Threats Tagged 't1098'
View all threats tagged with 't1098'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 't1098'
Click on any threat for detailed analysis and mitigation recommendations
Customer CRM Data Accessed in Supply Chain Incident 0 LastPass experienced a supply chain security incident involving Klue, a third-party market intelligence platform integrated with its Salesforce and Gong systems. An unauthorized actor exploited stolen OAuth tokens from Klue to access customer relationship management data within LastPass's Salesforce environment. Exposed data includes customer names, email addresses, phone numbers, physical addresses, support case data, and sales records. No Gong data or encrypted vault data was accessed. LastPass has terminated Klue's access, rotated compromised API tokens, and is cooperating with law enforcement while warning customers about potential phishing risks. Join the discussion | AlienVault OTX General | 06/23/2026, 16:31:05 UTC Added: 06/23/2026, 19:24:39 UTC |
From Token Bingo to MAX Takeover: Kali365 Operator Expands Operation Across Microsoft Outlook, Okta, Xerox DocuShare, and Other Services 0 A significant expansion of the Kali365 phishing-as-a-service operation has been observed, now targeting multiple platforms beyond Microsoft 365. The operator abuses OAuth 2.0 device authorization flows to bypass MFA and steal authentication tokens. Key discoveries include a live command-and-control panel infrastructure, a phishing campaign impersonating MAX Messenger (Russia's state-backed messaging platform with 110 million users) through fake prize-claim flows, and a cluster of 126 malicious hosts impersonating services including Microsoft Outlook, Okta SSO, Xerox DocuShare, Mail.ru, Yandex Disk, and Odnoklassniki. The operation demonstrates a deliberate focus on Russian consumer platforms alongside Western enterprise targets, utilizing Telegram bots for credential exfiltration and employing a multi-tenant phishing platform distributed through Telegram channels. Join the discussion | AlienVault OTX General | 06/02/2026, 19:07:01 UTC Added: 06/03/2026, 09:33:37 UTC |
Typosquatted npm packages used to steal cloud and CI/CD secrets 0 A supply chain attack targeting the npm ecosystem was identified involving 14 malicious packages published under the alias vpmdhaj. These packages typosquat well-known OpenSearch, ElasticSearch, and DevOps libraries, executing malicious payloads through npm lifecycle hooks during installation. The attack deploys a two-stage credential harvesting operation that targets AWS credentials, HashiCorp Vault tokens, GitHub Actions secrets, and npm publish tokens. The malware queries AWS Instance Metadata Service, ECS task metadata, and enumerates AWS Secrets Manager across multiple regions. Two stager variants were observed: an HTTP-based C2 beacon and a stealthier version abusing the legitimate Bun runtime. The stolen credentials enable cloud lateral movement and downstream supply chain attacks through compromised npm maintainer identities, specifically targeting developers working with cloud and CI/CD infrastructure. Join the discussion | AlienVault OTX General | 05/29/2026, 06:11:38 UTC Added: 05/29/2026, 10:48:34 UTC |
Showing 1 to 3 of 3 results