Special K

Cybercriminals Leverage Atlassian Cloud for Spam Campaigns Redirecting Targets to Fraudulent Investment Schemes Cybercriminals have launched a sophisticated spam campaign leveraging the trusted infrastructure of Atlassian Cloud. By abusing legitimate features within the platform, attackers are effectively bypassing traditional email security controls to reach high-value targets. This campaign focuses on redirecting users to fraudulent investment schemes, utilizing the inherent trust associated with well-known software-as-a-service providers to deceive recipients. The attacks are highly targeted, focusing on government and corporate entities across various regions, including English, French, German, Italian, Portuguese, and Russian-speaking demographics. Instead of generic spam, these messages are tailored to specific language groups. The ultimate goal is to funnel traffic to malicious landing pages via Keitaro TDS, generating revenue through scams and illicit advertising. Trend Micro researchers identified that this activity became prominent between late December 2025 and January 2026. By operating through established cloud services with strong domain reputations, the attackers ensure their emails pass standard authentication checks like Sender Policy Framework and DomainKeys Identified Mail. This makes detection significantly harder for conventional security filters, which typically prioritize notifications from reputable SaaS platforms. The campaign demonstrates a high level of automation, allowing threat actors to rapidly scale their operations. They create multiple Atlassian instances to distribute their messages, ensuring that even if one instance is blocked, others continue to function. One of the final landing pages of the spam campaign (Source – Trend Micro) This resilience highlights the evolving tactics of modern cybercriminals who weaponize legitimate tools to conduct malicious activities without triggering immediate alarms. Mechanism of Infrastructure Abuse The core of this campaign lies in the ease with which threat actors can provision disposable infrastructure to facilitate their attacks. Attackers initiate the process by creating Atlassian Cloud accounts using randomized naming conventions, enabling them to generate numerous Jira Cloud instances without requiring domain ownership verification. Creating a trial Jira instance (Source – Trend Micro) These instances resolve to legitimate AWS IP addresses shared by valid deployments, further masking the malicious nature of the activity. Attackers rely on the inherent trust of Atlassian-generated emails rather than reinforcing legitimacy through domain registration. Once the infrastructure is in place, the attackers utilize Jira Automation to construct and send crafted emails. Jira Kanban Board allows for the creation of automation rules (Source – Trend Micro) This method allows them to deliver messages directly through Atlassian’s integrated email system, avoiding the need for their own mail servers. The recipients do not need to be listed users within the instance, permitting widespread distribution without exposing the attacker’s true identity or infrastructure. Breakdown of targets by industry (Source – Trend Micro) Organizations should reassess their trust assumptions regarding third-party cloud-generated emails to prevent such abuses. Security teams are advised to deploy advanced email security solutions that provide layered detection and identity-aware controls. These measures are essential to identify and block phishing attempts that exploit trusted SaaS platforms. Additionally, monitoring for indicators of compromise, such as specific URL patterns and redirect chains, can help mitigate these threats effectively. Follow us on  Google News ,  LinkedIn , and  X  to Get More Instant Updates ,  Set CSN as a Preferred Source in  Google . The post Cybercriminals Leverage Atlassian Cloud for Spam Campaigns Redirecting Targets to Fraudulent Investment Schemes appeared first on Cyber Security News .

Cybercriminals Leverage Atlassian Cloud for Spam Campaigns Redirecting Targets to Fraudulent Investment Schemes

Man tricked hundreds of women into handing over Snapchat security codes Hacked Snapchat accounts and secret filming with smart glasses, this week served two reminders of how women’s privacy is still being violated.

Man tricked hundreds of women into handing over Snapchat security codes #cybersecurity #hacking #news #infosec #security #technology #privacy

Breaking news: Officials released new photos in their investigation of Nancy Guthrie’s disappearance, which they say were recovered recently from “backend systems” with the help of private companies. https://wapo.st/4aaKUCj

Have I Been Pwned: Association Nationale des Premiers Secours Data Breach In January 2026, a data breach impacting the French non-profit Association Nationale des Premiers Secours (ANPS) was posted to a hacking forum. The breach exposed 5.6k unique email addresses along wit...

New breach: French non-profit Association Nationale des Premiers Secours (ANPS) had 5.6k unique email addresses exposed last month. Data also included names, dates of birth and places of birth. 69% were already in @haveibeenpwned.com. Read more: haveibeenpwned.com/Breach/ANPS

Have I Been Pwned: Toy Battles Data Breach In February 2026, the online gaming community Toy Battles suffered a data breach. The incident exposed 1k unique email addresses alongside usernames, IP addresses and chat logs. Following the breach, ...

New breach: Gaming community Toy Battles had 1k unique email addresses breached last week. Data also included usernames, IP addresses and chat logs. 49% were already in @haveibeenpwned.com . Read more: haveibeenpwned.com/Breach/ToyBa...

The right wants so bad to be in the Hollywood “in” crowd but they pretend they don’t. Thats why they’re desperate for their Super Bowl show to not suck like it did

THIS 👇 IS TRUE.......

The Artemis II astronauts could fly farther into space than any humans ever before. cbsn.ws/3Zchr4A

Yesterday, five-year-old Liam and his dad Adrian were released from Dilley detention center. I picked them up last night and escorted them back to Minnesota this morning.

Liam is now home. With his hat and his backpack.

ShinyHunters Strike Again: Bumble and Match Group Rocked by Alleged 10 Million-User Data Leak Introduction: A New Shockwave in the Online Dating World The online dating industry is once again under intense scrutiny after notorious hacking collective ShinyHunters claimed responsibility for a major data breach affecting Bumble and Match Group, two of the most influential companies in the global dating app ecosystem. According to cybersecurity monitoring accounts, the attackers allege they accessed internal corporate documents and data tied to up to 10 million users, raising urgent questions about contractor security, third-party risk, and how safely intimate user data is really being handled.

ShinyHunters Strike Again: Bumble and Match Group Rocked by Alleged 10 Million-User Data Leak

Introduction: A New Shockwave in the Online Dating World The online dating industry is once again under intense scrutiny after notorious hacking collective ShinyHunters claimed responsibility for a major…

There have been so many ICE arrests around Downtown Los Angeles, blocks from City Hall and the Kenneth Hahn Hall of Administration. This is LITERALLY RIGHT NEXT TO BOTH!

It's absolutely insane that city and county officials are not intervening when this is happening at their doorsteps.

Catherine O'Hara Dead at 71 Catherine O'Hara -- famous for her work in "Schitt's Creek," "Home Alone," and "Best In Show" -- is dead ... TMZ has learned.

Catherine O'Hara, the actor who starred as Kate McCallister in “Home Alone,” has died at 71, TMZ reports

ICE Is Using Palantir’s AI Tools to Sort Through Tips ICE has been using an AI-powered Palantir system to summarize tips sent to its tip line since last spring, according to a newly released Homeland Security document.

ICYMI: ICE has been using an AI-powered Palantir system to summarize tips sent to its tip line since last spring, according to a newly released Homeland Security document. www.wired.com/story/ice-is...

Walz: I think Kristi Noem probably should go back to South Dakota, not have any dogs, and just kind of ride things out

Europe pushed back on Greenland, but Americans did too. The public, the markets, even some GOP senators spoke up. And Trump backed down. We don't live in a monarchy, we don't live in a dictatorship, and Trump won't be in power forever. Clip from my conversation on The Court of History podcast

Ian Austin, an Army veteran, was arrested for protesting ICE in Minneapolis. But he’s continued protesting. Senior reporter @julialurie.bsky.social spoke to him.

“When they say, ‘Why would you be out here?’ How the fuck could I not be out here?” he says. “My nation is under attack."

It's clarifying to see these chodes with their masks down, asses out for the world to see, and as the irredeemable incel losers that they truly are

REPUBLICAN @SenThomTillis rips Noem & Stephen Miller — He says @KristiNoem is ignoring her job and the Trump regime isn’t helping Americans with disaster relief, and Stephen Miller “never fails to live up to my expectations of incompetence”

(From CNN)

Terrorist attack in Minnesota:

A Trump Zio MAGA attacked US Rep. Ilhan Omar ( @IlhanMN ), the terrorist sprayed her with an unknown substance and was quickly taken down by security. The terrorist timed the attack at the mention of Trump’s ICE paramilitary force. #3E #GoodVsEvil

Man attacking Minnesota rep

A MAGA terrorist at a town hall hosted by Ilhan Omar lunged at her & sprayed her with an unknown substance

Security urged Omar to leave the room & “get checked,” but she said that “is what they want.”

"We will continue," she said. "These fucking assholes are not going to get away with this.”

“He’s killing us in the streets and we still have to pay our taxes in April” is an incredibly compelling point.

‘SyncFuture’ Campaign Weaponizing Legitimate Enterprise Security Software to Deploy Malware In December 2025, threat researchers uncovered an alarming espionage operation targeting residents of India through sophisticated phishing campaigns. The attack, dubbed SyncFuture, demonstrates how cybercriminals can abuse legitimate business software as a vehicle for launching advanced malware attacks. Attackers sent fraudulent emails impersonating India’s Income Tax Department, tricking victims into downloading malicious files containing multiple stages of malicious code. The infection chain reveals remarkable technical sophistication. Victims who opened the files received a ZIP archive containing what appeared to be a government document review tool. Attack Flow (Source – Esentire) Instead, the archive held a weaponized executable that would begin a multi-stage attack sequence designed to gain complete control over infected computers and maintain long-term access. eSentire analysts and researchers identified this campaign and documented how it combines multiple attack techniques to evade security defenses and establish persistent access. Phishing email impersonating Government of India Tax Penalty notice (Source – Esentire) The threat actors employed legitimate Microsoft-signed binaries, automated evasion tactics, and ultimately repurposed a genuine enterprise management platform as their final payload—a particularly troubling indicator of the campaign’s sophistication and resources. Avast Antivirus Evasion Through Automated Mouse Simulation The SyncFuture campaign demonstrates advanced detection evasion tactics, particularly targeting Avast Free Antivirus through a technique most wouldn’t expect from automated malware. When the malware detected Avast running on a victim’s machine, it deployed an innovative approach: simulating mouse movements and clicks to navigate Avast’s interface automatically. Similar themed phishing web page also impersonating Government of India tax document (Source – Esentire) This technique is noteworthy because it shows attackers studying specific antivirus products in detail. The malware would locate the Avast detection dialog window, then programmatically move the cursor to hardcoded screen coordinates and click on options that create security exceptions. By simulating human-like user actions rather than attempting to disable the antivirus entirely, the malware successfully added itself to Avast’s exclusion list, effectively whitelisting the malicious files. Invalid Digital Signature of game-float-core.dll (Source – Esentire) This persistence mechanism allowed the threat actor’s tools to operate undetected by the antivirus software. The batch scripts analyzed contained conditional logic specifically checking whether Avast was running, demonstrating that attackers had thoroughly tested and customized their malware for different antivirus environments. This infection mechanism represents a significant evolution in malware sophistication—moving beyond simple evasion toward targeted manipulation of specific security products to achieve their long-term espionage objectives. Follow us on  Google News ,  LinkedIn , and  X  to Get More Instant Updates ,  Set CSN as a Preferred Source in  Google . The post ‘SyncFuture’ Campaign Weaponizing Legitimate Enterprise Security Software to Deploy Malware appeared first on Cyber Security News .

‘SyncFuture’ Campaign Weaponizing Legitimate Enterprise Security Software to Deploy Malware

This video contains graphic imagery. Eyewitness video shows a US Border Patrol agent shooting and killing a man in Minneapolis on January 24.

Kudos to the NYT editor who took “Appears to” out of the lead headline (finally)

Federal agents in Minneapolis wrestled Alex Pretti to the ground and secured the handgun he was carrying moments before shooting him multiple times, according to a Washington Post analysis of video footage.

Read more: https://wapo.st/4qGOx8M

Sorry for posting this, because it's disturbing, but it is important that we can all see this crucial moment. There is no disputing this order of events:

Pretti was disarmed (of the holstered weapon that he had a permit to carry).

And THEN he was murdered by ICE.

Left hand on the ground trying not to hit the pavement; right hand still holding a cell phone. ICE person standing with a one handed grip pointing his gun right at the man’s head.

There is nothing about this that we should accept. We all must reject this. This is our government, & they want this

YouTube video by Bellingcat Analysis of Alex Pretti Shooting in Minneapolis

We just posted a quick analysis of the shooting of Alex Pretti in Mineapolis. Watch it here: www.youtube.com/watch?v=LkFc...

Statement from Alex Pretti’s parents.

Matches up with this Statement from his parents about their hero son.

A PHOTO OF ALEX PRETTI WITH THE WORDS: MURDERED FOR STANDING UP FOR WHAT IS RIGHT.

A VA nurse who dedicated his life to helping others, murdered by a man who has dedicated his life to hurting others.