CloudSEK researchers’ investigation discovered that the CoinEgg Scam/cryptocurrency scam was conducted by threat actors. We discovered an on-going malicious scheme involving multiple payment gateway domains and Android-based applications, used to lure unsuspecting individuals into a mass gambling scam.

CloudSEK team identified a post on a cybercrime forum where a threat actor posted the database of Rail Coach Factory, Kapurthala, India for free.

BeVigil has detected leaked Slack webhooks in one of the applications being monitored. Exposed webhooks can be leveraged to access sensitive data and also propagate phishing messages.

CloudSEK team has uncovered a banking trojan, with improvised modus operandi, where the threat actor or a group of threat actors host a simple online complaint portal having the domains like online-complaint[.]com or customer-complaint[.]com and target Indian banking customers.

XVigil has identified a surge in phishing sites hosted using reverse tunnel services. In this report, we delve into how threat actors use reverse tunnel services, along with URL shorteners, to orchestrate widespread campaigns, without leaving any traces.

DragonForce Malaysia has shared an exploit to bypass the Windows Server LPE LDR for targeting and exploiting Indian servers. The group has also shared a working PoC (Proof of Concept) video to substantiate their claims.

CloudSEK’s contextual AI digital risk platform XVigil has identified an increase in instances of organizations exposing Swagger user interfaces. Many of these instances have high exploitability risks.

XVigil identified a post on an English-speaking cybercrime forum mentioning Jenkins as one of the TTPs used by a threat actor. This module has hidden desktop takeover capabilities to get clicks on ads.