The Unintentional Enabler: How Cloudflare Services are Abused for Credential Theft and Malware Distribution Cloudflare services — particularly Workers and Tunnels — are being abused by threat actors to host convincing AiTM phishing pages and to stage covert connections that deliver malware, including Xeno RAT and XWorm RAT. These attacks leverage trusted Cloudflare domains and free tiers (e.g., *.workers[.]dev, *.trycloudflare[.]com, *.pages[.]dev, *.r2[.]dev) to bypass email and network defenses and evade detection. #XenoRAT #XWormRAT

Cloudflare Workers and Tunnels are being exploited to host AiTM phishing pages and deliver malware like Xeno RAT and XWorm RAT, leveraging trusted domains to evade defenses and detection. #CredentialTheft #CloudAbuse #MalwareDelivery

Hackers Use Fake Resumes to Breach
Read More: buff.ly/GroDr2T

#FAUXELEVATE #ResumePhishing #FranceCyber #Infostealer #CryptoMiningMalware #CloudAbuse #EnterpriseSecurity #ThreatIntel

Google Stops UNC2814 Attacks Globally
Read More: buff.ly/vbGD6oa

#UNC2814 #ChinaCyber #CyberEspionage #GoogleSecurity #CloudAbuse #NationStateThreat #ThreatIntel #GlobalCyber

Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign Attackers misused Google Cloud Application Integration to send 9,394 phishing emails from Google domains, bypassing filters and stealing credentials.

Cybercriminals are abusing Google Cloud email services to send trusted-looking phishing at scale. When legit infrastructure is weaponized, trust becomes the attack surface. 📧⚠️ #Phishing #CloudAbuse

China Group Abuses Windows Policy
Read More: buff.ly/yUlYuGH

#LongNosedGoblin #ChinaAPT #CyberEspionage #GroupPolicyAbuse #LivingOffTheLand #CloudAbuse #NationStateThreats #ThreatIntel

Campagna di spionaggio HazyBeacon: backdoor Windows usa AWS Lambda URL come C2, exfiltra dati governativi tramite servizi cloud legittimi e persiste grazie a DLL sideloading.

#AWSLambda #C2 #cloudabuse #HazyBeacon #supplychain
www.matricedigitale.it/2025/07/15/a...

Hackers abuse Microsoft ClickOnce and AWS services for stealthy attacks A sophisticated malicious campaign that researchers call OneClik has been leveraging Microsoft's ClickOnce software deployment tool and custom Golang backdoors to compromise organizations within the…

⚡ “OneClik” attacks are abusing Microsoft ClickOnce & AWS to target the energy sector—blending trusted platforms with stealthy malware delivery.
#EnergyThreats #CloudAbuse 🛠️⚡

buff.ly/KVtWsvj

📅 APT41 is now using Google Calendar for stealthy C2 ops via new malware “TOUGHPROGRESS.” Spear-phishing + cloud abuse = next-gen espionage. Legit tools, malicious intent 🕵️‍♂️💻 #CloudAbuse #APT41

buff.ly/wOD8jmu