Total Incidents
70
Updated daily
Top Incident Type
Data Leak
Updated daily
Total IOCs (Malware, IP, Domain)
172
Updated daily
Top MITRE ATT&CK
TA0010
Updated daily
| Timestamp | Incident Type | Summary | Threat Actor | Target Technology | Victim | Attack Country | Severity | Full Data |
|---|---|---|---|---|---|---|---|---|
| 2026-04-30 | Crypto |
Eclipse Traffer Team abused EV code-signing certificates issued by Microsoft to Marker Hill Construction Inc across multiple dates to sign crypto-stealing malware. Victims are lured via fake crypto reward platforms (lume-project and ardenfinance) to download malicious desktop builds. These builds execute a Python loader that retrieves additional payloads from C2 infrastructure and ultimately deploys Vidar infostealer. The malware communicates with signpilot.org for staging and callbacks and fetches secondary payloads from 95.216.21.87:82 using HMAC authentication. | Eclipse Traffer | EV CertificatePython |
lume-project.com Usersardenfinance.io Users |
United States |
Critical | |
| 2026-04-29 | Supply Chain |
EV Certificates hacked from Lenovo, Kingston, Shuttle Inc, Palit Microsystems and were issued and used by a Chinese crime group, GoldenEyeDog (APT-Q-27). 12 certs issued like this, 69 for this same malware- Zhong Stealer. From DigiCert incident report: the threat actor used a compromised analyst endpoint to access DigiCert internal support portal. The threat actor used a limited function within the customer-support portal which allows authenticated DigiCert support analysts to access customer accounts from the customers perspective to facilitate support tasks. The threat actor was able to use this function to access initialization codes for orders that were approved but pending delivery for EV Code Signing certificate orders across a finite set of customer accounts. | APT-Q-27 | EV Certificate |
DigiCertLenovoKingstonShuttle IncPalit Microsystems |
United StatesChinaTaiwan |
Critical | |
| 2026-04-29 | Botnet |
DDoS botnet Kamasers has emerged, combining multi-vector DDoS capabilities with a built-in loader function that opens infected systems to ransomware deployment, data theft, and deeper network intrusion. Using Dead Drop Resolver (DDR) mechanism, which uses legitimate public platforms GitHub Gist, Telegram, Dropbox, and Bitbucket as intermediary relays to deliver the actual C2 server address to infected bots. | Kamasers | GraphQLWindowsWeb Servers |
Government & Private Sectors |
SwitzerlandGermanyUkrainePolandFranceUnited States |
Critical | |
| 2026-04-29 | Scam |
Threat actors @25rtog & @consensusvcfund are impersonating venture capital (VC) firms and representatives using fake and compromised Telegram and social media accounts. They build trust over extended periods (~43 days) within crypto communities before launching social engineering attacks. Victims are lured into fake meetings or phishing emails that deliver malware via malicious links or ZIP files containing disguised executables. The campaign leverages account compromise, email spoofing, and community infiltration to spread malware and expand access. | Consensus Capital | Telegram Accounts |
BAYC/MAYC MembersApes |
Any |
Critical | |
| 2026-04-29 | Hacked |
UglyDucklingHack Group claimed- We have successfully infiltrated the MCI operator and the countrys Computer Trade Association, and the details of this action, carried out in protest against the Pro Internet, will be published soon. We have dumped at least 10 GB of organizational data from MCI. | UglyDucklingHack Group | Organization Data |
MCIIran Computer Trade Association |
Iran |
High | |
| 2026-04-29 | Hacked |
A governmental website perpustakaan.pom.go.id of Indonesia hacked by Mr.Spongebob | Spongebob | Website |
RI POM Library |
Indonesia |
Low | |
| 2026-04-28 | Malware |
Malware in ZIP disguising Indian Official Tax Notice. Drops Assessment Letter.zip, which retrieves an additional archive Check.zip from 38.76.199.112 and executes hidden.exe | UNC-INT-273 | PowerShellVBS |
Indian Citizen |
India |
Medium | |
| 2026-04-28 | Crypto |
ZetaChain was hacked. According to the official update, the situation has now been largely contained. The root cause? The GatewayZEVM::call() function on ZetaChain had a cross-chain arbitrary external call vulnerability. Malicious actor deployed a exploit contract on ZetaChain, which emitted a legitimate Called event. Once the Relay picked up the event, the TSS proceeded to execute the malicious transaction on multiple chains, all at the cost of just paying gas fees. Malicious actor: etherscan.io/address/0x00467f5921f1a343b96b9bf71ae7e9054ae72ea4. Exploit contract: zetascan.com/address/0xd9dbEec028C12D2dA09a05C9d26709c0Ec722BC1. | UNC-INT-272 | Web3 |
ZetaChain |
United States |
High | |
| 2026-04-28 | Vulnerability |
Attacker sent phishing email with robinhood.com email address by exploiting a vulnerability in Robinhood signup flow. Robinhood confirmed the phishing email but did not explained how it was done technically. They just acknowledged- This phishing attempt was made possible by an abuse of the account creation flow; it was not a breach of our systems or your account and your personal information and funds were not impacted. | UNC-INT-271 | Signup System |
Robinhood.com |
United States |
Medium | |
| 2026-04-28 | Data Leak |
Udemy had 1.4M email addresses leaked yesterday following an extortion attempt by ShinyHunters. Data included name, address, phone, employer info and instructor payout method. 56% were already in haveibeenpwned. | ShinyHunters | Database |
Udemy |
United States |
High |