Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Jesse La Grew

Threat Level: green

Date	Author	Title
BITWARDEN CLI
2026-04-27	Kenneth Hartman	TeamPCP Supply Chain Campaign: Update 008 - 26-Day Pause Ends with Three Concurrent Compromises (Checkmarx KICS, Bitwarden CLI Cascade, xinference PyPI), CanisterSprawl npm Worm Identified, and Tier 1 Coverage Returns
BITWARDEN
2026-04-27/a>	Kenneth Hartman	TeamPCP Supply Chain Campaign: Update 008 - 26-Day Pause Ends with Three Concurrent Compromises (Checkmarx KICS, Bitwarden CLI Cascade, xinference PyPI), CanisterSprawl npm Worm Identified, and Tier 1 Coverage Returns
CLI
2026-04-27/a>	Kenneth Hartman	TeamPCP Supply Chain Campaign: Update 008 - 26-Day Pause Ends with Three Concurrent Compromises (Checkmarx KICS, Bitwarden CLI Cascade, xinference PyPI), CanisterSprawl npm Worm Identified, and Tier 1 Coverage Returns
2026-04-17/a>	Brad Duncan	Lumma Stealer infection with Sectop RAT (ArechClient2)
2026-03-25/a>	Brad Duncan	SmartApeSG campaign pushes Remcos RAT, NetSupport RAT, StealC, and Sectop RAT (ArechClient2)
2026-03-14/a>	Brad Duncan	SmartApeSG campaign uses ClickFix page to push Remcos RAT
2025-12-13/a>	Brad Duncan	ClickFix Attacks Still Using the Finger
2025-11-18/a>	Brad Duncan	KongTuke activity
2025-11-12/a>	Brad Duncan	SmartApeSG campaign uses ClickFix page to push NetSupport RAT
2025-10-15/a>	Xavier Mertens	Clipboard Pictures Exfiltration in Python Infostealer
2025-07-15/a>	Xavier Mertens	Keylogger Data Stored in an ADS
2024-04-17/a>	Xavier Mertens	Malicious PDF File Used As Delivery Mechanism
2023-03-31/a>	Jan Kopriva	Use of X-Frame-Options and CSP frame-ancestors security headers on 1 million most popular domains
2022-06-26/a>	Didier Stevens	My Paste Command
2022-06-25/a>	Xavier Mertens	Malicious Code Passed to PowerShell via the Clipboard
2022-06-22/a>	Xavier Mertens	Malicious PowerShell Targeting Cryptocurrency Browser Extensions
2022-05-23/a>	Johannes Ullrich	Attacker Scanning for jQuery-File-Upload
2022-04-21/a>	Xavier Mertens	Multi-Cryptocurrency Clipboard Swapper
2022-02-14/a>	Johannes Ullrich	Reminder: Decoding TLS Client Hellos to non TLS servers
2021-11-15/a>	Rob VandenBrink	Changing your AD Password Using the Clipboard - Not as Easy as You'd Think!
2021-10-18/a>	Xavier Mertens	Malicious PowerShell Using Client Certificate Authentication
2021-08-30/a>	Xavier Mertens	Cryptocurrency Clipboard Swapper Delivered With Love
2021-02-12/a>	Xavier Mertens	AgentTesla Dropped Through Automatic Click in Microsoft Help File
2020-09-11/a>	Rob VandenBrink	What's in Your Clipboard? Pillaging and Protecting the Clipboard
2020-02-28/a>	Xavier Mertens	Show me Your Clipboard Data!
2020-01-21/a>	Russ McRee	DeepBlueCLI: Powershell Threat Hunting
2015-12-10/a>	Rob VandenBrink	New Burp Feature - ClickBandit
2014-08-20/a>	Kevin Shortt	Social Engineering Alive and Well
2014-04-11/a>	Rob VandenBrink	The Other Side of Heartbleed - Client Vulnerabilities
2013-11-11/a>	Johannes Ullrich	What Happened to the SANS Ads?
2012-06-04/a>	Rob VandenBrink	vSphere 5.0 Hardening Guide Officially Released
2012-02-23/a>	donald smith	DNS-Changer "clean DNS" extension requested
2011-10-21/a>	Johannes Ullrich	New Flash Click Jacking Exploit
2010-06-27/a>	Manuel Humberto Santander Pelaez	Study of clickjacking vulerabilities on popular sites
2010-06-02/a>	Bojan Zdrnja	Clickjacking attacks on Facebook's Like plugin
2010-01-24/a>	Pedro Bueno	Outdated client applications
2009-09-07/a>	Jim Clausing	Seclists.org is finally back
2009-04-20/a>	Jason Lam	Digital Content on TV

BITWARDEN CLI

BITWARDEN

CLI