Seclookup Blogs

Write

The Proxifier Trap: Analyzing the ClipBanker Marathon Infection Chain

Apr 15, 20266 min read2

Unmasking LucidRook: A Deep Dive into UAT-10362’s Lua-Based Campaign Against Taiwan

Apr 15, 20266 min read21

The Evolution of EvilTokens: Analyzing AI-Enabled Device Code Phishing Campaigns

Executive Summary The threat landscape for credential theft is shifting from static, proxy-based phishing toward sophisticated, automated abuse of OAuth 2.0 authentication flows. Recent intelligence f

Apr 15, 20266 min read19

Analyzing the CPUID Watering Hole: STX RAT Distribution via Trojanized System Tools

Apr 15, 20265 min read1

ClickFix Evolution: Cross-Platform Social Engineering Targeting Enterprise Workflows

Mar 26, 20265 min read6

Weaponizing the Watcher: Analyzing the TeamPCP Trivy Supply Chain Compromise

Executive Summary On March 19, 2026, a highly sophisticated CI/CD-focused supply chain attack targeted Trivy, the widely adopted open-source vulnerability scanner maintained by Aqua Security. Attribut

Mar 26, 20266 min read4

Exploiting Trust: PureHVNC RAT Delivery via Malicious Google Forms

The threat landscape is constantly evolving, with attackers frequently pivoting toward legitimate cloud services to bypass traditional email security filters. Recently, SecLookup identified and tracke

Mar 21, 20266 min read24

Storm-2561 Uses SEO Poisoning to Distribute Fake VPN Clients for Credential Theft

Executive Summary In a sophisticated campaign targeting enterprise environments, the threat actor Storm-2561 has resumed operations by leveraging Search Engine Optimization (SEO) poisoning to distribu

Mar 20, 20265 min read14

Unpacking the "Sapecar" Campaign: Technical Analysis of the Horabot Banking Trojan in Mexico

The threat landscape in Latin America continues to evolve with increasing complexity, as evidenced by a recent surge in activity surrounding Horabot. This multi-stage threat bundle—comprising a modula

Mar 19, 20265 min read10

Unmasking DarkSword: The Proliferation of a New iOS Full-Chain Exploit Across Global Threat Actors

The mobile threat landscape has reached a new level of sophistication with the discovery of "DarkSword," a potent iOS exploit chain capable of achieving full device compromise through a sequence of ze

Mar 19, 20266 min read3

IPv6 Obfuscation Tactics in Healthcare Phishing: Analyzing the "Free Toothbrush" Campaign

Executive Summary A sophisticated phishing campaign targeting United Healthcare beneficiaries has recently resurfaced, utilizing a deceptive lure involving a premium Oral-B toothbrush to harvest sensi

Mar 19, 20265 min read2

Command Palette

Latest articles