🚨 Ongoing phishing campaign abusing Cloudflare Pages and ZenDesk. Threat actors registered more then 600 *.pages[.]dev domains using typosquatting to impersonate customer support portals for well known brands. Phishing pages are very likely AI generated and include an
All of the phishing pages using same Google site verification and Microsoft Bing Webmaster tokens, threat actor abuse these for SSO poisoning. Here are the list of domains: https://gist.github.com/whichb...
cc @Cloudflare nuke these domains please.
#APT Since the disclosure of the #ZipperDown vulnerability in 2018, this is the first observed case of its in-the-wild exploitation by APT groups. Northeast Asian threat actors used it to target Android devices of individuals in North Korea and Northeast China.
First post back. Thought I'll catch you up on some of the projects I've been working on that you might find useful. First and foremost, DetectionsStream. This is for my fellow detection engineers and those aspiring to be. https://detectionstream.com
NEW: How former L3Harris Trenchant boss Peter Williams was able to steal zero-days worth millions of dollars, based on court docs and interviews with former colleagues. “No one had any supervision over [Williams] at all. He was kind of allowed to do things the way he wanted to.”
Thank you for the analysis! Unfortunately, no samples on @virustotal but three hashes from your blog were added to monitoring. We'll let y'all know when they show up!