Cyber Skiv

🚨 Hackers turned hijacked cloud servers into a hidden email-sending network. AWS. Google Cloud. Azure. PCPJack tested which hosts could send mail, kept the working ones, and synced the proxy list every 5 minutes. What they planned to use it for is still unknown. The setup was still live when found. Learn more: https://t.co/avKbZCohkR

🌍 Cloudflare Turnstile Bypass Source Code Shared on Cybercrime Forum * A threat actor has publicly shared source code claiming to bypass Cloudflare Turnstile challenges * According to the post, the implementation is described as: * Browser-based only * Not intended for direct HTTP request automation * Released publicly to forum members * The actor further claims they may release additional CAPTCHA-related bypass tools in the future, including solutions targeting other challenge systems * Cloudflare Turnstile is widely deployed across websites to mitigate: * Automated bot activity * Credential stuffing attacks * Account creation abuse * Web scraping operations * Fraud and spam campaigns * Public availability of CAPTCHA bypass tooling can lower the barrier of entry for threat actors seeking to automate malicious activity against protected websites * Organizations relying solely on CAPTCHA-based controls should assume that challenge systems may eventually be bypassed and implement layered defenses including: * Behavioral analytics * Device fingerprinting * Rate limiting * Bot management solutions * Risk-based authentication * Multi-factor authentication (MFA) * Daily Dark Web has not independently analyzed or verified the effectiveness of the released source code Analyst Note: The growing trend of publicly shared CAPTCHA bypass frameworks highlights a broader reality: security controls that depend on a single defensive layer rarely remain effective for long. Modern bot operators increasingly combine browser automation, residential proxies, AI-assisted solving services, and anti-detection techniques to emulate legitimate users at scale. #DDW #Intelligence #Cloudflare #DarkWeb

Attackers are targeting open-source software ecosystems at scale, using coordinated and repeatable approaches that take advantage of dependency chains and maintainer trust models to distribute malicious packages across widely used registries. https://t.co/Gh6lgCtIHM The use of AI is reducing barriers to entry, enabling high‑volume package creation and faster iteration of malicious code. At the same time, shifts in coding patterns and tooling behaviors can provide defenders with signals to better identify and track adversary activity. These campaigns increasingly focus on the software supply chain itself, targeting the tools, libraries, and pipelines used to build and distribute applications. As a result, a single compromised component can propagate across complex dependency trees and significantly expand impact. Learn more from Microsoft Security’s Allie Luhrs and Mario Samolis from their talk at this year’s Blue Hat USA on the Microsoft Threat Intelligence Podcast, hosted by Sherrod DeGrippo.

🚨 Hackers spent 5 MONTHS quietly copying a senior executive’s Outlook mailbox at a major Global Stock Exchange. They ran with SYSTEM privileges and used a custom tool based on the legitimate Aspose library to export emails in small batches, routing the data through Dropbox and OneDrive to blend in with normal traffic. Learn more: https://t.co/5WOxQUjTRv

Microsoft has identified a npm supply chain compromise impacting 90+ redhat-cloud-services/* packages, including patch-client 4.0.4, insights-client 4.0.4, rbac-client 9.0.3, host-inventory-client 5.0.3, frontend-components 7.7.2, and others. The payload is a self-propagating worm that infects other npm packages and self-publishes. Each compromised package adds a malicious preinstall hook, embedding an index.js script in the package.json that silently executes “node index.js” during installation, downloads Bun, and runs a payload that steals secrets from npm, GitHub, Amazon Web Services (AWS), and Secure Shell (SSH). The added code bloats index.js from ~8KB to ~4.3MB, acting as a heavily obfuscated ROT-9 eval loader. If any of the compromised packages are installed, users and organizations should assume compromise, rotate credentials, revert to a previously trusted version, and block compromised packages. Identified compromised npm packages have been taken down, and we continue to work with the npm team. Microsoft continues to investigate this attack and will publish updates as more information is available.