Shamos macOS Infostealer: Malvertising Lures, BYOD Gaps, and Sector Expansion
Shamos, a new Atomic macOS Stealer (AMOS) variant attributed to COOKIE SPIDER, is targeting U.S. tech and education sectors via malvertising and fake support sites.
Read more
Will RedNovember be publicly reported to exploit at least one zero-day vulnerability in 2026?
RedNovember likely stays fast-follow on edge devices using N-days and public PoCs, not 0-days. China-nexus peers show willingness to burn edge 0-days, so a pivot is plausible but not base case...
By Dec 31, 2025, will UNC5221 be publicly linked to exploiting at least one new zero-day?
Question: By Dec 31, 2025, will UNC5221 be publicly linked to exploiting at least one new zero-day in a non-Ivanti edge platform (e.g., VMware vCenter/ESXi, Citrix NetScaler, F5, Palo Alto, Fortinet)?
VoidProxy: AitM Phishing-as-a-Service Quietly Bypasses MFA at Scale
VoidProxy is reshaping the phishing landscape, enabling adversaries to bypass MFA and hijack enterprise cloud sessions with minimal technical skill. Its rapid adoption, use of trusted email providers, and evasive infrastructure demand urgent, layered defenses—especially for organizations...
Modular C2 Frameworks Quietly Redefine Threat Operations for 2025–2026
Attackers are rapidly shifting to modular, cloud-integrated C2 frameworks—Sliver, Havoc, Mythic, Brute Ratel C4, and Cobalt Strike—blurring lines between APT and cybercrime. These tools’ stealth, automation, and cloud API abuse are outpacing legacy detection, demanding urgent defensive adaptation.