🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
CATEGORIES

Adversary Intelligence

Articles in Blog Posts

March 18, 2026

Opportunistic threat actors using Ramadan coupon as a lure to target retail store customers in Middle East

A new malware campaign is exploiting Ramadan shopping sentiment, luring Middle East users with fake discount coupons from trusted brands. Behind the offer lies a multi-stage attack that deploys a powerful RAT, enabling full system control and stealthy data exfiltration via AWS. The campaign highlights how seasonal themes and trusted brands are being weaponized at scale.

Written by

Ayush Panwar

March 17, 2026

Weaponizing LSPosed: Remote SMS Injection and Identity Spoofing in Modern Payment Ecosystems

LSPosed, a powerful framework for rooted Android devices, has been weaponized by attackers to remotely inject fraudulent SMS messages and spoof user identities in modern payment ecosystems. This report exposes a critical vulnerability: the exploitation of LSPosed modules to intercept and modify sensitive system APIs, enabling precise identity theft and unauthorized financial transactions. It reveals the devastating potential of this technique for large-scale payment fraud and identity takeover.

Written by

Shobhit Mishra

March 16, 2026

Southeast Asia Region-specific Iran-israel war Threat Intelligence

The February 28 launch of Operation Epic Fury has pushed the Iran–Israel conflict into an open multi-domain war. While the strikes occurred in the Middle East, the ripple effects are already reaching Southeast Asia, where cyber operations, energy disruptions, financial sanctions, and geopolitical tensions could create immediate risk for governments, businesses, and critical infrastructure. This briefing explains why the region may soon find itself on the frontline of a wider cyber and economic confrontation.

Written by

Irshad Ahamed

March 6, 2026

AI, the Iran-US Conflict, and the Threat to US Critical Infrastructure

More than 60 Iranian-aligned cyber groups mobilized within hours of the February 28, 2026 Iran-US escalation, as AI tools sharply lowered the barrier to targeting America’s internet-exposed critical infrastructure. The report shows how exposed ICS systems, default credentials, and AI-assisted reconnaissance are converging into a fast-growing national security risk.

Written by

Ibrahim Saify

March 5, 2026

A Threat Actor Landscape Assessment of ICS/OT Targeting in the 2026 Iran-US Conflict AND THE SCALE OF THE RISK

The 28 February 2026 strikes accelerated an existing cyber threat to U.S. critical infrastructure, rather than creating it. This report examines who is targeting industrial control systems (ICS), how attacks are carried out, and the scale of the exposed attack surface. Critical infrastructure is a prime retaliation target due to high civilian impact, a large number of internet-exposed ICS devices, and long-standing underinvestment in OT cybersecurity.

Written by

Ibrahim Saify

March 3, 2026

RedAlert Trojan Campaign: Fake Emergency Alert App Spread via SMS Spoofing Israeli Home Front Command

CloudSEK has uncovered a malicious SMS spoofing campaign spreading a fake version of Israel’s “Red Alert” emergency app amid the ongoing conflict. Disguised as a trusted warning platform, the trojanized Android app can steal SMS, contacts, and location data while appearing legitimate. The report highlights how cybercriminals are weaponising public fear during crises to deploy mobile spyware with serious security and real-world implications.

Written by

Shobhit Mishra

Articles in Threat Intelligence

November 15, 2023

Critical CSRF Vulnerability in IBM CICS TX - CVE-2023-42027 Demands Immediate Action

CVE-2023-42027 IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multi platforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts

November 6, 2023

CVE-2023-43792 baserCMS is a website development framework vulnerable to Code Injection attacks

CVE-2023-43792 is a code injection vulnerability in the mail form of baserCMS versions 4.6.0 to 4.7.6. This vulnerability allows an attacker to inject arbitrary code into the baserCMS application, which could then be executed by other users of the application.

November 6, 2023

CVE-2023-4197 Vulnerability in Dolibarr ERP CRM 18.0.1 Allows PHP Code Injection

CVE-2023-4197 Improper input validation in Dolibarr ERP CRM v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code

September 8, 2023

Hoze shell script dropped along with XMRig miners on misconfigured SSH Servers by Brute Forcing

CloudSEK’s Threat Intelligence Team uncovered a campaign, actively running from the past 1.8 years, that attacks and brute forces the SSH. 

September 4, 2023

3,20,000+ Patient Records From Ayush Jharkhand Gov. In Shared On Dark Web Hacking Forums

A hacker known as Tanaka has exposed over 320,000 patient records from ayush.jharkhand.gov.in, detailing personal and medical information. The 7.3 MB database leak includes sensitive data from the AYUSH ministry's site

August 28, 2023

Rogue Scripts Are Exploiting OTP Verification APIs To Send Heaps of OTP SMSes, Hold The Potential Of Triggering Service Disruptions.

Discover how CloudSEK's AI-powered XVigil platform identified concerning GitHub repositories mentioning Indian companies and their APIs.

Join 10,000+ subscribers

Keep up with the latest news about strains of Malware, Phishing Lures,
Indicators of Compromise, and Data Leaks.