LIVE_FEED
--:--:--[HIGH]shop-***-deals.comMagecart skimmer (Group 7)// US-EAST--:--:--[HIGH]wp-***-blog.netDrive-by iframe → exploit kit// EU-WEST--:--:--[MEDIUM]cdn-***-helper.ioObfuscated cryptominer (CoinIMP)// AP-SOUTH--:--:--[HIGH]auth-***-login.coCredential phishing kit (16shop)// EU-CENTRAL--:--:--[MEDIUM]media-***-files.orgMalicious redirect chain → ClickFix// US-WEST--:--:--[HIGH]support-***-desk.comFakeUpdates / SocGholish payload// US-EAST--:--:--[LOW]track-***-pixel.appUnauthorized 3rd-party tracker// EU-NORTH--:--:--[MEDIUM]img-***-host.ruDrive-by download (TLD reputation)// EU-EAST--:--:--[HIGH]api-***-stats.xyzC2 beacon (Cobalt Strike profile)// AP-EAST--:--:--[LOW]promo-***-coupon.shopAffiliate cloaking + cookie stuff// US-CENTRAL--:--:--[HIGH]shop-***-deals.comMagecart skimmer (Group 7)// US-EAST--:--:--[HIGH]wp-***-blog.netDrive-by iframe → exploit kit// EU-WEST--:--:--[MEDIUM]cdn-***-helper.ioObfuscated cryptominer (CoinIMP)// AP-SOUTH--:--:--[HIGH]auth-***-login.coCredential phishing kit (16shop)// EU-CENTRAL--:--:--[MEDIUM]media-***-files.orgMalicious redirect chain → ClickFix// US-WEST--:--:--[HIGH]support-***-desk.comFakeUpdates / SocGholish payload// US-EAST--:--:--[LOW]track-***-pixel.appUnauthorized 3rd-party tracker// EU-NORTH--:--:--[MEDIUM]img-***-host.ruDrive-by download (TLD reputation)// EU-EAST--:--:--[HIGH]api-***-stats.xyzC2 beacon (Cobalt Strike profile)// AP-EAST--:--:--[LOW]promo-***-coupon.shopAffiliate cloaking + cookie stuff// US-CENTRAL
threat_intel

Бележки от полето от пайплайна за откриване

Подробни статии за семействата зловреден софтуер, които виждаме в продукция, инженерните решения зад скенера и случайни post-mortem анализи на инфраструктурата.

Detection8 мин. четене

Detecting Magecart Skimmers in 2026: What Changed After Group 12

Modern card-skimmers are no longer found in obvious <script> tags. Here's how we detect them inside service workers, WASM blobs, and lazy-imported chunks.

2026-05-11
Threat Intelligence6 мин. четене

Anatomy of the 'Fake CAPTCHA → ClickFix' Lure

A 90-second walkthrough of one of the most effective social-engineering chains of the year, with the full MITM transcript from a live detection.

2026-04-28
Engineering5 мин. четене

Why We Settled on a 5-Minute Scan Interval (Not 1 Minute)

Faster isn't always better. Here's the math behind detection latency, crawler footprint, and the tradeoffs with client budgets.

2026-04-14
Detection9 мин. четене

Formjacking Explained: How Attackers Steal Card Data on Checkout Pages

Formjacking doesn't require a breach of your server — a single compromised third-party script is enough. Here's the full anatomy and what actually stops the attack.

2026-06-02
Threat Intelligence10 мин. четене

Web Skimming in 2026: A Defender's Complete Guide

Magecart, formjacking, and service-worker skimmers are one threat family. Here's what web skimming looks like today and what monitoring actually stops it.

2026-05-26
Engineering8 мин. четене

Client-Side Security: The Attack Surface Your WAF Doesn't See

Your WAF guards your origin. But most modern website attacks live in the visitor's browser, over third-party code. Here's why client-side security is a distinct discipline.

2026-05-19
Engineering7 мин. четене

What Is a Malware Domain Blocklist (and How We Merge 500+ Sources)

A blocklist is only as good as its sources and update frequency. Here's how we consolidate over 500 feeds into a single solution at every scan.

2026-05-12