Shamos macOS Infostealer: Malvertising Lures, BYOD Gaps, and Sector Expansion
Shamos, a new Atomic macOS Stealer (AMOS) variant attributed to COOKIE SPIDER, is targeting U.S. tech and education sectors via malvertising and fake support sites.
Read more
![[FORECAST] CoPhish: The Microsoft Copilot Link That Hands Over Your OAuth Tokens](/content/images/size/w600/2026/01/z-1.png)
[FORECAST] CoPhish: The Microsoft Copilot Link That Hands Over Your OAuth Tokens
Will at least one publicly disclosed enterprise breach be confirmed where attackers used a Microsoft Copilot Studio..
SIGNALS WEEKLY: MongoBleed (CVE-2025-14847) Is in KEV: The Unauth MongoDB Leak You Need to Patch
MongoBleed is in KEV: unauth MongoDB memory leak = creds/tokens. Patch + find exposed hosts. Dolby fix + poisoned dev tools too. 🧯🧬👇
![[DEEP RESEARCH] Token Factory: The 5 Costliest US Breaches of 2025](/content/images/size/w600/2026/01/z.png)
[DEEP RESEARCH] Token Factory: The 5 Costliest US Breaches of 2025
2025’s costliest US breaches: identity, outage math, outcomes Identity-led intrusions at distributors, govtech, healthcare, and an appliance vendor drove nine-figure losses. Outage duration and revocation speed determined the spread between disruption and recovery.
Geopatriation Is Coming: Sovereign Clouds Will Break Your Telemetry First
2026 prediction: “sovereign cloud” becomes the #1 way to accidentally create telemetry refugees 🛂☁️ Meanwhile: DPRK “IT workers” in the supply chain + OAuth consent hijacks that laugh at MFA 🔑🎭 What’s your log-clears-customs plan?