Skip to main content
Author

Jacob Malimban

Cyber Analyst I

Jacob Malimban is a Cyber Analyst at Cofense, where he analyzes current phishing and malware threats. He has over five years of results in cybersecurity, with experience in SOCs, compliance, and threat intelligence. His research focuses on current threats like HR-themed phishing and malware in GitHub comments. Often these blogs include historical analysis and statistics to provide background information and identify future trends. Jacob’s other interests include AI, automation, and programming.

Articles By

Jacob Malimban

4 posts

{{articles.featured.category.label}}
May 20, 2026

Steganography Secrets: Malware Hidden in Plain Sight

The blog explains how threat actors use steganography to hide malware inside harmless-looking image files, helping them evade security tools and deliver malware like Remcos RAT, Agent Tesla, and XWorm through phishing campaigns. These attacks often use multi-stage infection chains involving JavaScript droppers and DotNET loaders that execute malware directly in memory to avoid detection. The report also highlights the growing abuse of image hosting sites such as archive[.]org and notes that many of these stealthy campaigns are finance-themed and highly targeted.

April 8, 2026

The Growing Abuse of GitHub and GitLab in Phishing Campaigns

Threat actors are increasingly abusing trusted platforms like GitHub and GitLab to host malware and credential phishing pages, allowing malicious links to bypass email security because these domains are widely trusted and cannot easily be blocked. The volume of these campaigns has grown significantly since 2021, with 2025 accounting for nearly half of all activity, and attacks often include both malware delivery and credential theft, sometimes in combined “dual threat” chains.

December 3, 2025

Seasonal Surge: Why HR Phishing Peaks in Q4 and the Seven Themes Behind It

Q3 and Q4 of each year tend to see the most Human Resources (HR) task-related phishing threats. Impersonating HR provides many benefits to threat actors. Tasks from HR are typically mandatory, so HR emails carry authority. Legitimate HR tasks can also have strict deadlines, which a threat actor can use to impose urgency. Finally, regular HR tasks are expected by employees. Sent at the right time, employees may not recognize an email as phishing and automatically click on any link to resolve the HR issue. This analysis focuses on the statistics of HR-themed phishing from January 2024 to September 2025.

July 2, 2025

Spain TLD’s Recent Rise to Dominance

Threat actors are increasingly abusing Spain's .es TLD for malicious activities, with a 19x rise in abuse from Q4 2024 to Q1 2025. This makes it one of the top 10 most exploited TLDs for credential phishing. This surge is particularly notable in second-stage URLs, which host phishing pages or exfiltrate data after users click on embedded links. While .com and .ru remain the most abused TLDs, the .es TLD's rapid rise has disrupted the rankings of commonly exploited domains.