Threats Tagged 'compromised'
View all threats tagged with 'compromised'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'compromised'
Click on any threat for detailed analysis and mitigation recommendations
How One Compromised Reseller Account Let an Attacker Hit Dozens of Websites at Once 0 A reseller account compromise allowed an attacker to access and inject malicious content into dozens of unrelated customer websites hosted on a shared cPanel/WHM server. The attacker used the reseller's credentials to propagate Indonesian online-gambling doorway pages across multiple sites without breaching each site individually. This coordinated parasite-SEO attack affected diverse businesses, highlighting the risk posed by reseller account compromises in multi-tenant hosting environments. Join the discussion | Reddit Cybersecurity | 06/24/2026, 08:45:49 UTC Added: 06/24/2026, 08:54:05 UTC |
Over 75,000 Fortinet device administrator credentials compromised (50% of the Fortinets facing the Internet per Shodan) via Hunt Intelligence, Inc, Volodymyr Diachenko, Hudson Rock and Kevin Beaumont. 0 A large-scale compromise of over 75,000 Fortinet device administrator credentials has been reported. The compromised credentials appear to be recent and include devices that are still online. The data was reportedly obtained from device configuration exports, containing sensitive information visible only from the devices themselves. This incident affects a significant portion of Fortinet firewall devices exposed to the internet, estimated at around 15% based on Shodan polling. The compromised devices include many with fairly recent patches. The source of this information is a Reddit post linking to a LinkedIn profile of a security researcher involved in the discovery. Join the discussion | Reddit Cybersecurity | 06/17/2026, 16:31:52 UTC Added: 06/17/2026, 17:49:57 UTC |
🚨 🪱 How PCPJack Converted 230 Compromised Cloud Servers into a Hidden SMTP Relay Network 0 The PCPJack threat actor compromised approximately 230 cloud servers and repurposed them into a hidden SMTP relay network. The attacker left their deployment toolkit publicly accessible in an unauthenticated open directory, facilitating discovery and analysis. Indicators include a systemd service named xsync disguised as a system sync utility, files under /var/tmp/. xs, and Chisel reverse SOCKS5 tunnels on ports 10000-14999. A public blog post provides detailed MITRE ATT&CK mappings and HuntSQL detection queries. No official patch or remediation guidance is currently available. Join the discussion | Reddit BlueTeam | 06/03/2026, 16:29:20 UTC Added: 06/03/2026, 16:33:30 UTC |
durabletask (Microsoft's Python Durable Task client) compromised by TeamPCP 0 The Python Durable Task client package 'durabletask' from Microsoft was compromised by the threat actor TeamPCP. Malicious versions 1.4.1, 1.4.2, and 1.4.3 were pushed to PyPI using stolen CI/CD credentials. These trojanized packages contained backdoors that harvested credentials at runtime and propagated further through stolen credentials. This compromise is part of a broader supply chain attack campaign by TeamPCP affecting multiple developer tools and SDKs since March 2026. Join the discussion | Reddit BlueTeam | 05/27/2026, 16:41:56 UTC Added: 05/27/2026, 16:49:00 UTC |
Showing 1 to 4 of 4 results