Tag
5 articles covering Campaign Analysis across campaign analysis, detection engineering, and defender tradecraft.
Field Analysis
SentinelOne's writeup of the SHub Reaper macOS stealer shows the ClickFix family adapting to platform hardening. When macOS Tahoe 26.4 closed the Terminal-based path, the operators moved to the applescript:// URL scheme and Script Editor instead.
Read more:SentinelOneBleepingComputer
Field Analysis
Recent exploitation of CVE-2026-35616 turned FortiClient EMS into a malware delivery channel, pushing an EKZ credential stealer through trusted endpoint management paths.
Read more:Arctic WolfArctic Wolf
Field Analysis
A reported exploitation wave against Ghost CMS pushed malicious JavaScript onto more than 700 sites, sending visitors into fake verification flows that used ClickFix-style paste-and-run instructions.
Read more:The Hacker NewsMalwarebytes Labs
Field Analysis
A phishing wave impersonating Signal Support pressures targets to hand over the 64-character recovery key that protects their encrypted backups, harvesting a secret directly inside the trusted app with no link to detonate.
Read more:TechCrunchMalwarebytes
Field Analysis
Microsoft detailed an April 2026 campaign that wrapped credential theft in HR disciplinary language, used a CAPTCHA as an anti-analysis gate, and stole tokens through an adversary-in-the-middle proxy.
Read more:Microsoft Security BlogThe Hacker News