Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threats Tagged 't1203'

View all threats tagged with 't1203'. Filter and sort to focus on specific types of threats.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.
Active filters (1):Tag: t1203

Threats Tagged 't1203'

Click on any threat for detailed analysis and mitigation recommendations

Threat Insight: Cybercriminals Abusing Vercel to Deliver Remote Access Malware
0

Cybercriminals are abusing the legitimate Vercel hosting platform to conduct phishing campaigns. They send emails with links to fake Adobe PDF viewer pages that prompt users to download disguised executable files. The malware installs LogMeIn remote access software, allowing attackers to control compromised machines remotely. Over two months, more than 28 campaigns targeted over 1,271 users. The use of a trusted platform complicates detection and increases the risk of successful attacks.

Join the discussion
Okendo Reviews Supply Chain Attack
0

On May 14, 2026, a supply chain attack was discovered targeting the Okendo Reviews widget, a customer review platform used by over 18,000 brands. The threat actor injected malicious JavaScript code into the legitimate widget, which is deployed on high-traffic e-commerce pages including storefronts and product pages. The compromised JavaScript acted as a staged loader, using obfuscation, localStorage tracking, User-Agent filtering, and XOR-based decoding to conceal next-stage infrastructure. The attack employed ClickFix-style social engineering to deceive users into executing malicious commands, ultimately delivering remote access trojans like NetSupport and Remcos, or information stealers such as StealC. Affected websites received hundreds of thousands to millions of monthly visitors, with nearly 15,000 blocks recorded in a single day.

Join the discussion
May 2026 Infostealer Trend Report
0

This analysis covers infostealer distribution trends observed during May 2026, based on automated collection systems and diagnostic logs. Distribution occurred primarily through illegal software disguised as cracks and keygens, as well as email campaigns. ACRStealer, Remus, and LummaC2 were most prevalent, with distribution via domains including Mediafire and AWS S3 buckets. Microsoft was the most impersonated company, followed by Auslogics and NVIDIA. EXE files represented 78.9% of execution types, while DLL side-loading accounted for 21.1%. macOS environments saw ClickFix techniques and malicious Bash scripts, with 142 scripts and 12 C2 domains identified. Email campaigns distributed AgentTesla and DarkCloud. Remus showed significant growth, comprising 36% of distributions. LummaC2 remained the most prevalent overall variant.

Join the discussion
Sayonara, SocGholish: Operation Endgame Disrupts Major Cybercrime Operation
0

Global law enforcement, including agencies from the Netherlands, Canada, United States, and Germany, coordinated Operation Endgame to disrupt TA569, a prominent cybercriminal group tracked since 2018. The operation targeted SocGholish infrastructure, taking down over 100 servers and domains while remediating 14,971 compromised websites. TA569 pioneered web inject techniques using fake browser updates to distribute malware, often leading to ransomware attacks. The group compromised high-traffic websites across multiple industries, affecting millions of visitors globally. Their attack chains involved traffic distribution systems like Keitaro TDS and ParrotTDS, delivering GhoLoader payloads that could lead to ransomware deployment in enterprise environments. Law enforcement actions included server disruption and website disinfection, significantly impacting the threat actor's operations, infrastructure, and reputation within the cybercriminal ecosystem.

Join the discussion

Showing 1 to 4 of 4 results

Filters:Tag: t1203
Page 1 of 1
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses