Proofpoint
Coverage of Proofpoint in the Nexus archive.
- Suspected Chinese espionage group used a Roundcube exploit chain to burrow into universities
China-aligned attackers exploited Roundcube vulnerabilities to breach U.S. and Canadian university networks, targeting physics and engineering departments to steal data and establish persistent access. The campaign, linked to the UNK_MassTraction cluster, used CVE-2024-42009 and CVE-2025-49113 to execute JavaScript and gain mailserver access via phishing emails.
- Gizmodo readers hit with ClickFix malware prompts after account compromise
Gizmodo confirmed a security incident where a compromised account injected a malicious script, briefly displaying ClickFix malware prompts on its site. The attack, linked to ErrTraffic's ClickFix-as-a-service, targeted users with OS-specific payloads, including NetSupport RAT for Windows and a broken macOS version. Gizmodo resolved the issue by removing the script and securing the account.
- Authorities disrupt Evil Corp’s SocGholish botnet
Authorities disrupted Evil Corp’s SocGholish botnet, a malware framework used since 2017 to steal data and deploy ransomware. The multinational takedown involved seizing 106 servers, remediating 15,000 infected websites, and disabling the botnet linked to ransomware variants like DoppelPaymer and LockBit.
- FBI warns about fast-growing phishing kit targeting Microsoft 365 users
The FBI warns about Kali365, a phishing-as-a-service platform targeting Microsoft 365 users by bypassing multi-factor authentication through OAuth device code phishing. The tool enables cybercriminals to steal access tokens, leading to data theft, ransomware, and other attacks. Researchers note its rapid growth, AI-driven tactics, and low barriers for less-technical attackers.