VNVũ Nhật Lâminblog.fiscybersec.com·2d ago · 7 min read"Atomic Arch": 400+ AUR Packages Hijacked to Deliver an eBPF Rootkit and InfostealerExecutive Summary An attacker spoofing a trusted maintainer on the Arch User Repository (AUR) adopted and trojanized more than 408 packages — and according to Sonatype, the figure may have reached rou00
RPRudra Ponksheinblog.realrudrap.dev·4d ago · 16 min readThe Media Player that wasn'tContinuing from the first part of the series, where I left off with the DEX file from r_4dfb.bin, it claimed to be a media player. Spoiler alert, it wasn't, and it never was Cracking the container He20
RRelayShieldAdmininrelayshield.hashnode.dev·6d ago · 4 min readYour Mac Told You to Run a Command. You Did. Now Your Passwords Are Gone.The macOS ClickFix attack nobody warned you about and what to do if you've been hit. A new attack targeting Mac users is spreading fast, and it works by doing something almost no one expects: it asks00
RRelayShieldAdmininrelayshield.hashnode.dev·Jun 18 · 5 min read24 Billion Credentials Just Leaked — Is Yours in There?Researchers found one of the largest credential databases ever exposed. Here's what was inside, who's at risk, and what to do right now. On June 12th, Cybernews researchers discovered an exposed Elast00
RRelayShieldAdmininrelayshield.hashnode.dev·Jun 15 · 4 min readOnyxC2: When $250/Month Buys Everything on Your Employees' DevicesA new Malware-as-a-Service platform called OnyxC2 just raised the stakes for every SMB owner with remote workers. For $250 a month a criminal gets a fully operational credential-theft and remote-acces00
JTJeff Tonginwind010.hashnode.dev·Jun 12 · 15 min readMalicious Binary Reverse EngineeringI'm no Low Level (Ed) or John Hammond. I'm at the point where it's a skills issue. I need some guidance. Initially, I tried to get have Claude Codede to analyze the malicious repository with instructi00
RRelayShieldAdmininrelayshield.hashnode.dev·Jun 12 · 4 min readHackers Don't Break In Anymore. They Log In.There's a line from the security research community that cuts through the noise better than any statistic: "Hackers no longer force open the side-window when infostealers can give them a key to the fr00
RRelayShieldAdmininrelayshield.hashnode.dev·Jun 10 · 4 min readReaper Malware BlogIf Your Mac Runs Ledger, MetaMask, or Exodus, Reaper Is Coming for Your Wallet A new macOS infostealer called Reaper is targeting crypto users through fake download pages for apps like WeChat and Miro00
4F404 Foundersin404-founders.com·May 20 · 6 min readSHub Reaper: macOS Infostealer Hiding Behind Fake Apple Security UpdatesMacOS users love one sentence: “But I’m on a Mac.” Attackers love it too. A new SHub infostealer variant, called Reaper, is a useful reminder that macOS is part of the modern threat economy. If a mach00
VNVũ Nhật Lâminblog.fiscybersec.com·Apr 29 · 18 min readTrojanized Google Antigravity: When the Real Installer Is the Attacker's Best WeaponExecutive Summary On April 21, 2026, Malwarebytes documented a campaign distributing an infostealer disguised as the Google Antigravity installer — an AI coding tool launched in November 2025 that qui00