weekly
SIGNALS WEEKLY: Chrome 0-Day in the Wild + December Patch Tuesday Priv-Esc
Chrome 0-day in the wild + Windows priv-esc getting abused + OT VNC still exposed like it’s 2009. 😬🔥
espionage
weekly
SIGNALS WEEKLY: Wormed Repos, Multi-Vector APTs, KEV Identity RCE
Wormed npm repos. Multi-vector APTs. KEV-listed identity RCE. If your CI/CD + SSO aren’t on the same crisis board this week, you’re already late. 😈🚨
romcom
RomCom’s WinRAR Exploit: Persistent Startup Folder Attacks and Encrypted C2 Exfiltration Targeting Critical Sectors
Russian-linked RomCom is abusing a critical WinRAR bug to quietly persist in networks, move laterally, and siphon data over encrypted channels — hitting government, finance, and telecom sectors hard. Patch lag is keeping doors wide open.
uac-0226
GIFTEDCROOK’s Strategic Pivot: UAC-0226’s Espionage Surge Amid Ukraine’s Geopolitical Flashpoints
UAC-0226, a threat cluster tracked by CERT-UA has intensified cyber-espionage operations against Ukrainian military, law enforcement, and government institutions since early 2025.