Stolen Gemini API Keys Fuel Automated Telegram Influence Campaign
A long-running Telegram influence and fraud campaign where a solo threat actor leveraged stolen Google Gemini API keys and jailbroken AI to automate content ...
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
82 articles found
A long-running Telegram influence and fraud campaign where a solo threat actor leveraged stolen Google Gemini API keys and jailbroken AI to automate content ...
A large-scale software supply chain attack has compromised multiple official npm packages under the @redhat-cloud-services scope, exposing thousands of devel...
MokN's approach utilizes ultra-realistic decoy access points, a technique they call "phish-back," designed to trap threat actors and allow organizations to n...
MokN's platform deploys realistic decoy access points to lure attackers into revealing compromised credentials, enabling organizations to respond before abus...
A newly identified threat actor tracked as JINX-0164 is targeting cryptocurrency organizations through sophisticated LinkedIn-based social engineering campai...
As AI accelerates phishing, session hijacking, and credential abuse, security teams are racing to close the gap between attacker speed and defensive response...
Phishing campaigns are entering a new phase as attackers abandon traditional SMS delivery and static credential theft in favor of encrypted messaging channel...
Patching practices are coming under intense pressure of late, as time-to-exploit windows accelerate — a new reality likely to worsen as AI assistance in atta...
Jailbroken Gemini AI has been weaponised in a long-running campaign that combined political influence, credential theft, and a cryptocurrency wallet heist, a...
A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence server for credential theft and id...
SafeDep uncovered the Megalodon attack targeting 5,561 GitHub repositories with malicious CI workflows and cloud credential theft.
For almost 20 years, stolen credentials have been the most common route for attackers into organizations, according to the Verizon Data Breach Investigations...
A large-scale phishing campaign leveraging fake event invitations is actively targeting U.S.
Compromised @antv npm packages deploy the Mini Shai-Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes durin...
Vulnerability exploitation has overtaken stolen credentials as the most common way attackers gain initial access to target networks, according to the 2026 Ve...
Verizon’s 2026 DBIR finds vulnerability exploitation has overtaken credential abuse as the leading breach vector, as AI accelerates attacks, patching delays ...
A newly discovered infostealer called VoidStealer is raising concerns after researchers revealed it can bypass Google Chrome’s App-Bound Encryption (ABE), a ...
Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft without using malware. This incident...
Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files and ...
A new phishing campaign uncovered in late April 2026 shows how threat actors behind the Tycoon 2FA Phishing-as-a-Service (PhaaS) kit are evolving beyond trad...