weekly
This week’s pattern is ugly and simple: Seedworm is reportedly already sitting inside multiple U.S. organizations, Coruna shows spy-grade iPhone exploitation bleeding into broader use, and KEV + March patch drops are shrinking defender response time from “soon” to “right now.”
![[DEEP RESEARCH] When Gambling Becomes a Money-Transfer Rail](/content/images/size/w600/2026/03/z-1.png)
deep research
Casinos and iGaming platforms can quietly act like informal money-transfer channels when intermediaries use gaming flows to move value between third parties. This summary highlights where that happens, what it looks like in logs, and how technical teams can help shut it down.
![[DEEP RESEARCH] Who’s Most Likely to Abuse MCP Integrations? UNC3944, TraderTraitor, UNC6293](/content/images/size/w600/2026/03/z.png)
ai
Three intrusion sets already excel at getting users to approve tools and auth flows. This assessment is probabilistic: it highlights who is best positioned to adapt that tradecraft to MCP-style environments next..
weekly
Edge + identity + AI = the new “oops.” 😬🧨🤖 ED 26-03 on Cisco Catalyst SD-WAN exploitation, OAuth redirect abuse that lands users in malware without token theft, plus Gemini panel hijack vs indirect prompt injection in the wild.
![[FORECAST UPDATED] AI Agents as Regulated C2: Will Anyone Be Forced to Act?](/content/images/size/w600/2026/02/z-11.png)
forecasts
🤖🔒 AI agents = privileged integrations you can’t see. After GTG-1002 + vendors pushing agent access standards, the next shoe drops: do regulators/hyperscalers force default-on signed connectors + audit logs (aka “regulated C2”)?
![[FORECAST] Fortune 500s: Will Prompt Injection Trick IDE Agent Mode into Running Commands—or Leaking Secrets—by 2026?](/content/images/size/w600/2026/02/z-10.png)
forecasts
Recent agent-mode rollouts make ‘read files + run tasks’ normal. Prompt injection makes that risky. Here’s the forecast..
weekly
Your firewall isn’t the perimeter. It’s the onboarding portal. 🔥
![[FORECAST] Dismantled or Displaced? Cambodia’s Scam-Compound Crackdown by 2030?](/content/images/size/w600/2026/02/z-7.png)
Cambodia says it sealed off ~190 scam sites. 🧨 Now the real question: dismantled or displaced? 🧱🚚 Our forecast uses grown-up metrics (convictions + asset denial + independent compound counts).
Fake CAPTCHA ➜ “paste this PowerShell.” 🙃 Linked-device pairing ➜ quiet account takeovers. 👻 Device-code phishing ➜ legit login page, attacker gets tokens. 🔑
“Normal traffic” is now an attacker costume. 🥸🏠 Residential proxies borrow real home ISP IPs, making sprays/scrapes/SaaS intrusion blend in. Don’t rage-block—use tiered friction (identity+behavior) w/ proxy intel as a risk multiplier.
Your new “AI helper” is basically shadow IT with hands 🤖🧨 Untrusted content → model decides → tools execute. That’s the breach loop.
Your CTI Flight Crew — Anticipate, Don’t Chase.
Your backup system isn’t your parachute. It’s a beachhead. 🏖️ Mandiant/GTIG report UNC6201 exploiting Dell RP4VM (CVE-2026-22769, CVSS 10.0). Hardcoded credential → OS-level control + root persistence.
Cambodia says it sealed off ~190 scam sites. 🧨 Now the real question: dismantled or displaced? 🧱🚚 Our forecast uses grown-up metrics (convictions + asset denial + independent compound counts).
Your control plane isn’t infrastructure. It’s leverage. 🔥
Your SOC isn’t understaffed. It’s late. ⏱️😈 Attackers aren’t scaling with malware—they’re scaling with OAuth + tokens + “normal” API exports. Big tech wins by yanking kill-switches fast. Can you revoke an OAuth grant in <30 min?
Fake CAPTCHA ➜ “paste this PowerShell.” 🙃 Linked-device pairing ➜ quiet account takeovers. 👻 Device-code phishing ➜ legit login page, attacker gets tokens. 🔑
Pre-filled AI prompt links: now a delivery vector. Microsoft warns they can poison assistant recommendations + memory. 🧠🧪
![[DEEP RESEARCH] BadIIS Isn’t Enough: The IIS Module + HTTP Fingerprints That Catch SEO-Fraud Cloaking](/content/images/size/w600/2026/02/z-2.png)
*Vendors are naming slices of the same IIS SEO fraud problem differently. This summary aligns those labels into one unified hunt surface and shows how to separate UAT-8099/WEBJACK from other BadIIS-style activity using concrete host and HTTP fingerprints.*
“Normal traffic” is now an attacker costume. 🥸🏠 Residential proxies borrow real home ISP IPs, making sprays/scrapes/SaaS intrusion blend in. Don’t rage-block—use tiered friction (identity+behavior) w/ proxy intel as a risk multiplier.
MFA isn’t “done.” It’s now the excuse attackers use on the phone. ☎️😈🔑 Vishing → MFA reset/re-enroll → post-login SaaS data grabs. Plus: selective Notepad++ updater abuse + proxy traffic making IP rep cry.
![[FORECAST] ShinyHunters SaaS Data Theft: Why Non-Ransom Monetization Looks Increasingly Attractive](/content/images/size/w600/2026/02/z.png)
Our new forecast asks: will ShinyHunters make more in 2H 2026 by selling SaaS access/data than by getting paid? Signals say yes. 🕵️♂️💸☁️
Your new “AI helper” is basically shadow IT with hands 🤖🧨 Untrusted content → model decides → tools execute. That’s the breach loop.
KEV speedrun of the week 🏁: Office CVE-2026-21509 + WinRAR CVE-2025-8088. Patch anyway… then protect sessions 🍪 (Teams QR/callback lures 📱, SSO/SAML token abuse)