Cyber Threat Intelligence — Analysis, Research & Detection
Nation-state actors APT28 (PRISMEX + new SLIMAGENT implant), Mustang Panda (LOTUSLITE v2), and BRICKSTORM remain active. A newly identified group TGR-STA-1030 has compromised 37 countries. Six ransomware groups active with VPN credential abuse as primary vector. Includes 12 KQL hunting queries, 10 high-fidelity detection rules, and full MITRE ATT&CK mapping.
Read more →cPanel CVE-2026-41940 (CVSS 9.8) was exploited for months before the patch. DPRK PromptMink npm supply chain operation targets crypto developers. Chrome WebGPU zero-day CVE-2026-5281 confirmed in the wild. Qilin ransomware claims 11 victims in a single 24-hour window.
Read more →Two CISA KEV zero-days in a single day: CVE-2026-32202 Windows Shell NTLM coercion linked to APT28, and CVE-2026-33825 Defender LPE (BlueHammer/RedSun exploits). APT28 FrostArmada disrupted by US/UK agencies. Fake Claude PlugX installer active. NightSpire ransomware scaling with RaaS model.
Read more →APT28 PRISMEX campaign targets Ukraine and NATO defence supply chain with a modular implant suite abusing Filen.io for C2. Ivanti EPMM zero-day chain (CISA KEV) under mass exploitation. 36 malicious npm Strapi packages with Redis/PostgreSQL RCE payloads. CVE-2026-33032 nginx-ui auth bypass at CVSS 9.8.
Read more →