Skip to main content
Mallory
Updated continuously

The signal that matters.

Cutting through advisories, vendor PSIRTs, researcher write-ups, and the underground — correlated, deduped, and ranked so your team only sees what moves the needle.

35,480stories tracked
Story velocity
5,233 sources1.7M refsLive
360k
Vulnerabilities
View trending
8,585
Threat actors
View trending
16k
Malware families
View trending
206k
Products tracked
View trending
Updated 15h ago
Breach Disclosure No…Underground Data LeakFinancial Sector Thr…+2

Morpheus Claims 680 GB Theft From HDFC AMC After VMware Systems Disruption

HDFC Asset Management Company disclosed a cyber incident after its IT administrator detected unusual activity on 16 May and found parts of its on-premises VMware environment inaccessible, including VPN, SFTP, and antivirus management servers. The company told the Bombay High Court that it later received an email from a threat actor calling itself Morpheus, which claimed to have exfiltrated more than 680 GB of critical data; the group subsequently listed the firm as HDFC FUND on its Tor leak site, indicating an active extortion campaign. HDFC AMC said it activated incident-response measures and notified SEBI and stock exchanges after the breach.

Timeline
  • just nowBombay High Court schedules further hearing in HDFC AMC case
  • 5d agoMorpheus lists HDFC AMC on its leak site as 'HDFC FUND'
Breach & Incident Intelligence·2sources·Updated 14h ago
Latest
Malicious Astro Config Pull Request Used Blockchain-Relayed C2
Build Pipeline Compr…Command And Control…+3

Malicious Astro Config Pull Request Used Blockchain-Relayed C2

A malicious pull request against the Egonex-AI/Understand-Anything GitHub repository inserted an obfuscated payload into homepage/astro.config.mjs, abusing Astro’s automatic execution of that file during development, build, and preview workflows. SafeDep reported that the PR, presented as a harmless dashboard bug fix, actually changed only .gitignore and astro.config.mjs, with the malicious code concealed behind extensive horizontal whitespace to reduce visibility in GitHub’s diff view. The payload restored require in an ES module context, contacted one of three hardcoded command-and-control servers, exfiltrated a campaign marker, decrypted and executed a downloaded bot client, and fetched a second-stage command through a Tron-to-Aptos-to-BSC blockchain relay.

Attack Tradecraft
2·Updated yesterday
152 Chrome Live Wallpaper Extensions Ran Ad-Tracking and Traffic-Laundering Scheme
Extension Plugin Hij…Identity Impersonati…+1

152 Chrome Live Wallpaper Extensions Ran Ad-Tracking and Traffic-Laundering Scheme

Researchers uncovered a coordinated operation on the Chrome Web Store involving 152 “live wallpaper” new-tab extensions spread across 38 publisher accounts and three backend brands, with roughly 105,000 reported installs. Built from a shared codebase, the extensions redirected install and uninstall traffic to operator-controlled infrastructure and monetized users through ad-driven destination pages including tabplugins.com, yowgames.com, chromewallpaper.com, and owhit.com. Investigators said the campaign functioned as an adware-adjacent traffic-attribution fraud scheme, not a remote-code-execution or classic search-hijacking operation.

Attack Tradecraft
3·Updated 2d ago
Nezha Monitoring Flaw Let RoleMember Users Execute Commands Across All Tenants
Internet Facing Serv…Identity Authenticat…+1

Nezha Monitoring Flaw Let RoleMember Users Execute Commands Across All Tenants

A critical authorization flaw in Nezha Monitoring allowed any authenticated user with the RoleMember role to execute arbitrary shell commands across all connected servers, including systems belonging to other tenants. The issue, tracked as CVE-2026-46716, affected versions 1.4.0 through before 2.0.8 and stemmed from the POST /api/v1/cron route being protected by a generic authentication check rather than an admin-only control. By creating or modifying a cron task with Cover=CronCoverAll, an empty Servers list, and an attacker-controlled command, a member could cause the dashboard scheduler to distribute that command to every server in the shared global map.

Attack Tradecraft
2·Updated 2d ago

Trending

The most-referenced stories across every topic right now.

View all

Microsoft ships record Patch Tuesday with 206 fixes and critical Windows flaws

Latest · yesterday

Microsoft publishes advisory for CVE-2026-11822

157yesterday

Netty fixes broad set of flaws including DNS poisoning, HTTP/2 DoS, and TLS verification bypass

Latest · 3d ago

CVE-2026-45674 is recorded for Netty CNAME bailiwick poisoning flaw

593d ago

Microsoft patches 206 flaws as exploited Exchange and Defender bugs draw urgency

Latest · 3d ago

Microsoft published CVE-2025-21195

393d ago

Qilin Affiliate Exploits Check Point VPN Authentication Bypass

Latest · 3d ago

WatchTowr publishes CVE-2026-50751 technical analysis and PoC tooling

313d ago
12 sections hidden
Find out if you're exposed

Don't read about it. Know when it affects you.

Mallory correlates every story on this page with your attack surface (assets, vendors, identities, subsidiaries) and surfaces a small set of evidence-based cases instead of 10,000 alerts.

Start Free TrialRequest a live demo
Subscribe to the digest

A daily email with top stories, new KEVs, and fresh exploits. No marketing.

Get the daily digest:
Or grab the RSS feeds →