhantom tricks Android users
πŸ“…Date: 2026-05-07
πŸ”—References:
https://www.welivesecurity.com/en/eset-research/fake-call-logs-real-payments-how-callphantom-tricks-android-users/

πŸ”–Rectifyq Taxonomies:
Relevancy: 🟑 Somewhat Relevant
Category: βš” Threat
β€’ mitre-att&ck="from-original-src"
β€’ sub-category="malware-analysis"
β€’ topic="mobile-attack"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="ESET"
β€’ target-information="India"
β€’ region="142 - Asia"
mitre-attack-pattern=['T1643', 'T1437.001']

MISP event uuid: ba57e423-eb23-4cc7-88af-cde6f2ad2e53
Welivesecurity
Fake call logs, real payments: How CallPhantom tricks Android users
ESET researchers uncovered fraudulent apps on Google Play that claim to provide the call history β€œfor any number” and had been downloaded more than seven million times before being taken down.
9 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Operation GriefLure: Dissecting an APT Campaign Targeting Vietnam's Military Telecom & Philippine Healthcare
πŸ“…Date: 2026-05-07
πŸ”—References:
https://www.seqrite.com/blog/operation-grieflure-dissecting-an-apt-campaign-targeting-vietnams-military-telecom-philippine-healthcare/

πŸ”–Rectifyq Taxonomies:
Relevancy: ⚫ Not Relevant
Category: βš” Threat
β€’ mitre-att&ck="from-original-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="campaign-analysis"
β€’ TA-category="APT"
β€’ target="targeted"
β€’ no-samples-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Seqrite"
β€’ target-information="Philippines"
β€’ target-information="Vietnam"
β€’ sector="Health"
β€’ sector="Military"
β€’ sector="Telecoms"
mitre-attack-pattern=['T1113', 'T1574.007', 'T1547', 'T1204.002', 'T1566.001', 'T1082', 'T1005', 'T1036', 'T1218', 'T1555.003', 'T1134.002', 'T1020', 'T1083', 'T1552.001', 'T1057', 'T1041', 'T1027', 'T1573', 'T1518.001', 'T1059.003', 'T1071.001', 'T1574.002', 'T1564.004', 'T1055.001']

MISP event uuid: 959e2151-f389-4d99-bea5-635a5f3fc2c8
Seqrite Labs
Operation GriefLure: Dissecting an APT Campaign Targeting Vietnam’s Military Telecom & Philippine Healthcare
<p>Table of Contents: Introduction: Key Targets: Infection Chain: Initial Findings about Campaign: Analysis of Decoys: Technical Analysis: Campaign-1: Stage-1: Ho so.rar Campaign: 2 Stage-1: download.zip Stage-2: The LNK & Batch file (Common in 1 & 2 both)…
11 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution
πŸ“…Date: 2026-05-06
πŸ”—References:
https://unit42.paloaltonetworks.com/captive-portal-zero-day/

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: πŸ’‰ Vulnerability
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="campaign-analysis"
β€’ sub-category="zero-day"
β€’ target="broad-based"
β€’ mitre-att&ck="from-original-src"
β€’ no-samples-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Palo Alto"
mitre-attack-pattern=['T1498.001', 'T1087.002', 'T1021.004', 'T1071', 'T1190', 'T1055', 'T1572', 'T1070.001', 'T1016', 'T1090', 'T1098', 'T1562.001', 'T1078', 'T1068', 'T1078.002', 'T1070.004', 'T1071.001', 'T1018', 'T1105', 'T1021.001']

MISP event uuid: 8e814525-08af-4e45-a9b3-9402b98b3e88
Unit 42
Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution
Unit 42 details CVE-2026-0300, a buffer overflow vulnerability in the PAN-OS User-ID Authentication Portal. Read now for details.
9 views