Threat Intelligence

As special guest Jim Browning noted, "If there are people willing to attack you, your systems, and your business, the best way to defend yourself is to understand how they do this, who they are, and how they're working. If you understand all of that, you're far better able to pro

Since early 2023, Nisos has provided our clients with critical insights and conducted OSINT (Open-Source Intelligence) pre-employment and insider risk investigations to mitigate the threat of North Korean (DPRK) IT worker employment schemes. In June 2025, we used a combination of

The TeamPCP hacking group is targeting Kubernetes clusters with a malicious script that wipes all machines when it detects systems configured for Iran. The threat actor is responsible for the recent supply-chain attack on the Trivy vulnerability scanner, and also an NPM-based cam

Microsoft Defender disrupted a human operated ransomware incident targeting a large educational institution with more than a couple of thousand devices. The attacker attempted to weaponize Group Policy Objects (GPOs) to tamper with security controls and distribute ransomware via

Starting the week of March 9, 2026, Arctic Wolf observed malicious activity in customer environments potentially linked to the exploitation of CVE-2025-32975 on unpatched Quest KACE Systems Management Appliance (SMA) instances that were publicly exposed to the internet. This vuln

QNAP fixed four vulnerabilities shown at Pwn2Own 2025 that could enable code execution, data access, or system disruption. Taiwanese vendor QNAP has addressed multiple vulnerabilities, including four SD-WAN router issues (CVE-2025-62843 to CVE-2025-62846) demonstrated at the Pwn2

CTI-REALM is Microsoft's open-source benchmark for evaluating AI agents on real-world detection engineering--turning cyber threat intelligence (CTI) into validated detections. CTI-REALM (Cyber Threat Real World Evaluation and LLM Benchmarking) extends the scope to detection rule

A series of attacks on Libyan organizations hit an oil refinery, a telecoms organization and a state institution between November 2025 and February 2026. These attacks delivered the AsyncRAT backdoor, which is a publicly available backdoor that has previously been used by state-s

A website that made millions of pounds from the sale of illegal drugs has been infiltrated by Met Police officers in their latest major operation to crack down on cybercrime. In June 2025, the Met's Cyber Crime Unit became aware of AEGIS Marketplace, a site where individual selle

On March 19, 2026, threat actors compromised Aqua Security's Trivy vulnerability scanner, injecting credential-stealing malware into official releases and GitHub Actions. Organizations using Trivy should audit their environments immediately. Wiz Research identified a multi-facete

A senior member of the Cyber Monitoring Center (CMC), an organization formed last year to monitor, define and classify cyber events impacting UK organizations, this week questioned whether a £1.5 billion (about $2 billion) government loan guarantee provided to Jaguar Land Rover (

Water utilities are finding that letting information flow can flush out cybersecurity problems. The water industry, it is noted, has a security issue: Many utilities operate with ageing systems and minimal IT or cybersecurity personnel. However, by coordinating responses to cyber

Himmelblau is a critical interoperability suite used by enterprises to bridge the gap between Linux ecosystems and Microsoft Azure Entra ID and Intune. It enables organizations to manage Linux fleets with the same identity and policy controls commonly applied to Windows devices,

Contrary to what some believe, cybercrime is not a kids' game. Middle-aged adults, not teenagers, now make up the biggest chunk of people getting busted. Law enforcement data shows profit-driven cybercrime is dominated by 35- to 44-year-olds, not script kiddies. This is according

The University of Hawaii’s (UHs) Cancer Center made public last week that it was the victim of a ransomware attack dating back to last summer that included the exposure of Social Security and driver’s license records for 1.2 million people. In a public release on Feb. 27, the uni

ISO/IEC 42001 is an international standard that specifies requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS) within organizations. It is designed for entities providing or utilizing AI-based prod

Google Chrome will shift from a four-week to a two-week release cycle to roll out new features, bug fixes, and performance improvements more frequently. With the release of Chrome 153 on September 8, Google will start shipping two new stable versions of the browser every month, b

Today, Google's Threat Intelligence Group published findings on what they've named "Coruna," a powerful iOS exploit kit containing 23 exploits across five full exploit chains targeting iPhones running iOS 13 through 17.2.1. Over the past several weeks, iVerify researchers have be

A threat actor tracked as D-Shortiez has been running a persistent malvertising campaign that turns a WebKit browser behavior into a trap, forcing iOS Safari users into scam pages with no easy way out. The campaign is not entirely new in concept — forced redirect attacks have lon

Our investigation uncovered a new backdoor, dubbed Keenadu, which mirrored Triada’s behavior by embedding itself into the firmware to compromise every app launched on the device. Keenadu proved to have a significant footprint; following its initial detection, we saw a surge in su

Hackers used a fake Oura MCP server to trick users into downloading malware that installs the StealC info-stealer. Straiker’s AI Research (STAR) Labs team uncovered a SmartLoader campaign in which attackers cloned a legitimate MCP server linked to Oura Health to spread the StealC

A new beta version of Android 17 has been released, bringing a range of privacy, security and performance changes aimed at strengthening app protections and improving developer workflows. The update marks the first public beta of the mobile operating system and introduces structu

An interesting phishing email was recently detected, offering insights into new “TTPs” (“tools, techniques & procedures”). This specific campaign targets users of Metamask, a popular software crypto wallet widely available as a browser extension and mobile app. The core of the ph

A stack-based buffer overflow vulnerability (CVE-2026-1361) exists in ASDA_Soft version 7.2.0.0 when parsing .par files. The root cause is the improper validation of a user-controlled size parameter, which is checked incorrectly against the upper limits of the local buffer. This

Successful exploitation of these vulnerabilities may allow code execution with elevated privileges. The following versions of GE Vernova Enervista UR Setup are affected: Enervista UR Setup <8.70 (CVE-2026-1762, CVE-2026-1763). The vulnerabilities impact Critical Infrastructure

Mandiant and Google Threat Intelligence Group (GTIG) have identified the zero-day exploitation of a high-risk vulnerability in Dell RecoverPoint for Virtual Machines, tracked as CVE-2026-22769, with a CVSSv3.1 score of 10.0. Analysis of incident response engagements revealed that

The Orca Research Pod discovered an AI-driven vulnerability in GitHub Codespaces that enabled a full repository takeover via passive prompt injection. Attackers can craft hidden instructions inside a GitHub Issue that are automatically processed by GitHub Copilot, giving them sil

Washington Hotel, a brand operating under Fujita Kanko Inc. (WHG Hotels), is a business-focused hospitality chain with 30 locations across Japan. WHG has 11,000 rooms over its properties and has nearly 5 million guests every year. The Washington Hotel brand in Japan has announced

Eurail B.V., the operator that provides access to 250,000 kilometers of European railways, confirmed that data stolen in a breach earlier this year is being offered for sale on the dark web. The company said that a threat actor also published a sample of the data on the Telegram

Technologies are evolving fast, reshaping economies, governance, and daily life. Yet, as innovation accelerates, so do digital risks. For Lithuania, from e-signatures to digital health records, the country depends on secure systems. Cybersecurity has become not only a technical c

Two independent authenticated Remote Code Execution vulnerabilities were discovered in Netgate pfSense Community Edition. Both were reproduced on clean installations. The vendor was contacted and acknowledged the reports but classified both as expected behavior for authenticated

A security flaw at DavaIndia Pharmacy exposed customer data and gave outsiders full admin control of its systems. DavaIndia is a large Indian pharmacy retail chain focused on selling affordable generic medicines. Operated by Zota Health Care Ltd., the brand promotes low-cost alte

A new alleged Russia-linked APT group targeted Ukrainian defense, government, and energy groups, with CANFAIL malware. Google Threat Intelligence Group identified a previously undocumented threat actor behind attacks on Ukrainian organizations using CANFAIL malware. The group is

LAB52 has been monitoring a campaign dubbed “Operation MacroMaze”, attributed to APT28, also known as Fancy Bear, Forest Blizzard or FROZENLAKE. Active since late September 2025 through January 2026, the campaign targets specific entities in Western and Central Europe. It relies

Fintech firm Figure confirmed a data breach after hackers used social engineering to trick an employee and steal a limited number of files. Blockchain-based lending firm Figure confirmed a data breach after an employee fell victim to a social engineering attack. According to a co

Threat actors are sending physical letters pretending to be from Trezor and Ledger, makers of cryptocurrency hardware wallets, to trick users into submitting recovery phrases in crypto theft attacks. These phishing letters claim recipients must complete a mandatory "Authenticatio

A threat actor is reportedly selling a purported critical severity zero-day exploit chain targeting OpenSea for $100,000 USD in Bitcoin or Monero. The listing claims the vulnerability remains unpatched and undisclosed, raising alarms in the NFT community. The exploit allegedly ta

A Ukrainian man who developed and managed the IcedID malware botnet faked his own death in an attempt to escape the FBI and jail time in the US. The unnamed suspect bribed Ukrainian cops to falsify a dead man's documents and issue a death certificate in his name. According to cou

The threat intelligence landscape is often dominated with talks of sophisticated TTPs (tactics, tools, and procedures), zero-day vulnerabilities, and ransomware. While these technical threats are formidable, they are still managed by human beings, and it is the human element that

Historically, taking a product from 'Ready' to 'Authorized' in the FedRAMP process is a marathon that can span multiple years, often forcing innovation to a standstill. Focusing on risk doesn’t just satisfy an audit; it clears the path for continuous innovation. Viewing FedRAMP a

The Cyber Security Agency of Singapore (CSA) and the Infocomm Media Development Authority (IMDA) shared details of a multi-agency cybersecurity operation, codenamed Operation CYBER GUARDIAN, to defend our telecommunications sector. On 18 July 2025, Coordinating Minister for Natio

Last week, 27-year-old Kyle Svara of Oswego, Illinois admitted to hacking women’s Snapchat accounts across the US. Between May 2020 and February 2021, Svara harvested account security codes from 571 victims, leading to confirmed unauthorized access to at least 59 accounts. Rather

Attackers are using Pride Month themed phishing emails to target employees worldwide, abusing trusted email platforms like SendGrid to harvest credentials. Pride Month does not begin until June 1, 2026, but scammers have already begun targeting employees with Pride themed phishin

A newly documented Linux botnet named SSHStalker is using the IRC (Internet Relay Chat) communication protocol for command-and-control (C2) operations. The SSHStalker botnet relies on classic IRC mechanics such as multiple C-based bots and multi-server/channel redundancy instead

You've long been able to ask Google to remove certain personal information from its search results, such as your name, home address, phone number, and email address. But now the search giant has expanded the types of details it will delete in response to your request. First up, y