Tag

Credential-Harvesting

3 briefs RSS

Atomic Arch Campaign Leverages Orphaned AUR Packages for Linux Payload Deployment

The Atomic Arch campaign compromises orphaned Arch User Repository (AUR) packages, modifying their PKGBUILDs to install malicious npm/Bun dependencies like 'atomic-lockfile,' which deploy a Linux payload with credential harvesting, eBPF-based stealth, anti-debugging, and data exfiltration capabilities, impacting approximately 1,500 packages.

Arch User Repository +2 supply-chain-attack npm bun linux malware credential-harvesting eBPF rootkit +1

3r 14t 6i 6d ago

high advisory

SaaS Notification Pipeline Abuse for Phishing and Spam Campaigns

3 rules 1 TTP 2 IOCs

Attackers are abusing notification pipelines in SaaS platforms like GitHub and Jira to deliver phishing and spam emails by exploiting legitimate platform features and bypassing traditional email security measures.

saas-abuse phishing credential-harvesting github jira

3r 1t 2i Apr 7, 2026

medium advisory

Democratization of Business Email Compromise (BEC) Attacks

2 rules 2 TTPs 1 CVE 6 IOCs

Attackers are leveraging AI to rapidly reconnoiter and tailor content for smaller organizations, making it easier to execute business email compromise (BEC) scams and scam smaller sums from many victims, as demonstrated by a recent attack targeting a small community organization.

business-email-compromise bec ai social-engineering credential-harvesting exploitation

2r 2t 1c 6i Apr 3, 2026