Post #8813

@thehackernews

The Hacker News

Views8,690Post view count

PostedApr 1604/16/2026, 11:07 AM

Post content

⚠️ Attackers are using Obsidian’s plugin system to run malware. Targets move LinkedIn → Telegram → shared vault, where code runs only after enabling plugins. The payload deploys PHANTOMPULSE with Ethereum-based C2. 🔗 Read how → https://thehackernews.com/2026/04/obsidian-plugin-abuse-delivers.html