weekly
[SIGNALS WEEKLY] Telephony, Observability, and Identity Under Quiet Pressure
The boring stack moved. CUCM WebDialer. Splunk sidecar. Messaging recovery keys. Very normal. Very annoying.
weekly
The boring stack moved. CUCM WebDialer. Splunk sidecar. Messaging recovery keys. Very normal. Very annoying.
forecasts
Fake CAPTCHA ➜ “paste this PowerShell.” 🙃 Linked-device pairing ➜ quiet account takeovers. 👻 Device-code phishing ➜ legit login page, attacker gets tokens. 🔑
weekly
Chrome 0-day in the wild + Windows priv-esc getting abused + OT VNC still exposed like it’s 2009. 😬🔥
space
If your organization consumes satellite data, runs VSATs (very small aperture terminals), or depends on vendors who do—you’re in scope. Since 2020, attackers have shifted from “space” to the easier target: ground networks and cloud storage.
russia
Russia-linked actors leaned hard on OAuth device codes and RDP phishing from Oct 2024–Aug 2025. Providers pushed back in concert. Here’s what changed, what to watch in your logs, and the quickest moves that buy real risk reduction.
romcom
Russian-linked RomCom is abusing a critical WinRAR bug to quietly persist in networks, move laterally, and siphon data over encrypted channels — hitting government, finance, and telecom sectors hard. Patch lag is keeping doors wide open.
darkwatchman
DarkWatchMan is a fileless, modular malware family first observed in late 2021 and attributed to the financially motivated Hive0117 group. The malware is primarily delivered via spear-phishing emails containing password-protected archives, targeting Russian critical infrastructure (energy, etc).
sandworm
Sandworm, a Russian GRU-affiliated cyber threat group (Unit 74455), continues to escalate its offensive cyber operations, with a primary focus on Ukraine and Western allies. The group is notorious for high-impact attacks such as the 2015-2016 Ukrainian power grid blackouts...
void-blizzard
Void Blizzard, a Russian state-sponsored APT attributed to the GRU and tracked as Laundry Bear by Dutch intelligence, has rapidly emerged as a major cyber espionage threat since April 2024. The group targets government, defense, telecommunications, NGOs, and critical infrastructure across NATO...
russia
LOSTKEYS, first observed in early 2025, marks a significant evolution in Russian cyber-espionage, attributed to the FSB-backed COLDRIVER group. Unlike traditional spear-phishing, LOSTKEYS employs a sophisticated multi-stage infection chain initiated by fake CAPTCHA lure websites (ClickFix)...
apt
Recent trends indicate a shared interest among these state-sponsored groups in exploiting vulnerabilities and utilizing AI tools like Google's Gemini to improve their cyberattack capabilities.
russia
Russia targets these institutions due to geopolitical tensions, employing tactics like spear-phishing, ransomware, and supply chain attacks. China focuses on cyber espionage, aiming to steal intellectual property and research data through advanced persistent threats and credential harvesting.