A reported campaign called ChocoPoC turns the normal rush for fresh exploit code into an infection path, using fake GitHub PoC repositories to deliver a Python RAT and target browser-stored secrets.
A malware campaign identified as Fileless Phantom Stealer combines memory-only execution with anti-analysis behavior while focusing on browser credentials, a pattern that complicates file-based detection.
A newly surfaced stealer shows how credential theft is being sold as a subscription business, with a web panel, a builder, and Cloudflare-fronted infrastructure.
A reported Python-based Windows infostealer combines browser credential theft, cookie harvesting, and Discord webhook exfiltration, showing how ordinary user data can become the fastest path to account takeover.
A reported Vidar Stealer campaign is said to target user credentials, but the visible evidence stops short of proving the North Korea-linked attribution attached to it.