Threat Intel

Cyber Threat Intelligence — Analysis, Research & Detection

Filter:
APT KQL Daily Supply Chain China

Daily Threat Intelligence Brief: 8 May 2026

May 8, 2026 22 min read

DAEMON Tools supply chain backdoor (China-assessed QUIC-RAT) confirmed in signed official installers affecting versions 12.5.0.2421–12.5.0.2434 across 100+ countries; CVE-2026-0300 PAN-OS unauth RCE (CVSS 9.3) with no patch until May 13–28; ShinyHunters claims 280 million Canvas LMS records from 8,809 institutions; MuddyWater Teams false-flag ransomware credential theft; APT28 NTLM (CISA KEV May 12); Linux Copy Fail confirmed in cloud/K8s (CISA KEV May 15); QLNX developer supply chain with LD_PRELOAD rootkit and PAM backdoor; SHADOW-EARTH-053 China APT targeting eight countries including NATO Poland. Includes 8 KQL hunting queries and 4 high-fidelity detection rules.

Read more →
APT KQL Daily Ransomware

Daily Threat Intelligence Brief: 6 May 2026

May 6, 2026 24 min read

Two CRITICAL threats under mass multi-actor exploitation: CVE-2026-41940 cPanel auth bypass confirmed against government and MSP networks (8,859 .sorry-encrypted hosts) and CVE-2026-32202 Windows zero-click NTLM coercion by APT28 against Ukrainian and EU targets (CISA KEV deadline May 12). Also: CVE-2026-31431 Copy Fail Linux LPE (KEV May 15), Iranian CyberAv3ngers disrupting US PLCs, Mini Shai-Hulud PyTorch Lightning supply chain, Salt Typhoon covert networks, APT37 BirdCall Android backdoor, and Qilin/Gentlemen ransomware escalation. Includes 9 KQL hunting queries and 5 high-fidelity detection rules.

Read more →
APT KQL Daily Ransomware

Daily Threat Intelligence Brief: 5 May 2026

May 5, 2026 22 min read

Two concurrent CRITICAL exploits: CVE-2026-31431 "Copy Fail" Linux LPE (every distro since 2017, 732-byte PoC public, CISA KEV deadline May 15) and CVE-2026-41940 cPanel pre-auth RCE targeting 1.5M servers including Southeast Asian military portals. Also: BlueHammer/RedSun Windows Defender zero-days, Team PCP AI supply chain worm, Lynx ransomware healthcare campaign, and Iranian ICS/OT PLC exploitation. 8 KQL hunting queries and 5 detection rules.

Read more →
APT KQL Daily Ransomware

Daily Threat Intelligence Brief: 4 May 2026

May 4, 2026 20 min read

Seven active threat clusters: Storm-1175/Medusa ransomware at critical tempo against healthcare; APT28 CVE-2026-32202 NTLM coercion (KEV deadline May 12); FIRESTARTER Cisco backdoor; DPRK HexagonalRodent crypto theft ($12M); Mini Shai-Hulud PyPI worm; Iranian ICS attacks; cPanel mass exploitation. 7 KQL queries and 7 detection rules.

Read more →