Reddit NetSec

CVE Database V5

AlienVault OTX General

Reddit InfoSec News

Exploit-DB RSS Feed

ThreatFox MISP Feed

CIRCL OSINT Feed

AlienVault OTX Vulnerabilities

AlienVault OTX Malware

A malicious campaign targeting primarily Brazilian residents has been discovered, with attacks detected since early 2025. The attackers employed phishing emails, some sent from compromised company servers, to distribute malware. Two attack chains were identified: one using a malicious browser extension for Google Chrome, Microsoft Edge, and Brave, and another utilizing Mesh Agent or PDQ Connect Agent. The campaign aimed to steal authentication data from victims' bank accounts, particularly targeting Banco do Brasil customers. Over 700 downloads of the malicious extension were recorded, affecting users in Brazil, Colombia, Czech Republic, Mexico, Russia, Vietnam, and other countries. The attackers used sophisticated techniques, including virtualization checks, UAC bypass, and file deletion to evade detection.

Operation Phantom Enigma is a malicious cyber campaign first identified in early 2025, primarily targeting Brazilian residents. The attackers leveraged phishing emails, some originating from compromised corporate email servers, to distribute malware designed to steal banking authentication credentials. The campaign employed two main attack vectors: a malicious browser extension compatible with Google Chrome, Microsoft Edge, and Brave browsers, and exploitation of legitimate remote management tools such as Mesh Agent and PDQ Connect Agent. The browser extension was downloaded over 700 times, indicating a significant infection vector. The primary target was Banco do Brasil customers, with the attackers aiming to harvest login credentials and potentially conduct fraudulent transactions. The campaign also affected users in Colombia, Czech Republic, Mexico, Russia, Vietnam, and other countries, demonstrating a broad geographic reach. The attackers used advanced evasion techniques including virtualization environment detection to avoid sandbox analysis, User Account Control (UAC) bypass to escalate privileges without user consent, and file deletion to remove traces of their activities. These tactics suggest a well-resourced adversary focused on stealth and persistence. The use of legitimate remote management tools as part of the attack chain indicates a sophisticated approach to lateral movement and persistence within compromised networks. The campaign’s medium severity rating reflects the targeted nature of the attacks and the moderate scale of infections, but the potential for significant financial theft and data compromise remains high.

Detailed information about Operation Phantom Enigma. Get real-time updates, technical details, and mitigation strategies.

Operation Phantom Enigma - Live Threat Intelligence - Threat Radar | OffSeq.com

Operation Phantom Enigma

OSINT - Reservations Requested: TA558 Targets Hospitality and Travel

The threat actor TA558 has been identified targeting the hospitality and travel sectors, as revealed through open-source intelligence (OSINT) gathered by CIRCL. TA558 is a known cyber threat group with a history of conducting targeted operations, often involving phishing campaigns and malware distribution. The focus on hospitality and travel suggests an intent to exploit these industries' reliance on reservation systems, customer data, and operational continuity. While specific attack vectors or vulnerabilities exploited by TA558 in this campaign are not detailed, the targeting of these sectors typically aims at harvesting sensitive personal and financial information, disrupting services, or establishing footholds for further espionage or financial gain. The threat level is assessed as medium with a certainty of 50%, indicating moderate confidence in the actor's targeting but limited technical details on exploitation methods. No known exploits in the wild have been reported, and no specific affected software versions or vulnerabilities have been identified. The geographical focus appears to be on South America, particularly Mexico, but the tactics and objectives of TA558 could have broader implications for similar industries globally.

Detailed information about OSINT - Reservations Requested: TA558 Targets Hospitality and Travel. Get real-time updates, technical details, and mitigation strate

Title	Severity	Type	Source	Date

Threats Affecting Mexico

Filter Threats

Threats Affecting Mexico

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility