After careful analysis, we believe the best option for remediation is to turn off the computers and go for a nice walk. Maybe call your mother.
I
ifin@infosec.exchange
@ifin@infosec.exchange
Posts
-
After careful analysis, we believe the best option for remediation is to turn off the computers and go for a nice walk. -
What is going on today??What is going on today??
We're also tracking #CopyFail.
Copy Fail: 732 Bytes to Root on Every Major Linux Distributions
CVE-2026-31431 Confirmed the exploit. It’s real.
IFIN (discourse.ifin.network)
-
We have a CVE and confirmed exploitation for the cPanel vulnerability.We have a CVE and confirmed exploitation for the cPanel vulnerability.
CVE-2026-41960. Action is to patch affected versions and review access logs.
CVE-2026-41960: cPanel auth bypass EITW
This is gonna burn some folks. https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026
IFIN (discourse.ifin.network)
-
Looks like we have another #supplychain attack underway, this time facing #SAP-related NPM packages.Looks like we have another #supplychain attack underway, this time facing #SAP-related NPM packages.
SAP npm Packages targeted with Credential-stealing Malware
So far, four SAP-related npm packages have been compromised where the preinstall scripts inject malicious preinstall hooks that bootstrap the Bun JavaScript runtime and executes an obfuscated credential stealer payload (…
IFIN (discourse.ifin.network)
-
This is why we're saying we have to look out for each other:This is why we're saying we have to look out for each other:
https://fed.brid.gy/r/https://bsky.app/profile/did:plc:gdxiuhym6fvbhxo5uhiohmyy/post/3mkncgm5xuk26
-
Did you know our Threat Intel channel publishes to #ActivityPub?Did you know our Threat Intel channel publishes to #ActivityPub? We're serious about the "Federated" in "Independent Federated Intelligence Network!" This is the firehose of all posts in our "Threat Intel" category.
-
Tell your friends.Tell your friends. Mess around with the single field we ask for during onboarding, and we will toss you. If you don't take this seriously, we have no reason to expect you to respect our community's safety.
-
We've been on a tear adding new sources to our RSS aggregator!We've been on a tear adding new sources to our RSS aggregator! All the cyber news that's fit to print, in one place: https://news.ifin.network
-
Got a certificate of achievement from the bot on @ifin after leveling up and I'm shocked at the psychology going on behind the scenes@stroz Yessssss
-
Bitwarden's CLI NPM package was hijacked and used to spread credential stealer malware.Bitwarden's CLI NPM package was hijacked and used to spread credential stealer malware. This is related to the previous Checkmarx compromise.
We'll be updating this thread as always with new information. Come join the effort!
TeamPCP Campaign Spreads to npm via a Hijacked Bitwarden CLI
From: Kill Chain: The root package.json advertises @bitwarden/cli version 2026.4.0, while the embedded application metadata in build/bw.js still references 2026.3.0. That mismatch strongly suggests the malicious pac…
IFIN (discourse.ifin.network)
-
The best time to block api@julie New-ish. We had a report of some ClickFix activity that used it, and was related to a recent Elastic report.
https://discourse.ifin.network/t/phantompulse-rat-macos-using-clickfix/302
-
The best time to block apiThe best time to block api.telegram[.]org was like, I dunno, five years ago? The second best time to do it is now.
Seriously. Cross that one off the easy wins list today.
-
Thanks to some excellent reporting from Infostealers by Hudson Rock, we know a context[.]ai employee was seeking Roblox cheats when they got hit with LummaStealer, leading to the initial breach which impacted Vercel.RE: https://infosec.exchange/@ifin/116432853020620365
Thanks to some excellent reporting from Infostealers by Hudson Rock, we know a context[.]ai employee was seeking Roblox cheats when they got hit with LummaStealer, leading to the initial breach which impacted Vercel.
-
Today we're talking about another (???) issue in the Cursor AI IDE.Today we're talking about another (???) issue in the Cursor AI IDE. Well actually it's two issues, one of which is simple command injection; the other is takeover via Dev tunnels. Don't know what dev tunnels are? Come find out—then block them with extreme prejudice.
-
#Vercel update.#Vercel update. We now know, thanks to Vercel's CEO, that the compromise came by way of the context[.]ai Office Suite, using OAuth tokens collected from a breach last month. Details here:
-
#Vercel customers: don't wait.We're actively tracking developments here: https://discourse.ifin.network/t/vercel-confirms-breach-as-hackers-claim-to-be-selling-stolen-data/293
-
#Vercel customers: don't wait.#Vercel customers: don't wait. Proactively rotate keys, passwords and environment variables ASAP.
https://vercel.com/kb/bulletin/vercel-april-2026-security-incident
-
We've been tracking #Iran cyber activity since the beginning of March, consolidating high-value intelligence into a single thread.We've been tracking #Iran cyber activity since the beginning of March, consolidating high-value intelligence into a single thread. One of the most comprehensive resources on the topic, if we do say so ourselves.
Iran Conflict: Cyber Threat Activity
Let’s do the thing, shall we? Questions to consider: What are the current cyber capabilities of Iran and its proxies? What are the exigent cyber risks of retaliation in response to the US/Israel attacks? Most public …
IFIN (discourse.ifin.network)
-
Seems like we all want to care for and protect each other.Seems like we all want to care for and protect each other. We just needed a place and permission.
Let's change cyber threat intelligence for the better.
-
After working on it a bit, we have a fix for a recent #ClickFix attack against #macOS that leverages AppleScript.After working on it a bit, we have a fix for a recent #ClickFix attack against #macOS that leverages AppleScript. Here's the writeup, and a link to the forum thread!
https://ifin-intel.org/blog/applescript/
#ThreatIntel ThreatIntelligence #IFIN