weekly
đ§ Taiwan CI pressure looks like recon + access maintenance, not a one-off headline. đ©č Patch Tuesday + KEV = attacker shopping list. âïž And Salesforce Aura/Experience Cloud exposure? No patch⊠just âsurprise, itâs public.â
scam
Holiday scammers are running peak-season ops đŠđ âDelivery problemâ texts, AI âfamily emergencyâ calls, and âpay via gift card/Zelleâ pressure. Rule: donât click, hang up + call back, never gift cards/crypto/wires.
forecasts
Weâre at 29% that RedNovember will be publicly reported exploiting at least one zeroâday in 2026 under strict timing and attribution rules. The hinge is whether the group escalates beyond PoCâdriven Nâday edge exploits and whether attribution survives rebranding.
romance-scam
Thailand pulled the plug. The grift brought generators + Starlink. Shift northâsouth (Shwe Kokko/Myawaddy; Tachileik/Mae Sai). Squeeze OTC cash-outs + first-funding friction, or watch it respawn.
c2
Attackers are rapidly shifting to modular, cloud-integrated C2 frameworksâSliver, Havoc, Mythic, Brute Ratel C4, and Cobalt Strikeâblurring lines between APT and cybercrime. These toolsâ stealth, automation, and cloud API abuse are outpacing legacy detection, demanding urgent defensive adaptation.
poisonseed
If your bulk email or CRM gets popped, PoisonSeed rides your good reputation straight past filters and usersâ instincts. Hereâs the fast path to detect and blunt itâwithout boiling the ocean.
ecrime
Three financially motivated clustersâUNC3944 (âScattered Spiderâ), UNC6040, and UNC6395âare driving a surge in SaaS and cloud data theft via social engineering, OAuth abuse, and supply-chain attacks. Their evolving TTPs and anti-forensics are raising the stakes for defenders..
shamos
Shamos, a new Atomic macOS Stealer (AMOS) variant attributed to COOKIE SPIDER, is targeting U.S. tech and education sectors via malvertising and fake support sites.
heartcrypt
In the last 90 days, HeartCrypt-packed ransomware has evaded initial SOC detection in up to 40% of targeted incidents. Attackers no longer waste time building stealth â they rent it. HeartCryptâs PaaS delivers EDR-kill tools, sandbox evasion, and polymorphic payloads at industrial scale.
unc3944
Ransomware groupsâincluding BlackCat/ALPHV, Black Basta, RansomHub, and Dark Angelsâare increasingly targeting VMware ESXi and similar virtualization platforms using advanced hypervisor-level attack techniques. The exploitation of CVE-2024-37085..
dark-partners
Dark Partners is a financially motivated cybercrime group active since at least May 2025, orchestrating large-scale cryptocurrency theft campaigns through a sophisticated infrastructure of fake websites mimicking AI tools, VPN services, crypto wallets, and widely used software brands.
venomrat
VenomRAT, first observed in 2020 as a fork of Quasar RAT, has evolved into a modular, service-based remote access trojan with advanced keylogging, stealth, and evasion capabilities. It is distributed primarily through phishing campaigns and fake antivirus websites (notably Bitdefender clones)...