Investigations & Reports
Long-form investigative reports and original research on scams, vulnerabilities, and emerging threats — so you know what's out there and how to stay protected.
IfYouRevokeThisTokenItWillWipeTheComputerOfTheOwner: Inside the New Shai-Hulud npm Worm
A new wave of the Shai-Hulud npm worm is loose. It hides inside developer packages, steals GitHub tokens, and uses a chilling sigil, IfYouRevokeThisTokenItWillWipeTheComputerOfTheOwner, to threaten anyone who tries to cut it off. Here is what it does and what to do about it.
Read Full Report →
OpenClaw Risk Report: High Risk
OpenClaw is an open-source agentic AI tool marketed as a personal AI assistant that runs inside messaging apps and has full access to the user's local machine. With 50,000+ vulnerable instances and nearly 10 million CVEs across monitored deployments, the security tradeoffs make it a high risk for individuals and businesses adopting it.
Fake Meetup Messages Are Stealing Bank Details From Event Organizers
Meetup organizers are receiving messages through Meetup itself, sent from real Meetup accounts, claiming their event has been restricted. The link inside looks like meetup.com but leads to a page that steals bank and card details.
Read Report →
ALERT: SpiderFoot Scam Resurfaced on spiderrfoot.com
The misleading SpiderFoot distribution site we previously investigated on spiderfoot[.]org has now appeared on a second domain: spiderrfoot[.]com. Because SpiderFoot has no official website, any domain can be mistaken for the real thing.
Read Report →
More Investigations
Rixav.sbs: A Crypto Wallet Phishing Site
rixav.sbs impersonates a wallet recovery service to trick users into entering their seed phrases and private keys. This report documents how the scam works, what the site does with your credentials, and why any wallet that touched it should be considered compromised.
Evofince: Fake Licenses, Template Infrastructure, and a Phantom Crypto Exchange
This investigation analyzes evofince.com, a cryptocurrency trading platform that presents itself as a high-volume digital asset exchange. Despite claims of regulatory licensing and years of operational history, domain records show the website was only registered in January 2026.
FineretCreditUnion.com: Credit Union Using Recycled Scam Infrastructure
A website claiming to be a legitimate credit union appears to be part of a template-based financial scam network designed to collect personal information and solicit fraudulent loan payments.
Spiderfoot.org: Google Search Mislabels an Unofficial SpiderFoot Site
An unofficial website appearing in search results for the SpiderFoot OSINT tool may be misleading users into downloading software through untrusted channels. Despite the site itself stating it is not affiliated with the official project, search engine AI summaries identify it as the legitimate source