Threat Research
From ChatBot To SpyBot: ChatGPT Post Exploitation
In the second installment of our blog post series on ChatGPT, we delve deeper into the security implications that come with the integration of AI into our daily routines. Building on the ...
Suspicious NuGet package grabs data from industrial systems
A recent scan by ReversingLabs of the open source package manager NuGet uncovered a suspicious package, SqzrFramework480, that may be targeting developers working with technology made by a China-based firm that does ...
New Sysrv Botnet Variant Makes Use of Google Subdomain to Spread XMRig Miner
Sysrv is a well-documented botnet first identified in 2020, with the main payload being a worm written in Golang. It drops a cryptominer onto infected hosts before attempting to propagate itself using ...
How DataDome Protected a Leading E-Learning Platform from a Massive DDoS Attack
A leading e-learning platform recently faced a 2 billion request massive DDoS attack. Learn how DataDome's anti-DDoS mode stopped the attack in its tracks, keeping the customer safe ...
How DataDome Protected a Major Asian Gaming Platform from a 3-Week, Distributed Credential Stuffing Attack
A major Asian gaming platform recently faced a 3-week distributed credential stuffing attack. Learn how DataDome stopped the attack in its tracks, keeping the customer and their users safe ...
BIPClip: Malicious PyPI packages target crypto wallet recovery passwords
ReversingLabs has identified a new, malicious campaign consisting of seven different open source packages with 19 different versions on the Python Package Index (PyPI), with the oldest package dating back to December, ...
How DataDome’s Anti-DDoS Mode Protected a Leading US News Website
A leading US news website recently faced a layer 7 DDoS attack. Learn how DataDome's anti-DDoS mode stopped the attack in its tracks, keeping the customer safe ...
Meet Silver SAML: Golden SAML in the Cloud
Key findings Golden SAML is a known attack technique discovered by CyberArk and published by Shaked Reiner. For years, Golden SAML has been known for its extraction of signing certificates... The post ...
Attackers leverage PyPI to sideload malicious DLLs
ReversingLabs researchers have observed a clear trend in which open-source platforms and code have become the stage for a growing and diverse range of malicious activity and campaigns. This trend includes hosting ...
Python’s Colorama Typosquatting Meets ‘Fade Stealer’ Malware
As our hunt against malicious Python packages continues, Imperva Threat Research recently discovered an attempt to masquerade Fade Stealer malware as a nondescript package, Colorama. Why Colorama? Colorama is a package used ...