zero-day - AlphaHunt Newsletter

zero-day

Signals Weekly: Zero-Days, Hijacked Payrolls & a Crypto Kingpin

This Week's Threat Intel Pulse: Oracle EBS zero-day exploited before patches dropped, Storm-1175 abuses GoAnywhere MFT, payroll hijackers hit US universities, ransomware crews weaponize Velociraptor, and a $15B Southeast Asian scam network faces global sanctions.

china

Will RedNovember be publicly reported to exploit at least one zero-day vulnerability in 2026?

RedNovember likely stays fast-follow on edge devices using N-days and public PoCs, not 0-days. China-nexus peers show willingness to burn edge 0-days, so a pivot is plausible but not base case...

unc5221

By Dec 31, 2025, will UNC5221 be publicly linked to exploiting at least one new zero-day?

Question: By Dec 31, 2025, will UNC5221 be publicly linked to exploiting at least one new zero-day in a non-Ivanti edge platform (e.g., VMware vCenter/ESXi, Citrix NetScaler, F5, Palo Alto, Fortinet)?

storm-2460

Storm-2460's Exploitation of Windows Zero-Day: Threat Actor similarity in focus.

Storm-2460, a cyber threat group, is actively exploiting a zero-day vulnerability (CVE-2025-29824) in the Windows Common Log File System (CLFS), primarily targeting the finance sector and other high-value industries.

vulns

Exploiting Zero-Days: APT34, APT28, and APT29 in Focus

Microsoft's January 2025 Patch Tuesday release addressed 159 vulnerabilities, including eight zero-day vulnerabilities, with three actively exploited in the wild.