🔴 A threat isn't much of a threat if it can't reach the right victims. 📦 That's why many modern threat actors rely on cloakers and traffic distribution systems (TDS) to target, route, and hide at scale. In a six‑month joint effort analyzing four months of data with Confiant, we identified 15,500 domains configured to Keitaro instances and actively used in cyber campaigns. Keitaro is a legitimate ad tracker, but it is frequently misused by cybercriminals as an all‑in‑one tracker + TDS + cloaker in scam and malware campaigns. We encounter Keitaro in our investigations nearly every day, and we set out to quantify that abuse in the broader landscape. We're publishing a three‑part series to share what we learned. Part 1 focuses on a subset of actors who leverage AI in their operations, most of whom are tied to investment scams. At the end of the report, you'll find a link to our github repository that contains thousands of related Keitaro iocs.

https://www.infoblox.com/blog/threat-intelligence/inside-keitaro-abuse-a-persistent-stream-of-ai-driven-investment-scams/

#dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #scam #ai #keitaro #adtech #tds #trafficdistributionsystem #cloaker #cloaking #landscape #malvertising

📱Smishing Slows, Quishing Quickens 🎣

Sick of smishing and those pesky parking/toll texts? Don’t get caught by crafty, counterfeit court QR codes — it’s a scan-and-scam! 💳 🚨

North American cell phone users are being hit with yet another wave of smishing campaigns that now include quishing elements. Likely orchestrated by Chinese-speaking threat actors, this latest campaign builds on previous vehicular violations, evolving tactics while impersonating US courts. 🧑‍⚖️

We’ve recently seen a flurry of SMS messages pushing parking violations — but with a twist: face justice in court… or scan and pay instead!

Delivered as an official-looking image, the actor has begun integrating QR codes into these lures to help mask suspicious phishing URLs, baiting victims into entering personal information, credentials, and ultimately making payments.

For some, this lure may sound better than facing justice for their perceived poor parking. Victims who don't comply are warned that failure to appear or pay could have serious repercussions - a scare tactic designed to push you toward a hasty decision and scanning the QR code! 🫣

We uncovered thousands of these nefarious domains, through their use of Registered Domain Generation Algorithms (RDGAs) and local government impersonation, hosted across a diverse range of hosting providers to evade takedown.

Recent examples:
⛔ ahfgx[.]icu
⛔ euoyq[.]icu
⛔ htpze[.]icu
⛔ mwlaj[.]icu

Friendly reminder - courts don't usually communicate with you via text. That said, we suspect this actor will continue to evolve, expanding their global reach and diversifying lures while improving tradecraft used in smishing and quishing delivery. As for us, we'll take our chances on evading that bench warrant and running from the law. 🏃‍♂️‍➡️

#dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #phishing #smishing #quishing

Heads up you code maintainers who take submissions from people, delete unicode characters. See this: https://arstechnica.com/security/2026/03/supply-chain-attack-using-invisible-code-hits-github-and-other-repositories/ Yes, people put back doors in code using unicode characters that don't show up on the screen. #infosec #foss #github

Heads up you code maintainers who take submissions from people, delete unicode characters. See this: https://arstechnica.com/security/2026/03/supply-chain-attack-using-invisible-code-hits-github-and-other-repositories/ Yes, people put back doors in code using unicode characters that don't show up on the screen. #infosec #foss #github

Activist: "Should we put our phones in airplane mode when we're doing activist stuff?"
Me: [responds with two pages of text about threat modeling, risk assessment, levels of protection, current and future threats]
I don't think most people realize how hard it is to give people simple, straightforward cybersecurity guidance.
There's a huge risk in erring on the side of caution: people finding your recommendations burdensome and doing _nothing_ as a result.
#infosec
(1/2)

How I ended up summarizing my pages of advice, which didn't even cover everything I wanted to cover:
"If you're doing something about which you're worried about the government coming after you or the people you're with now or in the future, it might be prudent to leave your phone home, or turn it off and not turn it back on until you're back home unless there's an emergency."
#infosec
(2/2)

Activist: "Should we put our phones in airplane mode when we're doing activist stuff?"
Me: [responds with two pages of text about threat modeling, risk assessment, levels of protection, current and future threats]
I don't think most people realize how hard it is to give people simple, straightforward cybersecurity guidance.
There's a huge risk in erring on the side of caution: people finding your recommendations burdensome and doing _nothing_ as a result.
#infosec
(1/2)

The 'multipart' #python library got an independent #security audit and I only know about that because they found something -> CVE-2026-28356

This is great, actually! Someone looked into it so thoroughly that they found an obscure single-character issue in a regular expression ... and didn't find anything else! Which means I can now be really confident about the security of this library. Nice!

#cve #infosec #sansio

Instagram is getting rid of end-to-end encrypted messages after May 8, 2026, arguing that people barely used the feature, which is not enabled by default and only available in some areas. Here's more from @Engadget.

https://flip.it/abqNJ-

#Instagram #InfoSec #Meta #Tech

HackerHaus is having an online mini-con tomorrow!

Live streaming via YouTube and the recording will be available after.

https://www.hackerhaus.io/con

#InfoSec #InformationSecurity

HackerHaus is having an online mini-con tomorrow!

Live streaming via YouTube and the recording will be available after.

https://www.hackerhaus.io/con

#InfoSec #InformationSecurity

Is this the first time a major service has removed end-to-end encryption instead of adding it? Why Instagram?

#instagram #socialmedia #privacy #infosec #technology #enshittification

"We’ve been saying this for years now, and we’re going to keep saying it until the message finally sinks in: mandatory age verification creates massive, centralized honeypots of sensitive biometric data that will inevitably be breached. Every single time. And every single time it happens, the politicians who mandated these systems and the companies that built them act shocked—shocked!—that collecting enormous databases of government IDs, facial scans, and biometric data from millions of people turns out to be a security nightmare."

https://www.techdirt.com/2026/02/25/hackers-expose-the-massive-surveillance-stack-hiding-inside-your-age-verification-check/

#Discord #AgeVerification #Infosec

Is this the first time a major service has removed end-to-end encryption instead of adding it? Why Instagram?

#instagram #socialmedia #privacy #infosec #technology #enshittification

"We’ve been saying this for years now, and we’re going to keep saying it until the message finally sinks in: mandatory age verification creates massive, centralized honeypots of sensitive biometric data that will inevitably be breached. Every single time. And every single time it happens, the politicians who mandated these systems and the companies that built them act shocked—shocked!—that collecting enormous databases of government IDs, facial scans, and biometric data from millions of people turns out to be a security nightmare."

https://www.techdirt.com/2026/02/25/hackers-expose-the-massive-surveillance-stack-hiding-inside-your-age-verification-check/

#Discord #AgeVerification #Infosec