ALL POSTS

Key Findings Crunchyroll experienced a data breach in March 2026 affecting approximately 6.8 million users Attackers gained unauthorized access to the company's Zendesk support system Exposed data included names, login credentials, email addresses, IP addresses, geographic location data, and support ticket contents A subset of 1.2 million email addresses from a larger 2 million record dataset was later provided to Have I Been Pwned 1,195,684 breached accounts were confirmed i

Key Findings Seven malicious npm packages tracked as "Ghost campaign" designed to steal cryptocurrency wallets and credentials Packages use sophisticated social engineering tactics including fake installation logs and sudo password phishing Attack chain culminates in remote access trojan capable of harvesting sensitive data and awaiting attacker commands Activity shares overlap with GhostClaw campaign, suggesting possible connection between threat actors Packages published un

Key Findings VVS Stealer is a Python-based malware that steals Discord credentials and tokens It has been sold on Telegram since at least April 2025 The malware uses the source code obfuscator Pyarmor to heavily obfuscate its Python code, hindering analysis and detection Background VVS Stealer is marketed on Telegram as the "ultimate stealer" and is sold via subscriptions or licenses, starting at €10 per week up to €199 for lifetime access The malware can steal Discord data,