Threat intelligence, offensive security, LLM security, and field notes from someone learning out loud.

A phishing kit operated live across 22 countries

A friend in Sweden forwarded a domain he’d received in a text message. It turned out to be one of thirty active campaigns served from the same shared backend, targeting victims across twenty-two countries.

May 29, 2026 · 4 min

Indirect Prompt Injection Against Local LLM Agents

Local LLM agents are being given web-fetching tools. Untrusted text is the inevitable result. Whether these agents handle it safely is something most developers haven’t measured. I tested Qwen 2.5 at two different sizes (1.5B and 3B) against identical indirect prompt injection payloads. Both models willingly complied with the injection in the majority of cases. Code: github.com/leoelsolh/indirect-prompt-injection What is indirect prompt injection? First of all, direct prompt injection is when an attacker controls the user input to an LLM. Indirect prompt injection (IPI) is when an attacker controls something the LLM reads on the user’s behalf, say a web page, a PDF, an email, or even a document you asked the agent to summarise. The LLM is asked to act on content, and the content itself contains instructions trying to control or manipulate the model’s behavior. ...

May 22, 2026 · 8 min

Chinese Phishing Operation: DHL Sweden Phaas Investigation

Summary A DHL-branded smishing campaign targeting Swedish users was traced to a Chinese-operated Phishing-as-a-Service platform hosted on Alibaba Cloud Hong Kong. Looking into the infrastructure revealed a multi layer architecture with bot filtering, keystroke level card exfiltration via a Vue.js SPA skimmer, real time operator review over WebSocket, and live BIN intelligence. A separate health scam targeting Taiwan elderly was identified running on the same server, which means were looking at a multi-tenant commercial operation. ...

May 15, 2026 · 7 min