🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
CATEGORIES

Adversary Intelligence

Articles in Blog Posts

February 2, 2026

Cross-Border Cryptocurrency Investment Scam Leveraging Social Messaging Channels and Fake Regulatory Credentials

CloudSEK researchers have uncovered ZHGUI, a sophisticated China-linked cryptocurrency scam targeting Southeast Asian investors. Disguised as a compliant U.S. exchange using fake regulatory credentials, ZHGUI employs "pig-butchering" social engineering and mirror-exchange infrastructure to siphon millions in USDT. Discover the technical indicators and on-chain evidence behind this global fraud network.

Written by

Irshad Ahamed

January 27, 2026

Pivoting From PayTool: Tracking Various Frauds and E-Crime Targeting Canada

CloudSEK’s latest investigation exposes a rapidly evolving fraud ecosystem targeting Canadians through highly convincing impersonation of government services and trusted national brands. From fake traffic fines and tax refunds to airline bookings and parcel delivery alerts, attackers are scaling operations using shared infrastructure and phishing-as-a-service models. The report reveals how urgency and institutional trust are weaponized—and what organizations must do to stay ahead.

Written by

Jainam Shah

January 21, 2026

Inside MacSync's Script-Driven Stealer and Hardware Wallet App Trojanization

MacSync is a stealthy macOS infostealer delivered through a ClickFix-style phishing lure that tricks users into pasting a single Terminal command. Once executed, it harvests passwords, browser data, crypto wallets, and even trojanizes trusted hardware wallet apps like Ledger and Trezor—turning familiar software into long-term phishing tools

Written by

Dharani Sanjaiy

January 15, 2026

HUMINT Operations Uncover Cryptojacking Campaign: Discord-Based Distribution of Clipboard Hijacking Malware Targeting Cryptocurrency Communities

CloudSEK has exposed RedLineCyber, a threat actor infiltrating Discord to distribute Pro.exe. This "clipboard hijacker" silently monitors your system, swapping your destination wallet address for the attacker’s the moment you paste. Targeting streamers and gamers, this stealthy malware operates without a network footprint—making it nearly invisible until your assets are gone.

Written by

CloudSEK Threat Intelligence

January 8, 2026

Reborn in Rust: Muddy Water Evolves Tooling with RustyWater Implant

CloudSEK's TRIAD recently identified a spear-phishing campaign attributed to the Muddy Water APT group targeting multiple sectors across the Middle East, including diplomatic, maritime, financial, and telecom entities. The campaign uses icon spoofing and malicious Word documents to deliver "RustyWater," a Rust-based implant representing a significant upgrade to their traditional toolkit

Written by

Prajwal Awasthi

December 29, 2025

RondoDoX Botnet Weaponizes React2Shell

CloudSEK’s report details a persistent nine-month RondoDoX botnet campaign targeting IoT devices and web applications. Recently, the threat actors have shifted to weaponizing a critical Next.js vulnerability, deploying malicious payloads like "React2Shell" and cryptominers. This analysis offers crucial insights into their evolving infrastructure and provides defensive recommendations to mitigate these sophisticated attacks.

Written by

Koushik Pal

Articles in Threat Intelligence

November 15, 2023

Critical CSRF Vulnerability in IBM CICS TX - CVE-2023-42027 Demands Immediate Action

CVE-2023-42027 IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multi platforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts

November 6, 2023

CVE-2023-43792 baserCMS is a website development framework vulnerable to Code Injection attacks

CVE-2023-43792 is a code injection vulnerability in the mail form of baserCMS versions 4.6.0 to 4.7.6. This vulnerability allows an attacker to inject arbitrary code into the baserCMS application, which could then be executed by other users of the application.

November 6, 2023

CVE-2023-4197 Vulnerability in Dolibarr ERP CRM 18.0.1 Allows PHP Code Injection

CVE-2023-4197 Improper input validation in Dolibarr ERP CRM v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code

September 8, 2023

Hoze shell script dropped along with XMRig miners on misconfigured SSH Servers by Brute Forcing

CloudSEK’s Threat Intelligence Team uncovered a campaign, actively running from the past 1.8 years, that attacks and brute forces the SSH. 

September 4, 2023

3,20,000+ Patient Records From Ayush Jharkhand Gov. In Shared On Dark Web Hacking Forums

A hacker known as Tanaka has exposed over 320,000 patient records from ayush.jharkhand.gov.in, detailing personal and medical information. The 7.3 MB database leak includes sensitive data from the AYUSH ministry's site

August 28, 2023

Rogue Scripts Are Exploiting OTP Verification APIs To Send Heaps of OTP SMSes, Hold The Potential Of Triggering Service Disruptions.

Discover how CloudSEK's AI-powered XVigil platform identified concerning GitHub repositories mentioning Indian companies and their APIs.

Join 10,000+ subscribers

Keep up with the latest news about strains of Malware, Phishing Lures,
Indicators of Compromise, and Data Leaks.