Blogs and Articles

Uncover how an 18-day honeypot captured 15 million automated attacks targeting telephony ecosystems in the "Copy of SIP Honeypot Report.pdf". Download the full report to expose active VoIP fraud networks and access 277,632 recovered attacker passwords.

An exposed attacker server has revealed FortiBleed’s complete operation—from credential harvesting and GPU-powered cracking to network intrusion and access sales. CloudSEK’s analysis separates verified compromises from inflated claims, uncovering what the attackers actually achieved.

An exposed attacker server revealed the inner workings of Operation Escaneo—a sophisticated campaign targeting Latin American governments and financial institutions. CloudSEK maps its custom tools, exploitation chain, persistence tactics and suspected links to MexicanMafia. Read the full investigation.

BlueKit is turning phishing into a subscription business, offering 87 ready-made kits, automated account takeover and stealthy peer-to-peer infrastructure. CloudSEK’s investigation reveals how this mature PhaaS platform helps even low-skilled criminals target banks, cloud services and global brands.

As the FIFA World Cup 2026 begins, a highly sophisticated, Chinese-origin threat operation is targeting global football fans. Utilizing pixel-perfect website clones, a multi-tenant reseller network, and an active Man-in-the-Middle framework, these actors intercept payment details and bypass SMS-based two-factor authentication in real time to completely compromise accounts.

Cybercriminals are now targeting real e-commerce checkout pages, not just fake websites. This report reveals how a WooCommerce skimmer silently steals card details during genuine payments. Read the full report to understand the hidden risk.

A real-world AIVigil finding from a customer environment. One unprotected AI integration endpoint with no login required. An attacker chained Server-Side Request Forgery, Local File Inclusion, and live AWS credential exfiltration into a potential full infrastructure takeover. This is how it happened, and how AIVigil found it first.

CloudSEK’s report exposes a highly sophisticated, seasonal IPL online betting scam ecosystem. Fraudsters deploy clone platforms, celebrity AI deepfakes, and blackhat SEO tactics to exploit government domains and trap unsuspecting fans. Sustained by money mule networks, bulk advertisements, and predatory fake loan apps, this industry intentionally blocks user withdrawals, causing severe financial losses and blackmail.

CloudSEK TRIAD uncovered a sophisticated npm supply chain attack using a typosquatted package, crypto-javascri, to mimic crypto-js. The malware steals npm and GitHub credentials, hijacks maintainer accounts, republishes trojanized packages, and uses Tor-based command-and-control. The campaign targets Linux developer systems and CI/CD environments, creating serious downstream supply chain risk.