Find notable cyber news and cases, enriched with sources, timelines, and signals.

Codemado open-directory operator toolkit leak

Data Leak
First reported
Last updated
Happening score
H score 18
1 unique sources, 1 articles

Summary

Hide ▲

A misconfigured Budapest VPS exposed codemado's phishing toolkit, leaking session material and credential artifacts that could enable account hijacking. The readable directory included phishing configurations, credential logs, RMM installers, and Telegram session files. The exposed files tied the operator to an active Evilginx-based phishing ecosystem and created immediate operational risk for anyone using the compromised infrastructure.

Related Happenings

SHub Reaper macOS infostealer variant

Malware Activity
H score23 First: 19.05.2026 00:42 Last: 19.05.2026 00:42 Sources 1

About this happening: The **SHub Reaper** macOS infostealer now uses **AppleScript** and a fake **Apple security update** lure to infect Macs, raising the risk of credential theft and remote access. It...

Storm-1175 high-velocity exploit campaign

Campaign
H score59 First: 06.04.2026 19:56 Last: 06.04.2026 19:56 Sources 1

About this happening: **Storm-1175** is running a **high-velocity exploit campaign** that rapidly turns access into **Medusa ransomware** deployment, creating risk of **data exfiltration** and encrypte...

Atomic MacOS Stealer (AMOS) distribution through AI-app lures, SEO poisoning, and supply-chain abuse

Malware Activity
H score31 First: 12.02.2026 16:25 Last: 12.02.2026 16:25 Sources 1

About this happening: **Atomic MacOS Stealer (AMOS)** is being distributed to **macOS users** through **ClickFix-style Terminal prompts** that silently **download, mount, and launch DMG payloads**. In...

GlassWorm malware abuses compromised OpenVSX extensions to steal credentials from macOS systems

Malware Activity
H score28 First: 03.02.2026 00:04 Last: 03.02.2026 00:04 Sources 1

About this happening: **GlassWorm** is a malware campaign that now also fuels **ForceMemo**, a **supply-chain attack** that steals **GitHub tokens** and force-pushes malicious code into **Python reposi...

Amnesia RAT retrieved from Dropbox for data theft and remote control

Malware Activity
H score29 First: 24.01.2026 13:09 Last: 24.01.2026 13:09 Sources 1

About this happening: The **Amnesia RAT** payload is being staged from **Dropbox**, giving the operators a **remote-access trojan** that can steal data and control infected endpoints. It is the final s...

Timeline

  1. 13.07.2026 18:30 2 articles · 8h ago

    Misconfigured Budapest VPS exposes codemado's phishing toolkit

    Initial Disclosure

    Lexfo disclosed that a Python HTTP server left running with directory listing switched on on a Budapest virtual private server exposed phishing configurations, credential logs, remote management installers, and Telegram session files tied to codemado's Evilginx-based adversary-in-the-middle platform against corporate Microsoft 365 accounts. The exposed host also contained a seven-tool remote monitoring and management arsenal, including ScreenConnect and SimpleHelp, plus the custom bulk-mailer MaDoO Blaster.

    Show sources