--- title: "GovCloud Keys Exposed, Drupal Flaw Exploited, Lazarus Crypto Theft | DMARC Report" description: "Weekly cybersecurity roundup: GovCloud keys leak, Drupal attacks surge, Lazarus steals $577M in crypto, and major breaches expose millions worldwide." image: "https://dmarcreport.com/og/blog/govcloud-keys-exposed-drupal-flaw-exploited-lazarus-crypto-theft.png" canonical: "https://dmarcreport.com/blog/govcloud-keys-exposed-drupal-flaw-exploited-lazarus-crypto-theft/" --- Quick Answer Cybersecurity headlines this week include exposed AWS GovCloud keys, active Drupal SQL injection attacks, Lazarus Group crypto thefts, major healthcare data breaches, and phishing campaigns bypassing MFA. Experts urge rapid patching, stronger DMARC enforcement, and improved threat detection. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fgovcloud-keys-exposed-drupal-flaw-exploited-lazarus-crypto-theft%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=GovCloud%20Keys%20Exposed%2C%20Drupal%20Flaw%20Exploited%2C%20Lazarus%20Crypto%20Theft%20&url=undefined%2Fblog%2Fgovcloud-keys-exposed-drupal-flaw-exploited-lazarus-crypto-theft%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fgovcloud-keys-exposed-drupal-flaw-exploited-lazarus-crypto-theft%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fgovcloud-keys-exposed-drupal-flaw-exploited-lazarus-crypto-theft%2F&title=GovCloud%20Keys%20Exposed%2C%20Drupal%20Flaw%20Exploited%2C%20Lazarus%20Crypto%20Theft%20 "Share on Reddit") [ ](mailto:?subject=GovCloud%20Keys%20Exposed%2C%20Drupal%20Flaw%20Exploited%2C%20Lazarus%20Crypto%20Theft%20&body=Check out this article: undefined%2Fblog%2Fgovcloud-keys-exposed-drupal-flaw-exploited-lazarus-crypto-theft%2F "Share via Email") ![cybersecurity news](https://media.mailhop.org/dmarcreport/dmarc-report-9722-1779860632451.jpg) _The biggest stories from the past week, curated for the dmarcreport.com community_ ## CISA Contractor Exposed AWS GovCloud Keys and Sensitive Government Credentials on Public GitHub In what one security researcher described as the worst leak he had ever witnessed in his career, a CISA contractor inadvertently published a treasure trove of government secrets to a [public GitHub](https://www.scworld.com/brief/cisa-contractors-public-github-repo-exposed-sensitive-government-credentials) repository. The repository, named “Private-CISA” and maintained by contractor Nightwing, exposed AWS administrative credentials, access keys, tokens, plaintext usernames and passwords for internal CISA systems, and [SSH keys](https://www.sectigo.com/blog/what-is-an-ssh-key). **Security researchers** confirmed the authenticity of the leak, with some credentials reportedly still functional. On May 14, GitGuardian found the public repository, which had been live since November 13, 2025, and contained 844 MB of data — including plain-text passwords, AWS tokens, Entra ID SAML certificates, CI/CD build logs, Kubernetes manifests, and deployment workflow documentation. The exposed archive also detailed how CISA builds and deploys software internally. Researchers confirmed that the **CISA administrator** had explicitly disabled the default GitHub setting that blocks users from publishing SSH keys or other secrets. CISA pulled the repository offline within 26 hours of being notified and said it was implementing additional safeguards. ## Drupal SQL Injection Flaw CVE-2026-9082 Actively Exploited — 15,000+ Attacks Across 65 Countries A critical vulnerability in [Drupal Core](https://thehackernews.com/2026/05/drupal-core-sql-injection-bug-actively.html) is now under aggressive exploitation just days after patches were released.![How To Create Dmarc Record 4239](https://media.mailhop.org/dmarcreport/how-to-create-dmarc-record-4239-1779860708609.jpg) [CVE-2026-9082 is an SQL](https://securityaffairs.com/192557/security/cve-2026-9082-drupals-highly-critical-sql-injection-flaw-is-already-under-active-attack.html) injection vulnerability affecting all supported versions of Drupal Core, allowing privilege escalation and remote code execution via specially crafted requests sent through the database abstraction API. In an update on May 22, 2026, Drupal acknowledged that “exploit attempts are now being detected in the wild.” Imperva observed over 15,000 attack attempts targeting almost **6,000 individual sites** across 65 countries. _Almost half of those attacks were aimed at gaming and financial services websites — sectors where credential theft and financial data access have immediate monetization paths._ CISA added the flaw to its Known Exploited Vulnerabilities catalogue on May 22, giving [federal agencies](https://9to5mac.com/2026/05/25/apple-says-u-s-is-refusing-to-produce-federal-agency-documents-in-doj-antitrust-case/) a tight remediation deadline. **Drupal administrators** are urged to upgrade to patched versions (10.4.10, 10.5.10, 10.6.9, 11.1.10, 11.2.12, or 11.3.10) immediately. ## North Korea’s Lazarus Group Steals $577M in Crypto Using Fileless RemotePE Malware [North Korea’s Lazarus Group](https://crypto-economy.com/north-koreas-lazarus-group-deploys-malware/) has surfaced with a dangerous new playbook targeting financial and **cryptocurrency organizations worldwide**. The campaign centers on RemotePE, a fileless remote access trojan that runs entirely in memory, leaving little forensic residue for conventional tools to detect. Lazarus operators pose as trading firm employees on Telegram, then use fake versions of Calendly and Picktime to arrange meetings and make the lure feel like a routine professional exchange. The Lazarus Group has already stolen about **$577 million in cryptocurrency** in the first four months of 2026, accounting for 76% of all crypto thefts worldwide despite just two major hacking incidents, according to blockchain analytics firm [TRM Labs](https://www.fintechfutures.com/venture-capital-funding/trm-labs-hits-1bn-valuation-after-70m-series-c). Their record total stolen has now reached $6 billion since 2017 — funds that allegedly finance the country’s weapons and nuclear development programs. _The in-memory-only approach means standard endpoint detection tools cannot find disk artifacts, forcing organizations to invest in behavioral and in-memory forensics they may not yet have deployed._ ## NYC Health + Hospitals Confirms 1.8 Million Patients Hit in Major Biometric Data Breach One of the largest healthcare breaches of 2026 was formally confirmed this week, with the scale and sensitivity of the [stolen data](https://techcrunch.com/2026/05/18/nyc-health-and-hospitals-says-hackers-stole-medical-data-and-fingerprints-during-breach-affecting-at-least-1-8-million-people/) raising serious alarms. The **New York City public healthcare system** said hackers stole personal and medical data, and scans of biometrics — including fingerprints — in one of the largest recorded breaches of 2026\. Hackers had access to its network from November 2025 until February 2026, with entry attributed to a breach at a third-party vendor.![Dmarc Check 5239](https://media.mailhop.org/dmarcreport/dmarc-check-5239-1779860804493.jpg) _Exposed data includes patients’ health insurance plan and policy information, medical information such as diagnoses, medications, tests, and imagery, as well as billing, claims, and payment information._ Social Security numbers, passports, driver’s licenses, and “[precise geolocation data](https://www.cbsnews.com/news/tiktok-local-feed-geolocation-data/)” were also compromised. The healthcare system is offering 24 months of complimentary credit monitoring to all affected individuals. The breach underscores the critical need for healthcare organizations to vet third-party vendor **security postures** rigorously. ## Ubiquiti Patches Five UniFi OS Vulnerabilities Including Three with Maximum CVSS Score of 10.0 Millions of businesses relying on **Ubiquiti networking gear** received an urgent security update this week. The first flaw (CVE-2026-34908) enables attackers to make unauthorized changes to targeted systems through an improper access control weakness in [UniFi OS](https://www.bleepingcomputer.com/news/security/ubiquiti-patches-three-max-severity-unifi-os-vulnerabilities/), while the second (CVE-2026-34909) allows access to files on the underlying system by abusing a path traversal vulnerability. A **third maximum-severity flaw** (CVE-2026-34910) makes it possible to launch a command injection attack after gaining network access by exploiting an improper input validation vulnerability. The three [maximum-severity vulnerabilities](https://fieldeffect.com/blog/unifi-os-vulnerabilities-patches) are exploitable remotely without privileges, requiring no authentication or user interaction. Researchers estimate that nearly **100,000 UniFi OS** endpoints are accessible online, creating a large attack surface. _Ubiquiti has released patched firmware and urges all administrators to update immediately, particularly for internet-facing deployments._ ## INTERPOL Operation Ramz: 201 Arrested in Landmark MENA Cybercrime Crackdown ![Dmarc Lookup 4179](https://media.mailhop.org/dmarcreport/dmarc-lookup-4179-1779860868587.jpg) [INTERPOL](https://www.interpol.int/en/News-and-Events/News/2026/201-arrests-in-first-of-its-kind-cybercrime-operation-in-MENA-region) announced the results of the first coordinated cybercrime operation of its scale across the **Middle East and North Africa region**. Operation Ramz, conducted between October 2025 and February 28, 2026, involved 13 MENA countries and aimed to investigate and disrupt [malicious infrastructure](https://www.recordedfuture.com/research/malicious-infrastructure-finds-stability-with-aurologic-gmbh), identify suspects, and prevent future losses. The operation resulted in 201 arrests, the identification of 382 additional suspects, the identification of 3,867 victims, and the seizure of 53 servers. Nearly 8,000 pieces of intelligence were disseminated across participating countries. The operation also dismantled a [phishing-as-a-service](https://www.itpro.com/security/fbi-warns-microsoft-365-users-about-another-phishing-as-a-service-attack-heres-how-to-avoid-it) platform after **Algerian authorities** confiscated its server along with hard drives containing phishing software and scripts. _Moroccan officials seized computers and smartphones containing banking data and phishing tools. Participating nations included Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and the UAE._ [Cybersecurity](https://dmarcreport.com/blog/email-security-meets-cybersecurity-understanding-the-role-of-dmarc-reports/) experts recommend implementing DMARC, [DKIM](https://dmarcreport.com/dmarc-fundamentals/what-is-dkim/), and [SPF](https://dmarcreport.com/dmarc-fundamentals/what-is-spf/) together to prevent email spoofing, strengthen domain authentication, and **protect organizations** from phishing attacks. ## EvilTokens PhaaS Platform Bypasses MFA to Compromise Microsoft 365 Organizations at Scale A phishing-as-a-service platform that bypasses [multi-factor authentication](https://www.onelogin.com/learn/what-is-mfa) entirely continued to make headlines this week with an update on its extraordinary reach. [EvilTokens](https://cybersecuritynews.com/eviltokens-emerges-as-new-phishing-as-a-service-platform/) went live in February 2026\. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The platform is sold as a turnkey service via Telegram bots, offering ready-made phishing pages, Microsoft API automation, and **AI-generated emails**. Unlike most phishing tools that mimic login pages, EvilTokens abuses the legitimate Microsoft device code authentication flow to quietly hand over full account access to attackers. In advanced cases, EvilTokens converts stolen tokens into a Primary Refresh Token, enabling silent sign-on across all **Microsoft 365 applications** with no password or MFA required. **DMARC relevance:** Because EvilTokens delivers its lures via email impersonating SharePoint, DocuSign, and payroll services, strong [DMARC](https://dmarcreport.com/) enforcement is a critical first line of defense to prevent these spoofed messages from ever reaching inboxes. ## Verizon 2026 Data Breach Investigations Report Reveals Vulnerabilities Exploited Faster Than Ever The annual [Verizon DBIR](https://www.helpnetsecurity.com/2026/05/25/lessons-from-verizon-dbir-2026-findings/) landed this week, and its findings paint a stark picture of the evolving threat landscape. Attackers are increasingly exploiting organizations that fail to patch internet-facing systems quickly enough. The DBIR highlights that only 26% of critical vulnerabilities listed in the CISA Known Exploited Vulnerabilities catalogue were fully remediated during 2025, down from 38% the previous year.![Dmarc Record 6398](https://media.mailhop.org/dmarcreport/dmarc-record-6398-1779860907502.jpg)The most frequent causes of breaches continue to heavily involve the human element — including [social engineering](https://www.darkreading.com/cloud-security/unc6692-social-engineering-malware-cloud-abuse), phishing, and stolen credentials — as well as the exploitation of software vulnerabilities. _Mobile devices are now a favored target, with attackers moving to mobile phishing as organizations get better at spotting traditional email-based lures._ The report also flagged [AI-assisted attacks](https://securityaffairs.com/192689/apt/nimbus-manticore-expanded-attacks-with-ai-assisted-malware-and-fake-zoom-installers.html) as a rapidly rising trend, warning that AI is being used to **identify vulnerabilities** faster than many security teams can respond. ## Ghost CMS SQL Injection CVE-2026-26980 Exploited to Fuel Large-Scale ClickFix Attacks Threat actors have weaponized a critical flaw in the Ghost content management system to compromise hundreds of websites and redirect visitors to malware distribution channels. The campaign involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an [SQL injection vulnerability](https://www.csoonline.com/article/4175329/drupal-admins-rushing-to-patch-maximum-severity-sql-injection-vulnerability.html) in Ghost’s Content API that allows an unauthenticated attacker to **read arbitrary data** from the database. The flaw allows an attacker to gain access to a site’s admin [API key](https://www.ibm.com/think/topics/api-key), granting them the ability to poison the site by injecting malicious JavaScript code. The injected scripts then redirect site visitors to ClickFix lures — social engineering prompts that trick users into manually executing [malicious PowerShell commands](https://cybersecuritynews.com/malware-campaign-deliver-crypto-clipper/) under the guise of “fixing” a browser issue. The flaw was patched in Ghost version 6.19.1 back in February 2026, but a large number of sites have not yet applied the update. **Website administrators** are urged to upgrade immediately. ## Laravel-Lang Supply Chain Attack Delivers Credential-Stealing Framework via Composer Packages Developers relying on popular **PHP localization packages** received an unpleasant surprise this week as a sophisticated [supply chain attack](https://securityboulevard.com/2026/05/laravel-lang-composer-tag-rewrite-supply-chain-attack/) was uncovered.![What Is Dmarc 4269](https://media.mailhop.org/dmarcreport/what-is-dmarc-4269-1779860953259.jpg)Attackers targeted multiple PHP packages belonging to Laravel-Lang, abusing GitHub version tags to distribute malicious code through [Composer packages](https://anystack.sh/php-composer-packages). Affected packages include laravel-lang/lang, laravel-lang/http-statuses, laravel-lang/attributes, and laravel-lang/actions. _“The timing and pattern of the newly published tags point to a broader compromise of the Laravel-Lang organization’s release process, rather than a single malicious package version,” security firm Socket said._ The tags were published in rapid succession on May 22 and May 23, 2026, with many versions appearing only seconds apart, indicating automated mass tagging or republishing. More than **700 versions** associated with these packages were identified. The malicious packages delivered a comprehensive credential-stealing framework capable of exfiltrating developer secrets, API keys, and [cloud credentials](https://www.cybersecuritydive.com/news/credential-harvesting--screenconnect-cloud-administrators/758508/). ## YellowKey BitLocker Bypass Vulnerability CVE-2026-45585 Disclosed — Microsoft Rushes Mitigation A newly disclosed zero-day capable of bypassing Windows BitLocker encryption attracted urgent attention from security teams this week. Microsoft released a mitigation for a [BitLocker bypass](https://www.computerworld.com/article/4175345/microsoft-is-working-on-a-patch-for-yellowkey-attack-on-bitlocker-offers-temporary-fix.html) vulnerability named YellowKey, now tracked as CVE-2026-45585, carrying a **CVSS score of 6.8**. It has been described as a BitLocker security feature bypass. “Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as ‘YellowKey,’” the company stated. Microsoft also addressed BlueHammer (CVE-2026-33825), a privilege escalation bug in Windows Defender. The researcher who discovered the flaw published exploit code for it after notifying Microsoft and growing frustrated with the response time. BitLocker bypass vulnerabilities are particularly concerning for organizations relying on disk encryption as a primary **data protection** control for lost or stolen devices.![Gmail Dmarc 1207](https://media.mailhop.org/dmarcreport/gmail-dmarc-1207-1779861121455.jpg) ## Roblox Account Hijacking Ring Dismantled — 610,000 Accounts Stolen, $225K in Illicit Profits Law enforcement struck a blow against gaming-focused cybercrime this week, dismantling a sophisticated account-theft operation. Ukrainian police dismantled a hacking ring responsible for hijacking and selling over **610,000 Roblox accounts**. The [Roblox account hijacking](https://cybernews.com/cybercrime/roblox-account-hackers-arrested-ukraine/) ring generated roughly $225,000 in illicit profits and demonstrates the growing monetization of gaming-related cybercrime. The operation highlights that gaming platforms are increasingly attractive targets for [cybercriminals](https://newsmeter.in/top-stories/cybercriminals-targeting-people-with-fake-discounts-on-property-and-gold-deals-in-dubai-764349), not only for in-game currency theft but as a gateway to credential stuffing attacks against other platforms where victims reuse passwords. **Parents and young users** of gaming platforms are urged to enable [two-factor authentication](https://www.fortinet.com/resources/cyberglossary/two-factor-authentication) and use unique passwords for every account. ![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead for DMARC Report's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Take control of your DMARC reports Turn raw XML into actionable dashboards. Start free - no credit card required. [Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/) ## Related Articles [ Advanced 2m 25 practical reasons every MSP should add a pricing estimator to their website Jan 15, 2026 ](/blog/25-reasons-every-msp-should-add-pricing-estimator-to-website/)[ Advanced 6m How to Use DMARC Check APIs for Automated Domain Verification Apr 7, 2026 ](/blog/dmarc-check-api-automated-dmarc-verification-guide/)[ Advanced DMARC Configuration Checklist For Secure Email Delivery May 19, 2026 ](/blog/dmarc-configuration-checklist-for-secure-email-delivery/)[ Advanced 8m DMARC Enforcement Timeline: Realistic Roadmap from p=none to p=reject Apr 14, 2026 ](/blog/dmarc-enforcement-timeline-none-to-reject-roadmap/) ```json {"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"GovCloud Keys Exposed, Drupal Flaw Exploited, Lazarus Crypto Theft ","description":"Weekly cybersecurity roundup: GovCloud keys leak, Drupal attacks surge, Lazarus steals $577M in crypto, and major breaches expose millions worldwide.","url":"https://dmarcreport.com/blog/govcloud-keys-exposed-drupal-flaw-exploited-lazarus-crypto-theft/","datePublished":"2026-05-27T00:00:00.000Z","dateModified":"2026-05-27T00:00:00.000Z","dateCreated":"2026-05-27T00:00:00.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://dmarcreport.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/govcloud-keys-exposed-drupal-flaw-exploited-lazarus-crypto-theft/"},"articleSection":"advanced","keywords":"","image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/dmarc-report-9722-1779860632451.jpg","caption":"cybersecurity news"},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Advanced","item":"https://dmarcreport.com/advanced/"},{"@type":"ListItem","position":4,"name":"GovCloud Keys Exposed, Drupal Flaw Exploited, Lazarus Crypto Theft ","item":"https://dmarcreport.com/blog/govcloud-keys-exposed-drupal-flaw-exploited-lazarus-crypto-theft/"}]} ```