2+ week, 3+ day ago  (350+ words) The technical root cause is a classic case of CWE-306: Missing Authentication for Critical Function. The endpoint only verifies the running mode and platform support, failing to restrict access based on user credentials or session state. This oversight exposes the…...

1+ mon, 1+ week ago  (395+ words) The technical evidence supporting these findings is of high quality, as all claims are corroborated by official statements and independent media reports. However, the absence of forensic details, such as logs or malware samples, limits the depth of technical analysis....

1+ mon, 2+ week ago  (227+ words) The campaign employs a multi-stage infection chain, advanced persistence mechanisms, and custom malware designed for stealth and flexibility. Getpass is a custom variant of Mimikatz designed for credential harvesting. It targets lsass. exe to extract plaintext passwords, NTLM hashes, and…...

1+ mon, 3+ week ago  (596+ words) No specific malware, tool names, or indicators of compromise (IOCs) have been disclosed by the FBI or in public reporting as of March 6, 2026. The lack of technical artifacts limits the ability to perform a detailed forensic analysis or to confirm…...

1+ mon, 3+ week ago  (851+ words) Executive Summary A newly identified campaign orchestrated by the Iranian state-sponsored advanced persistent threat group Muddy Water (also known as Seedworm and attributed to Iran's Ministry of Intelligence and Security, MOIS) is actively targeting U. S. organizations with a sophisticated malware arsenal....

1+ mon, 3+ week ago  (282+ words) The attackers also utilized AI chaining, orchestrating workflows between Claude Code and GPT-4. 1 to maximize automation and evade detection. Behavioral indicators included high-frequency automated scripting, anomalous code generation activity, and the use of AI coding assistants from within government networks....

2+ mon, 5+ day ago  (593+ words) Rescana Yes, subscribe me to your newsletter. The Iranian state-sponsored advanced persistent threat group Muddy Water (also tracked as Mango Sandstorm, TA450, Seedworm, and G0069) has escalated its cyber-espionage operations in early 2026, deploying a sophisticated new malware family as geopolitical tensions in…...

2+ mon, 5+ day ago  (486+ words) Executive Summary The China-aligned advanced persistent threat (APT) group Unsolicited Booker has recently intensified its cyber-espionage operations against telecommunications providers in Central Asia, specifically targeting organizations in Kyrgyzstan and Tajikistan. Leveraging highly tailored spear-phishing campaigns, the group deploys two rare…...

2+ mon, 2+ week ago  (731+ words) Rescana Yes, subscribe me to your newsletter. Google's Threat Analysis Group (TAG) has recently attributed a series of highly targeted cyberattacks against Ukrainian organizations to a suspected Russian state-aligned threat actor. These attacks are characterized by the deployment of a…...

2+ mon, 2+ week ago  (126+ words) The malware is often delivered via indirect dependencies, making detection challenging. The campaign demonstrates patience and operational security, with attackers publishing benign packages to gain downloads and trust before switching to malicious versions. The infrastructure is modular, allowing attackers to…...