A critical security vulnerability was discovered in an aviation company’s infrastructure. The flaw involved an unauthenticated API endpoint embedded in a JavaScript file, which issued Microsoft Graph tokens with elevated privileges.

A phishing campaign where threat actors mimicked the legit pdfcandy[.]com site to distribute malware. Users were tricked into running a PowerShell command, triggering the download of a ZIP payload containing ArechClient2.

CloudSEK researchers discovered a sophisticated malware campaign aimed at YouTube creators through spearphishing. The attackers exploit trusted brand names and professional collaboration offers to deliver malicious attachments.

In a recent development, analysts at CloudSEK have discovered the much maligned use of black hat Search Engine Poisoning by threat actors, to push Rummy and Investment focused websites to unsuspecting users.

Dubbed the “Bait & Switch Mode,” the tactic involves registering Zendesk subdomains, integrating phishing pages on those subdomains, and exploiting Zendesk brand trust to bypass email spam filters.

The malware, disguised as legitimate documents like contracts or promotional materials, is often delivered through password-protected files hosted on platforms such as OneDrive to evade detection.

The Lumma Stealer malware is being distributed through deceptive human verification pages that trick Windows users into running malicious PowerShell commands, leading to sensitive information theft.