Reddit NetSec

CVE Database V5

AlienVault OTX General

Reddit InfoSec News

Exploit-DB RSS Feed

ThreatFox MISP Feed

CIRCL OSINT Feed

AlienVault OTX Vulnerabilities

AlienVault OTX Malware

Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data

Source: https://thehackernews.com/2025/06/malicious-pypi-package-masquerades-as.html

A malicious package has been discovered on the Python Package Index (PyPI) masquerading as the legitimate 'Chimera' module. This malicious package is designed to stealthily exfiltrate sensitive data from compromised systems, specifically targeting AWS credentials, Continuous Integration/Continuous Deployment (CI/CD) pipeline secrets, and macOS system information. By impersonating a trusted module, the attacker increases the likelihood of the package being installed by developers or automated systems relying on PyPI for dependencies. Once installed, the package executes code that harvests environment variables, configuration files, and potentially other stored secrets related to cloud infrastructure and development workflows. The focus on AWS credentials and CI/CD secrets indicates an intent to gain persistent access to cloud resources and development environments, which could lead to further compromise or data breaches. The targeting of macOS data suggests the attacker is also interested in information specific to Apple environments, possibly to facilitate lateral movement or reconnaissance. Although no known exploits have been reported in the wild yet, the high severity rating and recent discovery underscore the urgency for organizations to audit their Python dependencies and monitor for suspicious package installations. The threat leverages the trust model inherent in open-source package repositories, exploiting the difficulty in distinguishing legitimate packages from malicious imitations, especially when attackers use similar names or branding. This attack vector is particularly dangerous because it can bypass traditional perimeter defenses by exploiting developer workflows and automated build systems.

Detailed information about Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data. Get real-time updates, technical details, a

Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data - Live Threat Intelligence - Threat Radar | OffSeq.com

Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data

Reddit Discussion: Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data

Hackers Leak Data of 10,000 VirtualMacOSX Customers in Alleged Breach

Source: https://hackread.com/hackers-leak-virtualmacosx-customers-data-breach/

The reported security threat involves a data breach affecting VirtualMacOSX, a service provider offering virtualized macOS environments to customers. According to publicly available information sourced from a Reddit InfoSec News post and linked to a report on hackread.com, hackers have leaked data belonging to approximately 10,000 customers of VirtualMacOSX. While specific technical details about the breach vector, exploited vulnerabilities, or the nature of the leaked data have not been disclosed, the incident is categorized as a high-severity breach. The lack of detailed technical indicators or patch information suggests that the breach may have resulted from unauthorized access to customer databases or backend infrastructure, potentially exposing sensitive customer information such as personal identification data, account credentials, or usage logs. The breach's public disclosure on a social media platform with minimal discussion indicates that the incident is recent and possibly still under investigation. The absence of known exploits in the wild implies that the breach was likely targeted or opportunistic rather than part of a widespread automated attack campaign. Given the nature of VirtualMacOSX's service—providing virtualized macOS environments—the exposed data could include credentials that might allow attackers to access virtual machines or related cloud services, increasing the risk of further compromise or lateral movement within affected organizations. The breach highlights the risks associated with cloud-based virtualization services, especially those catering to niche platforms like macOS, where customer trust and data confidentiality are critical.

Detailed information about Hackers Leak Data of 10,000 VirtualMacOSX Customers in Alleged Breach. Get real-time updates, technical details, and mitigation strat

Hackers Leak Data of 10,000 VirtualMacOSX Customers in Alleged Breach - Live Threat Intelligence - Threat Radar | OffSeq.com

Hackers Leak Data of 10,000 VirtualMacOSX Customers in Alleged Breach

Reddit Discussion: Hackers Leak Data of 10,000 VirtualMacOSX Customers in Alleged Breach

WestJet investigates cyberattack disrupting internal systems

Source: https://www.bleepingcomputer.com/news/security/westjet-investigates-cyberattack-disrupting-internal-systems/

WestJet, a major Canadian airline, is currently investigating a cyberattack that has disrupted its internal systems. Although detailed technical specifics of the attack have not been publicly disclosed, the incident has been reported by a trusted cybersecurity news source, indicating a high-priority security event. The disruption of internal systems suggests that the attackers may have gained unauthorized access to WestJet's internal network or infrastructure, potentially impacting operational capabilities such as flight scheduling, crew management, or customer service platforms. The lack of known exploits or patches at this time implies that the attack may be leveraging either a novel vulnerability or a targeted intrusion method rather than a widely known exploit. Given the nature of airline operations, internal system disruptions can affect data confidentiality, integrity, and availability, potentially leading to delays, data breaches, or compromised customer information. The minimal discussion on Reddit and the absence of detailed technical indicators limit the ability to precisely identify the attack vector, but the high severity rating and newsworthiness underscore the seriousness of the incident.

Detailed information about WestJet investigates cyberattack disrupting internal systems. Get real-time updates, technical details, and mitigation strategies.

WestJet investigates cyberattack disrupting internal systems - Live Threat Intelligence - Threat Radar | OffSeq.com

WestJet investigates cyberattack disrupting internal systems

Reddit Discussion: WestJet investigates cyberattack disrupting internal systems

Anubis ransomware adds wiper to destroy files beyond recovery

Source: https://www.bleepingcomputer.com/news/security/anubis-ransomware-adds-wiper-to-destroy-files-beyond-recovery/

The Anubis ransomware, a known malware strain, has recently evolved to incorporate a destructive wiper component designed to irreversibly delete files on infected systems. Traditionally, ransomware encrypts victim data and demands payment for decryption keys; however, the addition of a wiper function signifies a shift towards data destruction rather than data recovery. This dual capability increases the threat's severity, as victims may lose data permanently even if they pay the ransom or attempt recovery. The wiper component operates by overwriting or deleting files beyond recovery, effectively sabotaging the victim's data integrity and availability. The technical details are limited, but the threat was reported via a trusted cybersecurity news source (BleepingComputer) and discussed briefly on Reddit's InfoSecNews subreddit, indicating early-stage awareness in the security community. No specific affected software versions or exploits in the wild have been identified yet, suggesting this may be a recent development or an emerging threat vector. The ransomware's evolution to include a wiper aligns with a growing trend where threat actors aim to increase pressure on victims or cause maximum disruption, potentially for financial gain or sabotage. Given the lack of detailed technical indicators, the exact infection vectors, propagation methods, and targeted environments remain unclear, but the presence of a wiper elevates the risk profile significantly.

Detailed information about Anubis ransomware adds wiper to destroy files beyond recovery. Get real-time updates, technical details, and mitigation strategies.

Anubis ransomware adds wiper to destroy files beyond recovery - Live Threat Intelligence - Threat Radar | OffSeq.com

Anubis ransomware adds wiper to destroy files beyond recovery

Reddit Discussion: Anubis ransomware adds wiper to destroy files beyond recovery

Paraguay Suffered Data Breach: 7.4 Million Citizen Records Leaked on Dark Web

Source: https://securityaffairs.com/178970/data-breach/paraguay-suffered-data-breach-7-4-million-citizen-records-leaked-on-dark-web.html

The reported security incident involves a significant data breach affecting Paraguay, where approximately 7.4 million citizen records were leaked and subsequently made available on the dark web. Although specific technical details about the breach vector, exploited vulnerabilities, or affected systems are not provided, the scale of the data exposure suggests a compromise of a major government or public sector database containing sensitive personal information. The leaked data likely includes personally identifiable information (PII) such as names, identification numbers, addresses, and possibly other sensitive demographic or biometric data. The breach was publicly disclosed via a Reddit post on the InfoSecNews subreddit, referencing an external news source (securityaffairs.com), which confirms the incident's authenticity and newsworthiness. There is no indication of known exploits in the wild related to this breach, nor are there patch links or specific affected software versions mentioned. The breach's high severity classification reflects the potential for widespread identity theft, fraud, and privacy violations for the affected population. Given the absence of detailed technical indicators, the breach likely resulted from either a compromise of government infrastructure, insider threats, or inadequate security controls protecting citizen data repositories.

Detailed information about Paraguay Suffered Data Breach: 7.4 Million Citizen Records Leaked on Dark Web. Get real-time updates, technical details, and mitigati

Paraguay Suffered Data Breach: 7.4 Million Citizen Records Leaked on Dark Web - Live Threat Intelligence - Threat Radar | OffSeq.com

Paraguay Suffered Data Breach: 7.4 Million Citizen Records Leaked on Dark Web

Reddit Discussion: Paraguay Suffered Data Breach: 7.4 Million Citizen Records Leaked on Dark Web

Discord flaw lets hackers reuse expired invites in malware campaign

Source: https://www.bleepingcomputer.com/news/security/discord-flaw-lets-hackers-reuse-expired-invites-in-malware-campaign/

A recently identified security flaw in Discord, a widely used communication platform, enables attackers to reuse expired invite links as part of a malware distribution campaign. Discord invite links are typically designed to grant access to specific servers for a limited time or number of uses. However, this flaw allows malicious actors to circumvent these restrictions by reactivating or reusing invites that should have been invalidated. Attackers exploit this vulnerability by embedding these reused expired invites within malware campaigns, potentially tricking users into joining malicious Discord servers. These servers can then be used to distribute malware payloads, coordinate further attacks, or conduct phishing and social engineering operations. While the exact technical mechanism behind the flaw is not detailed, the impact is significant because it undermines the trust model of Discord’s invite system, a core feature relied upon for secure community access control. The campaign leveraging this flaw is currently active, though no known exploits have been publicly documented or widely observed in the wild yet. The threat is classified as high severity due to the potential for malware propagation and the broad user base of Discord, which includes many organizations and individuals globally. The minimal discussion level and low Reddit score suggest that the vulnerability is newly discovered and not yet extensively analyzed or mitigated. Given Discord’s integration in many professional and social environments, this flaw presents a novel attack vector for threat actors to infiltrate networks and deliver malicious payloads under the guise of legitimate invites.

Detailed information about Discord flaw lets hackers reuse expired invites in malware campaign. Get real-time updates, technical details, and mitigation strateg

Discord flaw lets hackers reuse expired invites in malware campaign - Live Threat Intelligence - Threat Radar | OffSeq.com

Discord flaw lets hackers reuse expired invites in malware campaign

Reddit Discussion: Discord flaw lets hackers reuse expired invites in malware campaign

Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month

Source: https://thehackernews.com/2025/06/over-269000-websites-infected-with.html

In June 2025, a significant malware campaign involving the JSFireTruck JavaScript malware was reported, infecting over 269,000 websites within a single month. JSFireTruck is a malicious JavaScript payload that is typically injected into vulnerable websites to execute unauthorized scripts on visitors' browsers. This malware often serves as a delivery mechanism for further attacks such as drive-by downloads, cryptojacking, data theft, or redirecting users to phishing or exploit sites. The infection vector commonly involves exploiting vulnerabilities in website content management systems (CMS), third-party plugins, or weak administrative credentials, allowing attackers to insert the malicious JavaScript code into web pages. Once embedded, the malware executes client-side, potentially compromising the confidentiality and integrity of user data, degrading website availability, and damaging the reputation of the affected sites. The rapid scale of infection—over a quarter million sites in just one month—indicates either automated mass exploitation or widespread vulnerabilities in popular web platforms. Although no specific affected versions or CVEs are identified, the malware's propagation suggests a broad attack surface, possibly targeting common web technologies such as WordPress, Joomla, or Drupal. No known exploits in the wild are explicitly documented, but the high infection count implies active exploitation. The minimal discussion level and limited technical details from the source (a Reddit InfoSecNews post referencing TheHackerNews) highlight the need for further investigation and monitoring. Given the nature of JavaScript malware, the threat primarily impacts web server integrity and client-side security, with potential downstream effects on user trust and compliance with data protection regulations.

Detailed information about Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month. Get real-time updates, technical details, and mitiga

Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month - Live Threat Intelligence - Threat Radar | OffSeq.com

Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month

Reddit Discussion: Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month

Victoria’s Secret restores critical systems after cyberattack

Source: https://www.bleepingcomputer.com/news/security/victorias-secret-restores-critical-systems-after-cyberattack/

Victoria's Secret, a major global retailer specializing in lingerie and beauty products, recently experienced a cyberattack that impacted its critical systems. According to publicly available information sourced from a trusted cybersecurity news outlet (BleepingComputer) and discussed on Reddit's InfoSecNews community, the company has since restored its critical systems following the incident. While specific technical details about the attack vector, malware used, or exploited vulnerabilities have not been disclosed, the incident's classification as a 'critical' severity event indicates a significant disruption to Victoria's Secret's operational infrastructure. Given the nature of the business, critical systems likely include point-of-sale (POS) systems, inventory management, e-commerce platforms, and internal corporate networks. The attack may have involved ransomware, data exfiltration, or service disruption tactics, which are common in retail sector cyberattacks. The lack of known exploits in the wild and minimal discussion on technical forums suggests the attack may have been targeted or contained without widespread propagation. However, the restoration effort underscores the potential for operational downtime, financial loss, and reputational damage. The absence of detailed indicators or patch information limits the ability to pinpoint exact attack mechanisms, but the incident highlights the ongoing threat landscape facing large retail organizations with complex IT environments.

Detailed information about Victoria’s Secret restores critical systems after cyberattack. Get real-time updates, technical details, and mitigation strategies.

Victoria’s Secret restores critical systems after cyberattack - Live Threat Intelligence - Threat Radar | OffSeq.com

Victoria’s Secret restores critical systems after cyberattack

Reddit Discussion: Victoria’s Secret restores critical systems after cyberattack

Ransomware Gang Exploits SimpleHelp RMM to Compromise Utility Billing

Source: https://www.infosecurity-magazine.com/news/ransomware-simplehelp-compromise/

This threat involves a ransomware gang exploiting vulnerabilities or misconfigurations in SimpleHelp Remote Monitoring and Management (RMM) software to compromise utility billing systems. SimpleHelp RMM is a remote support and management tool used by IT administrators to remotely access and manage client systems. The exploitation likely involves gaining unauthorized access to the RMM platform, which provides extensive control over targeted networks. Once inside, attackers can manipulate or disrupt utility billing operations, potentially encrypting data or deploying ransomware payloads to extort victims. Although specific affected versions or technical vulnerability details are not provided, the attack vector centers on leveraging the trust and privileged access granted by the RMM software. The targeting of utility billing systems indicates a strategic focus on critical infrastructure, where disruption can have significant operational and financial consequences. The ransomware component suggests that attackers aim to encrypt billing data or systems, demanding ransom payments to restore access. The source of this information is a recent report from infosecurity-magazine.com, referenced via a Reddit InfoSecNews post, indicating the threat is emerging and under active observation but with minimal public discussion or detailed technical disclosures at this time. No known exploits in the wild have been confirmed yet, but the high severity rating underscores the potential risk if exploited. The lack of patch information suggests that mitigation may rely on configuration hardening, monitoring, and incident response readiness rather than immediate software updates.

Detailed information about Ransomware Gang Exploits SimpleHelp RMM to Compromise Utility Billing. Get real-time updates, technical details, and mitigation strat

Ransomware Gang Exploits SimpleHelp RMM to Compromise Utility Billing - Live Threat Intelligence - Threat Radar | OffSeq.com

Ransomware Gang Exploits SimpleHelp RMM to Compromise Utility Billing

Reddit Discussion: Ransomware Gang Exploits SimpleHelp RMM to Compromise Utility Billing

Inside a Dark Adtech Empire Fed by Fake CAPTCHAs

Source: https://krebsonsecurity.com/2025/06/inside-a-dark-adtech-empire-fed-by-fake-captchas/

The threat titled "Inside a Dark Adtech Empire Fed by Fake CAPTCHAs" describes a sophisticated phishing operation leveraging deceptive CAPTCHA challenges to exploit victims. This campaign is linked to an advanced persistent threat (APT) group operating within the adtech ecosystem, where fake CAPTCHAs are used as a vector to trick users into divulging sensitive information or installing malicious payloads. The attack likely involves presenting users with counterfeit CAPTCHA prompts that appear legitimate but are designed to harvest credentials, session tokens, or deliver malware. The use of fake CAPTCHAs is particularly insidious because CAPTCHAs are commonly trusted security mechanisms intended to differentiate humans from bots, thus users may be less suspicious when interacting with them. This threat operates in the advertising technology domain, which is complex and involves multiple intermediaries, increasing the potential attack surface. Although no specific affected software versions or exploits in the wild are documented, the high severity rating and association with an APT suggest a well-resourced and targeted campaign. The threat was reported on a trusted cybersecurity news platform (KrebsOnSecurity) and discussed minimally on Reddit's InfoSecNews subreddit, indicating it is a recent and emerging concern. The lack of detailed technical indicators limits precise attribution or detection signatures, but the modus operandi centers on social engineering via fake CAPTCHA interfaces embedded within adtech channels.

Detailed information about Inside a Dark Adtech Empire Fed by Fake CAPTCHAs. Get real-time updates, technical details, and mitigation strategies.

Title	Severity	Type	Source	Date

Threats Tagged 'high-priority'

Filter Threats

Threats Tagged 'high-priority'