Home — OverResearched Intelligence

2026-04-29 daily critical

cti daily-brief teampcp gachiloader inc-ransom m3rx cve-2026-42208 cve-2026-42167

CTI Daily Brief: 2026-04-28 - LiteLLM SQLi (CVE-2026-42208) actively exploited; ProFTPD CVE-2026-42167 PoC released; TeamPCP linked to VECT 2.0 wiper

Two critical vulnerabilities under active or PoC exploitation (LiteLLM CVE-2026-42208, ProFTPD CVE-2026-42167); TeamPCP threat group ties LiteLLM exploitation to broken VECT 2.0 ransomware acting as a wiper; sustained ransomware extortion...

2026-04-28 daily critical

cti daily-brief cve-2026-3854 qilin shinyhunters lapsus scattered-spider kimsuky

CTI Daily Brief: 2026-04-27 - Critical GitHub RCE (CVE-2026-3854) actively exploitable; ShinyHunters, LAPSUS$ and Qilin dominate ransomware activity

Wiz disclosed CVE-2026-3854, a critical RCE in GitHub.com and GitHub Enterprise Server with 88% of GHES instances still unpatched. ShinyHunters monetised the Anodot supply-chain compromise (Vimeo, Pitney Bowes 8.2M breach),...

2026-04-27 daily high

cti daily-brief qilin inc-ransom shinyhunters ransomlook tridentlocker udemy

CTI Daily Brief: 2026-04-26 - ShinyHunters Leak 1.4M Udemy Accounts; Qilin, Inc Ransom and Tridentlocker Post New Victims

Eight high-severity reports dominated by ransomware leak-site activity from Qilin, Inc Ransom, Tridentlocker and Payload, alongside a ShinyHunters extortion of Udemy exposing 1.4 million accounts and republished Microsoft advisories for...

2026-04-27 weekly critical

cti weekly-brief uat-4356 qilin shai-hulud cve-2026-33825 cve-2026-34197

CTI Weekly Brief: 2026-04-20 to 2026-04-26 - Three CISA KEV additions, ArcaneDoor returns to Cisco Firepower, Qilin RaaS dominates the leak-site economy

611 reports processed across 14 correlation batches. UAT-4356 (ArcaneDoor) deploys FIRESTARTER on Cisco Firepower devices; CISA KEV additions for Microsoft Defender BlueHammer, Cisco SD-WAN, and Apache ActiveMQ; Microsoft ships out-of-band...

2026-04-26 daily critical

cti daily-brief qilin lockbit5 m3rx cve-2026-3844 cve-2026-23359

CTI Daily Brief: 2026-04-25 — Critical Breeze Cache RCE PoC circulating; Qilin, Lockbit5, M3rx ransomware surge

Two critical vulnerabilities lead the day: a public PoC for CVE-2026-3844 (Breeze Cache unauthenticated RCE) circulating on Telegram, and a Linux BPF stack-out-of-bounds write (CVE-2026-23359). Ransomware activity dominates the picture...

2026-04-25 daily critical

cti daily-brief qilin teampcp uat-4356 unc6692 shinyhunters shai-hulud firestarter snow-malware

CTI Daily Brief: 2026-04-24 - Shai-Hulud npm worm escalates, UAT-4356 Firestarter persists on Cisco firewalls, UNC6692 abuses Teams to drop Snow malware

Unit 42 details the post-Shai-Hulud npm supply chain landscape with TeamPCP republishing trojanised packages; CISA and NCSC warn that UAT-4356's Firestarter implant survives Cisco ASA/FTD patching; Mandiant exposes UNC6692 using...

2026-04-24 daily critical

cti daily-brief shinyhunters qilin the-gentlemen blackfile cve-2026-3844 cve-2026-41651 cve-2025-48700

CTI Daily Brief: 2026-04-23 - Breeze Cache WordPress plugin actively exploited; CISA adds four KEVs; ShinyHunters hits ADT and Carnival

Critical Breeze Cache WordPress RCE under active exploitation, CISA adds four new KEV entries, 10K+ Zimbra servers unpatched, ShinyHunters breaches ADT and Carnival, new BlackFile vishing gang, Pack2TheRoot Linux LPE,...

2026-04-23 daily high

cti daily-brief hexagonalrodent famous-chollima inc-ransom dragonforce chaos-raas embargo cve-2026-39813 cve-2026-28950

CTI Daily Brief: 2026-04-22 — HexagonalRodent DPRK $12M Crypto Heist, RaaS Sophistication Surge, FortiSandbox Path Traversal

DPRK-linked HexagonalRodent siphons $12M from 26,584 crypto wallets via fake job lures; Embargo, Chaos, DragonForce, and Inc Ransom drive a RaaS sophistication trend; FortiSandbox CVE-2026-39813 path-traversal auth bypass disclosed; Apple...

2026-04-22 daily critical

cti daily-brief harvester lazarus-group hexagonalrodent lockbit5 dragonforce cve-2026-40372 cve-2026-32201 cve-2026-33626 fudcrypt gogra airsnitch

CTI Daily Brief: 2026-04-21 - CISA KEV SharePoint CVE-2026-32201 with 1,300+ unpatched; Microsoft OOB patch for ASP.NET CVE-2026-40372; Harvester APT deploys Linux GoGra; Lazarus macOS campaign

51 reports processed across 3 correlation batches. Microsoft issues out-of-band patch for critical ASP.NET Core flaw CVE-2026-40372; Shadowserver warns 1,300+ SharePoint servers remain unpatched against CISA KEV-listed CVE-2026-32201; Unit 42...

2026-04-21 daily critical

cti daily-brief lazarus-group scattered-spider qilin the-gentlemen void-dokkaebi cve-2026-20133 cve-2026-34197 lotus-wiper

CTI Daily Brief: 2026-04-20 - CISA adds Cisco SD-WAN flaw to KEV; Lotus wiper hits Venezuelan energy; Lazarus steals $290M from KelpDAO

89 reports processed across 2 correlation batches. CISA adds actively exploited Cisco Catalyst SD-WAN flaw (CVE-2026-20133) to KEV with a 4-day patch deadline; destructive Lotus wiper used against Venezuelan energy...

2026-04-20 daily high

cti daily-brief the-gentlemen qilin everest lazarus scattered-spider axios-npm context-ai

CTI Daily Brief: 2026-04-19 — CISA Axios npm Supply Chain Alert; North Korean Lazarus $290M Kelp Heist; Microsoft Teams Helpdesk Impersonation

53 reports across 13 sources. CISA issued an emergency alert on a compromised Axios npm package delivering a RAT; Lazarus sub-group TraderTraitor stole $290M from LayerZero/Kelp; Microsoft warned of Teams-based...

2026-04-20 weekly critical

cti weekly-brief everest qilin dragonforce coinbase-cartel the-gentlemen nkabuse ransomlock cve-2026-32201 cve-2026-33825 cve-2026-33032 cve-2026-39987

CTI Weekly Brief: 2026-04-13 to 2026-04-19 - Microsoft Patch Tuesday delivers 167 fixes and two zero-days as RedSun LPE, protobuf.js RCE and Nginx UI exploitation escalate alongside a surging Everest/Qilin/Gentlemen ransomware wave

Microsoft shipped 167 April fixes with two zero-days (CVE-2026-32201 exploited; CVE-2026-33825 Defender LPE public) while a second Defender zero-day PoC (RedSun) grants SYSTEM on fully patched hosts. A critical protobuf.js...

2026-04-19 daily high

cti daily-brief the-gentlemen qilin coinbase-cartel shinyhunters cve-2026-4786 cve-2026-6100

CTI Daily Brief: 2026-04-18 - Vercel/ShinyHunters breach, Gentlemen & Qilin RaaS surge, Apple alert abuse, Microsoft CVE batch

Vercel confirms ShinyHunters-claimed breach; Apple account alerts abused to deliver phishing via legitimate infrastructure; Gentlemen and Qilin ransomware expand across logistics, legal, healthcare; Microsoft publishes advisories for CPython and tar-rs...

2026-04-18 daily critical

cti daily-brief qilin coinbase-cartel kairos cyber-av3ngers protobuf-rce

CTI Daily Brief: 2026-04-17 - Critical Protobuf.js RCE PoC; Iran-Linked Cyber Av3ngers Pivot to Rockwell ICS; RaaS Surge from Qilin, Kairos & Coinbase Cartel

PoC released for critical RCE in protobuf.js (GHSA-xq3m-2v4x-88gg); Unit 42 details Iranian Cyber Av3ngers (CL-STA-1128) targeting Rockwell Automation OT/ICS; 19 fresh ransomware leak-site postings spanning Qilin, Kairos, Coinbase Cartel, Blackwater,...

2026-04-17 daily critical

cti daily-brief redsun bluehammer shinyhunters dragonforce safepay cve-2026-33825 cve-2023-33538

CTI Daily Brief: 2026-04-16 - RedSun Defender Zero-Day Exploited in the Wild; ShinyHunters Dumps 2.1M Amtrak Records

Huntress confirms active exploitation of three leaked Microsoft Defender zero-days (BlueHammer/RedSun/UnDefend); ShinyHunters publishes 2.1M Amtrak Salesforce records; DragonForce and Safepay RaaS activity dominates ransomware volume; Unit 42 detects renewed scanning...

2026-04-16 daily critical

cti daily-brief shinyhunters uac-0247 nkabuse agingfly cve-2026-39987 cve-2026-33032

CTI Daily Brief: 2026-04-15 - In-the-wild exploitation of Marimo (CVE-2026-39987) and Nginx UI (CVE-2026-33032); ShinyHunters leaks 13.5M McGraw Hill records

48 reports processed across two correlation batches. Three critical vulnerabilities under active exploitation or requiring urgent customer action (Marimo, Nginx UI, Cisco Webex). ShinyHunters publishes 13.5M McGraw Hill records from...

2026-04-16 monthly critical

cti monthly-report teampcp canisterworm handala qilin darksword cve-2026-20963 cve-2026-3909 cve-2026-3910 tycoon2fa react2shell voidlink

CTI Monthly Report: March 2026 - TeamPCP Supply Chain Siege, CanisterWorm Iran Wiper, Handala Stryker Intrusion, DarkSword iOS KEV, Ransomware Surge

March 2026 saw a historic supply chain campaign by TeamPCP across Trivy, LiteLLM, Checkmarx KICS, Telnyx, Axios, and OpenVSX; the CanisterWorm Kubernetes wiper targeting Iranian infrastructure; Handala's destructive wipe of...

2026-04-15 daily critical

cti daily-brief coinbase-cartel dragonforce qilin the-gentlemen nwhstealer cve-2026-5501 cve-2026-5460 wolfssl

CTI Daily Brief: 2026-04-14 — 15 Critical CVEs in OSS Crypto/Runtime Libraries; Signed Adware Killing AV; Trust Wallet Drainer Campaign

15 critical CVEs disclosed across wolfSSL, XZ Utils, Go runtime, libinput and Handlebars.js; Huntress exposes signed 'Dragon Boss Solutions' adware disabling AV on 23,500 hosts; AlienVault flags NWHStealer and Trust...

2026-04-14 daily critical

cti daily-brief qilin dragonforce interlock cve-2026-32201 cve-2026-33825 patch-tuesday

CTI Daily Brief: 2026-04-13 - Microsoft April Patch Tuesday (167 flaws, 2 zero-days incl. actively-exploited SharePoint); Interlock ransomware exploits Cisco FMC zero-day

Microsoft April 2026 Patch Tuesday addresses 167 vulnerabilities including an actively-exploited SharePoint spoofing zero-day (CVE-2026-32201) and a publicly-disclosed Defender EoP (CVE-2026-33825). Interlock ransomware group is exploiting a Cisco FMC zero-day,...

2026-04-13 daily critical

cti daily-brief lazarus-group dragonforce qilin cve-2026-34621 phantompulse storm-stealer

CTI Daily Brief: 2026-04-12 - Adobe Acrobat zero-day CVE-2026-34621 added to CISA KEV; DPRK npm package targets Polymarket; FBI/Indonesia dismantle W3LL PhaaS

66 reports processed. Adobe Acrobat/Reader zero-day (CVE-2026-34621) under active exploitation joined CISA KEV alongside six other CVEs. DPRK Lazarus pushes malicious npm package targeting Polymarket trading bots. FBI and Indonesian...

2026-04-13 weekly critical

cti weekly-brief apt28 coinbase-cartel contagious-interview cve-2026-39987 axios qilin

CTI Weekly Brief: 6 Apr – 12 Apr 2026 - State-Sponsored DNS Hijacking, Supply Chain Compromises, and Ransomware Cartel Surge

A high-tempo week dominated by APT28 router-based DNS hijacking for OAuth token theft, dual supply-chain attacks on Axios and DPRK's Contagious Interview campaign, Iranian OT targeting of US critical infrastructure,...

2026-04-12 daily critical

cti daily-brief cve-2026-39987 lamashtu krybit inc-ransom

CTI Daily Brief: 2026-04-11 - Marimo RCE Under Active Exploitation; Krybit and Lamashtu Ransomware Surge

36 reports processed across 5 sources. Two critical vulnerabilities disclosed — CVE-2026-39987 (Marimo pre-auth RCE) confirmed actively exploited within hours of disclosure, and CVE-2026-34757 (LIBPNG use-after-free). Ransomware operations dominated the...

2026-04-11 daily critical

cti daily-brief the-gentlemen shinyhunters nightspire cve-2026-33810 cve-2026-5890 chromium

CTI Daily Brief: 2026-04-10 — Four critical CVEs (crypto/x509 auth bypass, Linux TOCTOU root escape, heap overflow, Chromium WebCodecs race); The Gentlemen and ShinyHunters ransomware escalate

124 reports processed: four critical vulnerability alerts affecting Go crypto/x509, Linux, and Chromium WebCodecs; ransomware leak activity by The Gentlemen, Nightspire and ShinyHunters dominates the criminal landscape.

2026-04-10 daily critical

cti daily-brief qilin the-gentlemen inc-ransom pear storm-2755 cve-2026-32241

CTI Daily Brief: 2026-04-09 - Flannel cross-node RCE (CVE-2026-32241), iOS kexploit, Iranian ICS targeting, CPUID supply-chain compromise

52 reports processed. Critical Flannel cross-node RCE and an iOS 18/26 kexploit headline the day. Iranian state-backed actors targeting ~4,000 US Rockwell PLCs, a CPUID supply-chain compromise pushing trojanised CPU-Z/HWMonitor,...

2026-04-09 daily critical

cti daily-brief qilin macsync-stealer adobe-reader cups unc6783

CTI Daily Brief: 2026-04-08 — Adobe Reader Zero-Day Exploited in Wild; Marimo RCE Weaponised in Under 10 Hours; Qilin Ransomware Surge

89 reports processed across 15 sources. Critical zero-day exploitation of Adobe Reader ongoing since December. Marimo Python notebook RCE exploited within 10 hours of disclosure. CISA ICS advisory for Contemporary...

2026-04-08 daily critical

cti daily-brief coinbase-cartel cve-2026-1340 teampcp contagious-interview lucidrook

CTI Daily Brief: 2026-04-07 — Iran OT Sabotage Campaign, CISA KEV Ivanti EPMM, Coinbase Cartel RaaS Blitz

70 reports processed across 15 sources. Iranian APT groups actively sabotaging US energy and water OT infrastructure. CISA added CVE-2026-1340 (Ivanti EPMM) to the KEV catalogue with an April 11...

2026-04-07 daily critical

cti daily-brief cyberav3ngers dragonforce the-gentlemen flowise revil

CTI Daily Brief: 2026-04-06 — Iranian APT Targets US Critical Infrastructure PLCs; Russian Cyber Units Hijack Home Routers; Flowise RCE Exploited in the Wild

79 reports processed across 15 sources. Dominant themes include Iranian APT targeting of Rockwell/Allen-Bradley PLCs in US critical infrastructure, Russian GRU-linked router hijacking campaigns to steal Microsoft 365 tokens, active...

2026-04-07 weekly critical

cti weekly-brief teampcp dragonforce akira qilin axios cve-2026-35616

CTI Weekly Brief: 30 Mar – 05 Apr 2026 — TeamPCP Supply Chain Escalation, Axios npm Compromise, and Ransomware Surge Across Critical Sectors

523 reports processed across 14 correlation batches. The week was dominated by the TeamPCP supply chain campaign reaching the European Commission, the North Korean-attributed Axios npm compromise, a critical FortiClient...

2026-04-06 daily critical

cti daily-brief storm-1175 medusa cve-2026-35616 unc4736 revil the-gentlemen akira

CTI Daily Brief: 2026-04-05 — Fortinet EMS Zero-Day Added to CISA KEV; Storm-1175 Chains Medusa Ransomware with Zero-Day Exploits; North Korean Hackers Behind $280M Drift Crypto Theft

Critical 24-hour period dominated by active exploitation of Fortinet FortiClient EMS (CVE-2026-35616) added to CISA KEV, Microsoft attribution of Storm-1175 to Medusa ransomware zero-day campaigns, a $280M North Korean crypto...

2026-04-05 daily critical

cti daily-brief shinyhunters dragonforce play-ransomware cve-2026-35616 unc1069

CTI Daily Brief: 2026-04-04 — FortiClient EMS Zero-Day Exploited, Axios npm Supply Chain Attack Linked to North Korea, DragonForce RaaS Campaigns Continue

Eight critical reports dominated the 24-hour cycle, led by an actively exploited FortiClient EMS zero-day (CVE-2026-35616), a North Korean supply chain attack on the Axios npm package, and continued DragonForce...

2026-04-04 daily critical

cti daily-brief dragonforce inc-ransom bqtlock eviltokens supply-chain

CTI Daily Brief: 2026-04-03 — DragonForce RaaS Cartel Surges, BQTLock Hits US Hospital, Device Code Phishing Explodes 37x

Ransomware-as-a-service operations dominated the threat landscape with DragonForce claiming five victims across pharma, manufacturing, and retail sectors while BQTLock exfiltrated 5.3TB from a US hospital. Device code phishing attacks surged...

2026-04-03 daily critical

cti daily-brief teampcp akira qilin chromium vidar supply-chain

CTI Daily Brief: 2026-04-02 — TeamPCP Supply Chain Campaign Breaches European Commission, Chromium V8 Critical CVEs, Akira Ransomware Surge

Supply chain attacks dominate the threat landscape as TeamPCP's Trivy compromise reaches the European Commission, six critical Chromium CVEs disclosed, Akira and Nightspire ransomware groups claim multiple victims, and DPRK-linked...

2026-04-02 daily critical

cti daily-brief dragonforce qilin north-korean-hackers darksword handala cve-2025-53521

CTI Daily Brief: 2026-04-01 — DPRK-Linked $280M Drift Crypto Heist, Qilin EDR Killer Analysis, F5 BIG-IP APM Actively Exploited

High-tempo day dominated by a $280M cryptocurrency theft attributed to North Korea, Cisco Talos analysis of Qilin's EDR-killing infection chain, active exploitation of F5 BIG-IP APM and Apple DarkSword iOS...

2026-04-01 daily critical

cti daily-brief unc1069 teampcp axios darksword novoice akira qilin shinyhunters

CTI Daily Brief: 2026-03-31 — Axios npm Supply Chain Attack Attributed to North Korea; Chrome Zero-Day CVE-2026-5281 Exploited in the Wild

Supply chain attacks dominate the threat landscape as the DPRK-attributed axios npm compromise and ongoing TeamPCP campaign against security tooling converge with a fourth Chrome zero-day, mass Android malware on...

2026-03-31 daily critical

cti daily-brief teampcp axios akira cve-2026-3055 eviltokens crysome-rat

CTI Daily Brief: 2026-03-30 - Axios npm Supply Chain Compromise Delivers Cross-Platform RAT; CISA Orders Citrix NetScaler Patch; TeamPCP Post-Compromise Activity Escalates

High-volume day with 133 reports across 15 sources dominated by the Axios npm supply chain compromise delivering cross-platform RATs, CISA emergency directive for CVE-2026-3055 in Citrix NetScaler, TeamPCP post-compromise lateral...

2026-03-30 daily critical

cti daily-brief teampcp play qilin shinyhunters cve-2026-3055 cve-2025-53521 cve-2026-21643 eviltokens handala akira

CTI Daily Brief: 2026-03-29 — Active Exploitation of Citrix, F5, and Fortinet Flaws; PLAY and Qilin Ransomware Surge; TeamPCP Supply Chain Campaign Escalates

Three critical network appliance vulnerabilities under active exploitation (CVE-2026-3055, CVE-2025-53521, CVE-2026-21643), PLAY ransomware claims 10 new victims across multiple sectors, Qilin RaaS operations expand, TeamPCP supply chain campaign linked to...

2026-03-30 weekly critical

cti weekly-brief teampcp qilin shinyhunters handala canisterworm polyshell

CTI Weekly Brief: 23 Mar to 29 Mar 2026 - TeamPCP Supply Chain Campaign Escalates Across PyPI Ecosystem, Ransomware Surge, and Government Sector Breaches

A week dominated by TeamPCP's multi-stage supply chain campaign compromising Trivy, Checkmarx, LiteLLM, and Telnyx on PyPI, alongside elevated ransomware operations from Qilin, Nightspire, Akira, and DragonForce. ShinyHunters breached the...

2026-03-29 daily critical

cti daily-brief exitium nightspire qilin cve-2026-3591 cve-2026-3098

CTI Daily Brief: 2026-03-28 — Exitium Ransomware Exfiltrates 278 GB from IKRON; Nightspire Blitzes Healthcare Sector

Ransomware-dominated day with 27 reports across 3 sources. Exitium group claimed two critical-severity victims including IKRON (278 GB exfiltrated) and Ming Hwei Energy (infrastructure encrypted). Nightspire posted four new healthcare...

2026-03-28 daily critical

cti daily-brief shinyhunters teampcp infinity-stealer coinbase-cartel cve-2026-4442

CTI Daily Brief: 2026-03-27 — ShinyHunters Claims 350 GB European Commission Breach; TeamPCP Supply Chain Campaign Enters Monetization Phase

29 reports processed across 7 sources. Dominant themes include a claimed ShinyHunters breach of European Commission infrastructure, continued TeamPCP supply chain operations via a backdoored Telnyx PyPI package, five critical...

2026-03-27 daily critical

cti daily-brief teampcp shinyhunters dragonforce qilin vidar cve-2026-5279

CTI Daily Brief: 2026-03-26 — TeamPCP Attributed to EU Commission Breach; Chromium Patches 6 Critical CVEs; DPRK-Linked $280M Crypto Heist

57 reports processed across 10 sources. TeamPCP formally attributed by CERT-EU to the European Commission AWS breach exposing 30+ EU entities. Google Chromium patched 17 vulnerabilities including 6 critical memory-safety...

2026-03-26 daily critical

cti daily-brief teampcp qilin coruna voidlink polyshell cve-2026-33634

CTI Daily Brief: 2026-03-25 — TeamPCP Supply Chain Campaign Widens With CISA KEV Addition; Qilin Ransomware Surge Across Multiple Sectors

155 reports processed across 15 sources. Dominant themes include the expanding TeamPCP supply chain campaign with CISA KEV entry for CVE-2026-33634, mass exploitation of Magento PolyShell targeting 56% of vulnerable...

2026-03-25 daily critical

cti daily-brief teampcp voidlink cve-2026-20963 torg-grabber nightspire

CTI Daily Brief: 2026-03-24 — TeamPCP Supply Chain Campaign Escalates; SharePoint RCE Added to CISA KEV; VoidLink Rootkit Framework Exposed

77 reports processed across 15 sources. Dominant theme: TeamPCP supply chain campaign targeting AI/cloud tooling (LiteLLM, Trivy). Critical SharePoint RCE (CVE-2026-20963) confirmed exploited in the wild and added to CISA...

2026-03-24 daily critical

cti daily-brief teampcp akira pay2key canisterworm tycoon2fa

CTI Daily Brief: 2026-03-23 — TeamPCP Supply Chain Campaign Escalates to LiteLLM; Iran-linked Pay2Key Targets US Healthcare

63 reports processed across 15 sources. TeamPCP's supply chain campaign expanded from Trivy and Checkmarx GitHub Actions into the Python AI/ML ecosystem via compromised LiteLLM PyPI packages. Iran-linked Pay2Key ransomware...

2026-03-23 daily critical

cti daily-brief teampcp handala darksword akira ghostclaw citrix

CTI Daily Brief: 2026-03-22 — Trivy Supply-Chain Attack Escalates, CISA Adds DarkSword iOS Exploits to KEV, FBI Warns of Handala Telegram C2

Supply-chain compromises dominated the reporting period as TeamPCP re-compromised Aqua Security's Trivy scanner and deployed the CanisterWorm wiper against Iranian targets. CISA added three DarkSword iOS exploit-chain CVEs to the...

2026-03-23 weekly critical

cti weekly-brief teampcp interlock handala darksword qilin nightspire

CTI Weekly Brief: 16 Mar – 22 Mar 2026 — Trivy Supply-Chain Compromise, Cisco FMC Zero-Day Exploitation, and FBI Dismantles Iranian MOIS Infrastructure

A high-tempo week dominated by the TeamPCP supply-chain attack on Trivy GitHub Actions, active zero-day exploitation of Cisco Secure FMC by Interlock ransomware, FBI seizures of Iranian Handala infrastructure after...

2026-03-22 daily high

cti daily-brief qilin nightspire voidstealer everest

CTI Daily Brief: 2026-03-21 — Qilin and Nightspire ransomware campaigns surge; VoidStealer debuts novel Chrome ABE bypass

Ransomware dominated the 24-hour reporting window with Qilin claiming six victims and Nightspire adding five. VoidStealer introduced a first-of-its-kind hardware-breakpoint technique to steal Chrome master keys. Correlated trends flagged Citrix...

2026-03-21 daily critical

cti daily-brief teampcp darksword cve-2026-27448 cve-2026-33017

CTI Daily Brief: 2026-03-20 — Trivy Supply-Chain Compromise Distributes Infostealer via GitHub Actions; Linux Kernel and pyOpenSSL Critical CVEs Published

Supply-chain attack on Trivy vulnerability scanner by TeamPCP dominates a 28-report day alongside critical Linux kernel netfilter and pyOpenSSL vulnerabilities, Azure Monitor callback phishing abuse, and a botnet takedown affecting...

2026-03-20 daily critical

cti daily-brief handala interlock beast-ransomware cve-2026-20131 cve-2026-21992 purelog-stealer

CTI Daily Brief: 2026-03-19 — Cisco FMC Zero-Day Exploited by Interlock Ransomware; CISA Adds Five KEVs; FBI Seizes Iran-Linked Handala Infrastructure

Forty-four reports processed across 10 sources. Dominant themes include active exploitation of Cisco FMC CVE-2026-20131 by Interlock ransomware, FBI takedown of Iran MOIS leak sites tied to Stryker healthcare attack,...

2026-03-19 daily critical

cti daily-brief handala apt28 perseus interlock cve-2026-20131 cve-2026-20963

CTI Daily Brief: 2026-03-18 — Handala/Stryker FBI Seizure, Cisco Firewall Zero-Day Added to KEV, SharePoint RCE Exploited in the Wild

67 reports processed across 12 sources. Dominant themes include active exploitation of Cisco FMC (CVE-2026-20131) and SharePoint (CVE-2026-20963) vulnerabilities, FBI seizure of Iran-linked Handala infrastructure after the Stryker wiper attack,...

2026-03-18 daily

cti daily-brief darksword interlock unc6353 glassworm lazarus-group cve-2026-20131 cve-2026-3564

CTI Daily Brief: 2026-03-17 - DarkSword iOS zero-day exploit chain proliferates; Interlock ransomware exploits Cisco FMC zero-day; CISA adds Zimbra XSS to KEV

Critical 24-hour period dominated by the DarkSword iOS exploit chain targeting hundreds of millions of devices across four countries, Interlock ransomware leveraging a Cisco Secure FMC zero-day exploited since January,...

2026-03-17 daily

cti daily-brief cve-2026-3909 boggy-serpens laundry-bear leaknet slopoly hydra-saiga

CTI Daily Brief: 2026-03-16 — CVE-2026-3909 Chromium Skia exploited in the wild; EU sanctions Chinese and Iranian cyber firms; four CISA ICS advisories

High-tempo day with 52 reports across 11 sources. Active exploitation of Chromium Skia CVE-2026-3909, EU cyber sanctions against state-linked entities, four CISA ICS advisories including two at CVSS 9.8, and...

2026-03-17 weekly critical

cti weekly-brief handala void-manticore storm-2561 kadnap cve-2026-3909 cve-2026-3910

CTI Weekly Brief: 10–16 March 2026 — Iran-Linked Wiper Devastates Stryker, Chrome Zero-Days Actively Exploited, FortiGate Intrusions Escalate

A high-tempo week dominated by Iran-linked Handala/Void Manticore wiper operations against medical technology giant Stryker, two actively exploited Chrome zero-days added to the CISA KEV catalogue, critical Veeam Backup &...

2026-03-16 daily critical

cti daily-brief void-manticore handala cve-2025-47813 laundry-bear storm-2561

CTI Daily Brief: 2026-03-15 — CISA Adds Wing FTP Server to KEV; Iran-linked Handala Wipes Stryker Devices via Intune

35 reports processed across 10 sources. Dominant theme: Iranian state-aligned actors shifting to identity-based destruction, demonstrated by the Handala/Void Manticore wipe of ~80,000 Stryker devices via Microsoft Intune. CISA added...

2026-03-16 daily info

cti daily-brief open-source breachforums

CTI Daily Brief: 2026-03-15 — Low-Activity Period; Open-Source Security Tooling and BreachForums Rank-Transfer Activity

A quiet 24-hour period with one informational report on the Betterleaks secrets scanner. Correlation analysis flagged two high-risk trends around open-source vulnerability exploitation and enterprise attack surfaces. No critical-severity items....