weekly
SIGNALS WEEKLY: Teams QR/callback phishing beats patching
KEV speedrun of the week 🏁: Office CVE-2026-21509 + WinRAR CVE-2025-8088. Patch anyway… then protect sessions 🍪 (Teams QR/callback lures 📱, SSO/SAML token abuse)
threat-actors
china
Typhoon by Consent: Quiet, Durable, Everywhere
One “Allow” → tenant-wide weather event. 🌀 AI agent phish wraps the consent flow, device-code keeps churning, and Typhoon rides “good” U.S. infra. Kill list: user consent, device-code, or EWS app perms—what’s first?
storm-2603
Storm-2603: Hybrid Espionage and Ransomware Operations Exploiting SharePoint ToolShell Vulnerabilities
Storm-2603 is a China-based threat actor, first identified in 2025, leveraging a hybrid operational model that combines espionage tactics with financially motivated ransomware deployment. The group is distinct from, but shares some infrastructure and tooling with, other Chinese APTs such as...
podcast
Whack-A-RAT: We're talking AlphaHunt on the Breaking Badness Cybersecurity Podcast
We talk about #SilverFox, DomainTools, The Vertex Project, MISP Project (@misp@misp-community.org ), #AlphaHunt, Intelligence Graphs, #AI, #IOCs, the REN-ISAC, #TTPs and more! 🛡️ We're on a mission to help enable the next generation of intelligence analysts.. If that's you, or even if you're a
unc3886
UNC3886: China's Cyber Espionage Tactics Targeting High-Tech Sectors
UNC3886 is a sophisticated China-nexus advanced persistent threat (APT) group focused on cyber espionage against high-tech sectors such as defense, technology, and telecommunications. Active for several years, the group has evolved its tactics to include the use of operational relay boxes (ORBs)...
mustang-panda
Mustang Panda's Exploitation of Windows Zero-Day: A Strategic Threat Analysis
Mustang Panda, a China-based cyber espionage group, is exploiting a newly discovered Windows zero-day vulnerability to gain unauthorized access to systems. This vulnerability allows the group to execute malicious code...
threat-actors
Evolution of Threat Actors in 2024 and Predictions for 2025
Threat actors increasingly leveraged advanced technologies such as artificial intelligence (AI) and machine learning to enhance their attacks.
vulnerabilities
Top Vulnerabilities Exploited by Threat Actors: December 2024 Analysis
These vulnerabilities include remote code execution (RCE) flaws in Windows components such as Hyper-V, Remote Desktop Services, and the Local Security Authority Subsystem Service (LSASS)
threat-actors
Threat Actors LIKELY Targeting CVE-2024-5910: Understanding the Risks in Palo Alto Networks' Expedition Tool
CVE-2024-5910 presents a critical vulnerability within Palo Alto Networks' Expedition tool, arising from missing authentication on a vital function. This flaw opens the door for attackers with network access to seize control over admin accounts.
apt36
APT36 and ElizaRAT: Unveiling the Persistent Cyber Espionage Threat to Indian Cybersecurity
APT36, also known as Transparent Tribe, is a sophisticated advanced persistent threat (APT) group believed to be based in Pakistan. Over the past years, APT36 has been actively engaged in cyber-espionage campaigns primarily targeting Indian..
ai
Evaluating Artificial Intelligence in Modern Cyber Attacks: Practical Insights and Defense Strategies
While AI technologies like machine learning are indeed being incorporated into certain cyber attack methodologies, their impact is more nuanced than often portrayed.
threat-actors
Prioritizing Non-Ransomware Threat Actors for US SaaS Providers in 2025
The research highlights a growing trend of threat actors exploiting cloud services as entry points into networks. SCATTERED SPIDER, for instance, has been actively using social engineering to breach cloud systems, posing a significant threat to SaaS providers.