CloudSEK Updates

A fileless AsyncRAT campaign is targeting German-speaking users via a fake “I’m not a robot” prompt that executes malicious PowerShell code. Delivered through Clickfix-themed sites, it abuses system utilities to load obfuscated C# code in memory, enabling full remote access and credential theft. It persists via registry keys and communicates with a C2 server on port 4444. Organizations should block suspicious PowerShell activity and scan memory for threats.

CloudSEK researchers have uncovered a sophisticated campaign leveraging typo-squatted “Spectrum” domains to spread a new Atomic macOS Stealer (AMOS) variant. Disguised as a CAPTCHA verification, the attack uses dynamic payloads tailored to the victim's OS—stealing passwords, bypassing macOS security, and executing malware. With Russian-language comments found in the code and flawed delivery logic, the campaign reflects both growing cross-platform ambitions and rushed execution. Dive into how this multi-platform threat operates—and why your organization should stay alert.

CloudSEK’s latest investigation uncovers how APT36 (aka Transparent Tribe) is using VPS provider Contabo to host malicious infrastructure linked to CapraRAT and Crimson RAT. One of their latest tactics? Disguising spyware as the popular messaging app Viber—armed with permissions to record calls, read messages, track location, and more. Read how we traced the infrastructure, identified key Indicators of Compromise, and uncovered the full extent of this Android surveillance campaign.

An unsecured API endpoint buried inside a JavaScript file gave attackers the keys to the kingdom—direct access to sensitive Microsoft Graph data of thousands of employees, including top executives. CloudSEK’s BeVigil platform uncovered how this silent slip could lead to identity theft, phishing attacks, and regulatory nightmares. Here’s how it unfolded—and what your organization must do to stay safe.

A single misconfigured endpoint. That’s all it took to expose root-level server access, hardcoded credentials, and sensitive configs of a major travel platform. In this gripping exposé, CloudSEK’s BeVigil unpacks how a seemingly minor oversight escalated into a full-blown Local File Inclusion (LFI) vulnerability—no authentication required. From source code leaks to credential harvesting, discover how attackers could’ve breached the entire infrastructure—and what your organization must do to avoid the same fate.

CloudSEK has raised $19 million in its Series B1 funding rounds to accelerate global expansion and advance its AI-driven threat intelligence platform. With backing from top global investors like MassMutual Ventures, Commvault, and Tenacity Ventures, the company aims to redefine cybersecurity by predicting and neutralizing threats before they escalate. Trusted by over 250 enterprises across critical sectors, CloudSEK’s proactive approach—focusing on initial attack vectors like leaked credentials and exposed APIs—has earned it industry acclaim and rapid global growth, particularly in the U.S.

CloudSEK’s XVigil platform averted a major data breach at a leading IT training company after detecting exposed credentials in a public GitHub repository. These credentials provided access to the firm’s internal Resource Management System (RMS), which controlled critical operations such as salary processing and policy approvals. Had they been misused, sensitive employee data and financial systems could’ve been compromised. Thanks to CloudSEK’s swift intervention—including credential revocation, repository lockdown, and multi-factor authentication—the breach was prevented, and no data was lost. This incident highlights how real-time threat detection and rapid response can protect businesses from costly cyber incidents.

In May 2025, multiple Pakistan-linked hacktivist groups claimed over 100 cyberattacks on Indian government, education, and critical infrastructure websites. But CloudSEK’s investigation reveals most of these breaches were exaggerated or fake—ranging from recycled data leaks to defacements that left no real impact. While DDoS attacks barely caused a few minutes of disruption, the real threat came from APT36, which used Crimson RAT malware to target Indian defense networks after the Pahalgam terror attack. This report separates fact from fiction—unmasking the hype, tactics, and real risks behind the India-Pakistan cyber conflict. Read the full analysis to know what truly happened.

Right before Mother’s Day sales, a hidden flaw in a vendor’s dashboard exposed the personal and payment data of 375,000+ online shoppers—live, in real time. From Shopify tokens to refund metadata, everything was up for grabs. Here’s how CloudSEK’s SVigil stepped in just in time to prevent a massive e-commerce data disaster.