Zero Day Wire

GS7 Threat Group Targets Fortune 500 Financial Institutions With Near-Perfect Brand Impersonation in Operation DoppelBrand

Threats

GS7 Threat Group Targets Fortune 500 Financial Institutions With Near-Perfect Brand Impersonation in Operation DoppelBrand

A financially motivated threat group tracked as GS7 has been running a large-scale phishing operation against Fortune 500 financial institutions, constructing near-perfect replicas of corporate login portals to harvest credentials and deploy remote access tools, according to research published by SOCRadar. The campaign, dubbed Operation DoppelBrand, was first observed between

By Zero Day Wire
Infostealers Begin Targeting OpenClaw AI Agent Configuration Files, Stealing Gateway Tokens and Cryptographic Keys

Threats

Infostealers Begin Targeting OpenClaw AI Agent Configuration Files, Stealing Gateway Tokens and Cryptographic Keys

Information-stealing malware has been caught exfiltrating configuration files from OpenClaw, the rapidly growing open-source AI agent platform, in what researchers describe as the first observed case of infostealers targeting AI agent infrastructure. "This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser

By Zero Day Wire
Hijacked Google Ads and Fake Claude AI Guides Used to Deliver MacSync Infostealer Through ClickFix Campaign

Threats

Hijacked Google Ads and Fake Claude AI Guides Used to Deliver MacSync Infostealer Through ClickFix Campaign

Attackers are hijacking verified Google Ads accounts and abusing a public Claude AI artifact page to deliver the MacSync infostealer to macOS users through ClickFix social engineering, according to researchers at Moonlock Lab. The campaign combines three distinct social engineering layers — hijacked advertising infrastructure, trusted AI platform content, and Terminal

By Zero Day Wire
ShinyHunters Claims 600,000 Customer Records From Canada Goose as Third-Party Payment Processor Breach

Breaches

ShinyHunters Claims 600,000 Customer Records From Canada Goose as Third-Party Payment Processor Breach

Data extortion group ShinyHunters has published over 600,000 customer records from Canadian luxury outerwear brand Canada Goose, including personal information, partial payment card data, and detailed e-commerce order histories. Canada Goose, a Toronto-based brand founded in 1957 with a global retail footprint and nearly 4,000 employees, confirmed awareness

By Zero Day Wire
BeyondTrust CVSS 9.9 Pre-Auth RCE Now Exploited in the Wild as Attackers Target Remote Access Infrastructure

Alerts

BeyondTrust CVSS 9.9 Pre-Auth RCE Now Exploited in the Wild as Attackers Target Remote Access Infrastructure

Threat actors have begun actively exploiting a critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances, with exploitation detected across global sensor networks overnight. "Overnight we observed first in-the-wild exploitation of BeyondTrust across our global sensors," said Ryan Dewhurst, head of threat

By Zero Day Wire
Lazarus Group Poisons npm and PyPI With Fake Recruitment Campaign Deploying Token-Based RAT

Threats

Lazarus Group Poisons npm and PyPI With Fake Recruitment Campaign Deploying Token-Based RAT

The North Korea-linked Lazarus Group has been planting malicious packages across both npm and PyPI repositories through an elaborate fake recruitment campaign targeting developers in the blockchain and cryptocurrency space, deploying a modular remote access trojan with a command-and-control mechanism unique to North Korean operations. ReversingLabs researchers discovered the campaign,

By Zero Day Wire
30 Fake AI Chrome Extensions With 300,000 Installs Caught Stealing Credentials, Gmail Data, and Audio

Breaches

30 Fake AI Chrome Extensions With 300,000 Installs Caught Stealing Credentials, Gmail Data, and Audio

Thirty malicious Chrome extensions with a combined 300,000 installations have been caught masquerading as AI assistants while stealing credentials, email content, browsing data, and even activating voice recognition to capture audio from victim environments. Researchers at browser security platform LayerX discovered the campaign, dubbed AiFrame, and confirmed all 30

By Zero Day Wire