I have received an Email today. I was using https://www.hndigest.com/ Kudos to the person behin.

All the Emails were from `hello @ hndigest.com` W00ps, My understanding was this is from HN.

While looking for a way to stream the India vs Pakistan cricket match on 14th September 2025, I stumbled across a suspicious search result on a europa.eu dev subdomain. It was being abused for blackhat SEO and redirecting users to scam streaming sites. I traced similar behavior across other high-profile domains, reported the issue to CERT-EU via email (after some Twitter help) and the problem was later confirmed as fixed on 6th November 2025. This post walks through how I found it, how I reported it and what we can learn from it.

A phishing campaign that uses Zoom's document share flow as the initial trust vector.

It forces victims through a fake "bot protection" gate, then shows a Gmail-like login. When someone types credentials, they are pushed out to the attacker over a WebSocket and the backend validates them.

This is something like AI Firewall, currently only checking for requests, can be used for responses. (And that will add lag and as response is streamed so not implemented yet, lazy me)

Sharing twitter link with image in it.

100% correct. Couple of reasons

1) I felt like I made it sounded like I am leaking a 0 day , which it isn't.

2) AI agent thought it was AI generated

I like LLM's but broo I spent a little too much time on this and don't want AI to claim it as AI generated content.

Thanks.

This looks interesting, This trick is good for hiding the bad code and to bypass the CSP.

The most interesting part of this particular attack was the attackers delivering cross platform malware. SocGholish is a well known commercial malware previously seen to be associated with infecting victims with ransomware while Atomic macOS Stealer is new.