cl0p
Cl0p’s Leak Sites: 20% Chance They Go Dark by Apr 22, 2026
Forecast: 20% chance Cl0p’s leak sites go dark by Apr 22, 2026. Needs a seizure banner or ≥14 days down w/ LE attribution. Cronos showed it’s doable; mirrors make it brutal.
forecasts
forecasts
COLDRIVER’s Next Move
COLDRIVER went from LOSTKEYS to a full “ROBOT” chain and ClickFix tricks—then started poking linked-device flows. We put 75% on a truly new family or access vector within 12 months.
ta558
TA558 2026: The Quiet Upgrade
Which scenario will best describe TA558’s (aka RevengeHotels) evolution by June 30, 2026?
forecasts
By Dec 31, 2025, will a reputable primary source (Oracle, CISA, Mandiant/MSTIC, affected org’s SEC 8-K/IR blog) confirm at least one breach where CVE-2025-61882 was the initial access vector?
Oracle EBS zero-day (CVE-2025-61882): OOB patch, KEV-listed, exec extortion emails flying. We’re at 76% that a primary source names it as initial access by 12/31. Raise or fade? 🧨🧭
china
Will RedNovember be publicly reported to exploit at least one zero-day vulnerability in 2026?
RedNovember likely stays fast-follow on edge devices using N-days and public PoCs, not 0-days. China-nexus peers show willingness to burn edge 0-days, so a pivot is plausible but not base case...
unc5221
By Dec 31, 2025, will UNC5221 be publicly linked to exploiting at least one new zero-day?
Question: By Dec 31, 2025, will UNC5221 be publicly linked to exploiting at least one new zero-day in a non-Ivanti edge platform (e.g., VMware vCenter/ESXi, Citrix NetScaler, F5, Palo Alto, Fortinet)?