CyberIntel ⬡ News
★ Saved ◆ Cyber Reads

// Threat Intelligence
Intel Feed

cyberintel.kalymoon.com  ·  1260 articles  ·  updated every 4 hours · grows forever

1260Total
1212Full Text
Jul 03, 2026Latest
◈ Women in Cyber ◉ Threat Intelligence ◎ How-To & Tutorials ⬡ Vulnerabilities & CVEs 🔍 Digital Forensics ◍ Incident Response & DFIR ◆ Security Tools & Reviews ◇ Industry News & Leadership ✉ Email Security 🛡 Active Threats ⚠ Critical CVEs ◐ Insider Threat & DLP ◌ Quantum Computing ◬ AI & Machine Learning
🔥 Trending Topics · Last 48h
◉ Threat Intelligence
Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran

Unit 42 details recent Iranian cyberattack activity, sharing direct observations of phishing, hacktivist activity and cybercrime. We include recommendations for defenders. The post Threat Brief: March…

Palo Alto Unit 42 Read →
◉ Threat Intelligence
Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel

A high-severity CVE-2026-0628 in Chrome's Gemini allowed local file access and privacy invasion. Google quickly patched the flaw. The post Taming Agentic Browsers: Vulnerability in Chrome Allowed Exte…

Palo Alto Unit 42 Read →
◉ Threat Intelligence
Bring the Fight to the Edge: Turning Time Into an Advantage in OT Security

Unit 42 research reveals most OT attacks begin in IT. Learn how edge-driven defense stops threats early and turns dwell time into advantage. The post Bring the Fight to the Edge: Turning Time Into an …

Palo Alto Unit 42 Read →
◉ Threat Intelligence
VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)

CVE-2026-1731 is an RCE vulnerability in identity platform BeyondTrust. This flaw allows attackers control of systems without login credentials. The post VShell and SparkRAT Observed in Exploitation o…

Palo Alto Unit 42 Read →
◉ Threat Intelligence
Critical Vulnerabilities in Ivanti EPMM Exploited

We discuss widespread exploitation of Ivanti EPMM zero-day vulns CVE-2026-1281 and CVE-2026-1340. Attackers are deploying web shells and backdoors. The post Critical Vulnerabilities in Ivanti EPMM Exp…

Palo Alto Unit 42 Read →
◉ Threat Intelligence
Phishing on the Edge of the Web and Mobile Using QR Codes

We discuss the extensive use of malicious QR codes using URL shorteners, in-app deep links and direct APK downloads to bypass mobile security. The post Phishing on the Edge of the Web and Mobile Using…

Palo Alto Unit 42 Read →
◉ Threat Intelligence
Nation-State Actors Exploit Notepad++ Supply Chain

Unit 42 reveals new infrastructure associated with the Notepad++ attack. This expands understanding of threat actor operations and malware delivery. The post Nation-State Actors Exploit Notepad++ Supp…

Palo Alto Unit 42 Read →
◉ Threat Intelligence
A Peek Into Muddled Libra’s Operational Playbook

Explore the tools Unit 42 found on a Muddled Libra rogue host. Learn how they target domain controllers and use search engines to aid their attacks. The post A Peek Into Muddled Libra’s Operational Pl…

Palo Alto Unit 42 Read →
◉ Threat Intelligence
Ransomware Under Pressure: Tactics, Techniques, and Procedures in a Shifting Threat Landscape

Written by: Bavi Sadayappan, Zach Riddle, Ioana Teaca, Kimberly Goody, Genevieve Stark Introduction Since 2018, when many financially motivated threat actors began shifting their monetization strategy…

Mandiant Read →
◉ Threat Intelligence
Proactive Preparation and Hardening Against Destructive Attacks: 2026 Edition

Written by: Matthew McWhirt, Bhavesh Dhake, Emilio Oropeza, Gautam Krishnan, Stuart Carrera, Greg Blaum, Michael Rudden UPDATE (March 13): Added guidance around abuse or misuse of endpoint / MDM platf…

Mandiant Read →
◉ Threat Intelligence
Look What You Made Us Patch: 2025 Zero-Days in Review

Written by: Casey Charrier, James Sadowski, Zander Work, Clement Lecigne, Benoît Sevens, Fred Plan Executive Summary Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities exploit…

Mandiant Read →
◉ Threat Intelligence
Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit

Introduction Google Threat Intelligence Group (GTIG) has identified a new and powerful exploit kit targeting Apple iPhone models running iOS version 13.0 (released in September 2019) up to version 17.…

Mandiant Read →
◉ Threat Intelligence
Exposing the Undercurrent: Disrupting the GRIDTIDE Global Cyber Espionage Campaign

Introduction Last week, Google Threat Intelligence Group (GTIG), Mandiant, and partners took action to disrupt a global espionage campaign targeting telecommunications and government organizations in …

Mandiant Read →
◉ Threat Intelligence
From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day

Written by: Peter Ukhanov, Daniel Sislo, Nick Harbour, John Scarbrough, Fernando Tomlinson, Jr., Rich Reece Introduction Mandiant and Google Threat Intelligence Group (GTIG) have identified the zero-d…

Mandiant Read →
◉ Threat Intelligence
GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use

Introduction In the final quarter of 2025, Google Threat Intelligence Group (GTIG) observed threat actors increasingly integrating artificial intelligence (AI) to accelerate the attack lifecycle, achi…

Mandiant Read →
◉ Threat Intelligence
Beyond the Battlefield: Threats to the Defense Industrial Base

Introduction In modern warfare, the front lines are no longer confined to the battlefield; they extend directly into the servers and supply chains of the industry that safeguards the nation. Today, th…

Mandiant Read →
◉ Threat Intelligence
UNC1069 Targets Cryptocurrency Sector with New Tooling and AI-Enabled Social Engineering

Written by: Ross Inman, Adrian Hernandez Introduction North Korean threat actors continue to evolve their tradecraft to target the cryptocurrency and decentralized finance (DeFi) verticals. Mandiant r…

Mandiant Read →
◉ Threat Intelligence
Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft

Introduction Mandiant has identified an expansion in threat activity that uses tactics, techniques, and procedures (TTPs) consistent with prior ShinyHunters-branded extortion operations. These operati…

Mandiant Read →
◉ Threat Intelligence
Guidance from the Frontlines: Proactive Defense Against ShinyHunters-Branded Data Theft Targeting SaaS

Introduction Mandiant is tracking a significant expansion and escalation in the operations of threat clusters associated with ShinyHunters-branded extortion. As detailed in our companion report, 'Vish…

Mandiant Read →
◉ Threat Intelligence
No Place Like Home Network: Disrupting the World's Largest Residential Proxy Network

Introduction This week Google and partners took action to disrupt what we believe is one of the largest residential proxy networks in the world, the IPIDEA proxy network. IPIDEA’s proxy infrastructure…

Mandiant Read →
◉ Threat Intelligence
Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088

Introduction The Google Threat Intelligence Group (GTIG) has identified widespread, active exploitation of the critical vulnerability CVE-2025-8088 in WinRAR, a popular file archiver tool for Windows,…

Mandiant Read →
◉ Threat Intelligence
Closing the Door on Net-NTLMv1: Releasing Rainbow Tables to Accelerate Protocol Deprecation

Written by: Nic Losby Introduction Mandiant is publicly releasing a comprehensive dataset of Net-NTLMv1 rainbow tables to underscore the urgency of migrating away from this outdated protocol. Despite …

Mandiant Read →
◉ Threat Intelligence
AuraInspector: Auditing Salesforce Aura for Data Exposure

Written by: Amine Ismail, Anirudha Kanodia Introduction Mandiant is releasing AuraInspector, a new open-source tool designed to help defenders identify and audit access control misconfigurations withi…

Mandiant Read →
◉ Threat Intelligence
Multiple Threat Actors Exploit React2Shell (CVE-2025-55182)

Written by: Aragorn Tseng, Robert Weiner, Casey Charrier, Zander Work, Genevieve Stark, Austin Larsen Introduction On Dec. 3, 2025, a critical unauthenticated remote code execution (RCE) vulnerability…

Mandiant Read →
← Prev 45 / 53 Next →