Archiv für April 2026

How to Detect Brand Impersonation Attacks Early: A Step by Step Monitoring GuideBrand impersonation rarely starts with a loud signal. It usually begins with a lookalike domain, a copied login page, a fake social profile, or a rogue mobile app that appears credible enough to fool users before security teams spot it.That is what makes […]

How Are You Blocking Open Source Reconnaissance Tools?Today, a large portion of internet traffic is generated by automated systems that continuously scan and interact with internet-facing infrastructure. These systems are known as reconnaissance tools, or benign scanners, and are designed to map the internet for legitimate purposes, such as security research, vulnerability discovery, and service […]

Inside Handala’s Hack on the FBI Director The digital battlefield is heating up, and this time, the crosshairs have landed on one of the highest-ranking law enforcement officials in the United States. In a brazen move that blends cyber espionage with psychological warfare, the hacktivist group known as “Handala” recently breached the personal email account […]

Alleged Crypto Leads, Android Spyware, Mossad Leak, Binance Data, Nakamura ListingSOCRadar’s Dark Web Team identified several new underground posts this week, including a global “crypto leads” dataset advertised for sale, an Android spyware listing, and politically framed claims of a Mossad-related database leak. Additional posts promoted an alleged Binance user dataset with PII and login […]

Axios npm Hijack 2026: Everything You Need to Know – IOCs, Impact & RemediationOn March 31, 2026, a threat actor hijacked the npm account of the lead Axios maintainer and published two malicious versions of one of the world’s most popular JavaScript libraries – Axios (~100M weekly downloads). The malicious versions contained a hidden dependency […]

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-3055 Citrix NetScaler Out-of-Bounds Read Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk […]

   Notification This report is provided „as is“ for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in this bulletin or otherwise. This document is marked TLP:CLEAR–Recipients may share this […]

Infamous Chisel–A collection of components associated with Sandworm designed to enable remote access and exfiltrate information from Android phones. Executive Summary Infamous Chisel is a collection of components targeting Android devices. This malware is associated with Sandworm activity. It performs periodic scanning of files and network information for exfiltration. System and application configuration files are […]

   Notification This report is provided „as is“ for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in this bulletin or otherwise. This document is marked TLP:CLEAR–Recipients may share this […]

   Notification This report is provided „as is“ for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in this bulletin or otherwise. This document is marked TLP:CLEAR–Recipients may share this […]