Advertisement · 728 × 90

Posts by OverResearched Intelligence

CTI Daily Brief: 2026-04-17 - Critical Protobuf.js RCE PoC; Iran-Linked Cyber Av3ngers Pivot to Rockwell ICS; RaaS Surge from Qilin, Kairos & Coinbase Cartel PoC released for critical RCE in protobuf.js (GHSA-xq3m-2v4x-88gg); Unit 42 details Iranian Cyber Av3ngers (CL-STA-1128) targeting Rockwell Automation OT/ICS; 19 fresh ransomware leak-site postings sp...

protobuf.js critical RCE PoC (~50M wkly npm dls). Iran Cyber Av3ngers (CL-STA-1128) pivot to Rockwell FactoryTalk. 19 fresh RaaS leaks: Qilin, Kairos, Coinbase Cartel +7. EU age-verify app hacked in <2 min

Full brief: intel.overresearched.net/2026/04/18/c...

#Daily #ThreatIntel #InfoSec

6 hours ago 0 0 0 0
CTI Daily Brief: 2026-04-16 - RedSun Defender Zero-Day Exploited in the Wild; ShinyHunters Dumps 2.1M Amtrak Records Huntress confirms active exploitation of three leaked Microsoft Defender zero-days (BlueHammer/RedSun/UnDefend); ShinyHunters publishes 2.1M Amtrak Salesforce records; DragonForce and Safepay RaaS act...

Huntress confirms in-the-wild exploitation of 3 Microsoft Defender zero-days BlueHammer, RedSun + UnDefend unpatched. ShinyHunters dumps 2.1M Amtrak records from Salesforce. ZionSiphon OT malware targets Israeli water plants.

Full brief: intel.overresearched.net/2026/04/17/c...

#Daily #ThreatIntel

1 day ago 1 0 0 0
CTI Monthly Report: March 2026 - TeamPCP Supply Chain Siege, CanisterWorm Iran Wiper, Handala Stryker Intrusion, DarkSword iOS KEV, Ransomware Surge March 2026 saw a historic supply chain campaign by TeamPCP across Trivy, LiteLLM, Checkmarx KICS, Telnyx, Axios, and OpenVSX; the CanisterWorm Kubernetes wiper targeting Iranian infrastructure; Handal...

First CTI Monthly: March 2026, 1,320 reports / 39 batches.

TeamPCP supply-chain siege
CanisterWorm K8s wiper, Iran
Handala wipes 80k Stryker via Intune
DarkSword iOS → KEV
Chrome 0-days, SharePoint RCE

Full brief: intel.overresearched.net/2026/04/16/c...
#Monthly #ThreatIntel #InfoSec

2 days ago 3 1 1 0
CTI Daily Brief: 2026-04-15 - In-the-wild exploitation of Marimo (CVE-2026-39987) and Nginx UI (CVE-2026-33032); ShinyHunters leaks 13.5M McGraw Hill records 48 reports processed across two correlation batches. Three critical vulnerabilities under active exploitation or requiring urgent customer action (Marimo, Nginx UI, Cisco Webex). ShinyHunters publishe...

Marimo RCE weaponised w/ NKAbuse blockchain botnet via Hugging Face. Nginx UI auth-bypass CVE-2026-33032 actively exploited. ShinyHunters leak 13.5M McGraw Hill records from Salesforce misconfig. UAC-0247 hits Ukraine hospitals
Full brief: intel.overresearched.net/2026/04/16/c...
#Daily #ThreatIntel

2 days ago 1 1 0 0
CTI Daily Brief: 2026-04-14 — 15 Critical CVEs in OSS Crypto/Runtime Libraries; Signed Adware Killing AV; Trust Wallet Drainer Campaign 15 critical CVEs disclosed across wolfSSL, XZ Utils, Go runtime, libinput and Handlebars.js; Huntress exposes signed ‘Dragon Boss Solutions’ adware disabling AV on 23,500 hosts; AlienVault flags NWHSt...

15 critical OSS CVEs - wolfSSL (X.509 bypass, TLS 1.3 UAF), XZ Utils, Go, libinput. Huntress: signed "Dragon Boss" adware killed AV on 23,500+ hosts. Trust Wallet USDT drainer + NWHStealer active.
Full brief: intel.overresearched.net/2026/04/15/c...
#Daily #ThreatIntel #CVE #InfoSec

3 days ago 2 1 0 0
CTI Daily Brief: 2026-04-13 - Microsoft April Patch Tuesday (167 flaws, 2 zero-days incl. actively-exploited SharePoint); Interlock ransomware exploits Cisco FMC zero-day Microsoft April 2026 Patch Tuesday addresses 167 vulnerabilities including an actively-exploited SharePoint spoofing zero-day (CVE-2026-32201) and a publicly-disclosed Defender EoP (CVE-2026-33825). I...

MS April Patch Tuesday: 167 flaws, 2 zero-days SharePoint CVE-2026-32201 actively exploited; Defender CVE-2026-33825 disclosed. Interlock ransomware hits Cisco FMC zero-day
Full brief: intel.overresearched.net/2026/04/14/c...
#Daily #ThreatIntel #CVE #Ransomware #InfoSec #CyberSecurity #PatchTuesday

4 days ago 2 3 0 0
CTI Daily Brief: 2026-04-12 - Adobe Acrobat zero-day CVE-2026-34621 added to CISA KEV; DPRK npm package targets Polymarket; FBI/Indonesia dismantle W3LL PhaaS 66 reports processed. Adobe Acrobat/Reader zero-day (CVE-2026-34621) under active exploitation joined CISA KEV alongside six other CVEs. DPRK Lazarus pushes malicious npm package targeting Polymarket ...

Adobe Acrobat zero-day (CVE-2026-34621) added to CISA KEV. DPRK Lazarus npm package targets Polymarket traders. FBI & Indonesia take down W3LL PhaaS.

Full brief: intel.overresearched.net/2026/04/13/c...

#Daily #ThreatIntel #CTI #Lazarus #Ransomware

5 days ago 2 2 0 0
CTI Weekly Brief: 6 Apr – 12 Apr 2026 - State-Sponsored DNS Hijacking, Supply Chain Compromises, and Ransomware Cartel Surge A high-tempo week dominated by APT28 router-based DNS hijacking for OAuth token theft, dual supply-chain attacks on Axios and DPRK’s Contagious Interview campaign, Iranian OT targeting of US critical ...

APT28 hijacked 18K routers for OAuth theft. Iran hit US OT/PLCs. #Axios npm supply chain compromised. 587 reports, 79 critical.
Full brief: intel.overresearched.net/2026/04/13/c...
#Weekly #ThreatIntel #InfoSec #APT28 #SupplyChain #RaaS

5 days ago 1 1 0 0
Advertisement
CTI Daily Brief: 2026-04-11 - Marimo RCE Under Active Exploitation; Krybit and Lamashtu Ransomware Surge 36 reports processed across 5 sources. Two critical vulnerabilities disclosed — CVE-2026-39987 (Marimo pre-auth RCE) confirmed actively exploited within hours of disclosure, and CVE-2026-34757 (LIBPNG...

Marimo RCE (CVE-2026-39987, CVSS 9.3) actively exploited within hours. LIBPNG use-after-free also critical. 25 ransomware victims claimed by Krybit & Lamashtu. Hallmark breach: 1.7M accounts exposed
Full brief: intel.overresearched.net/2026/04/12/c...
#Daily #ThreatIntel #InfoSec

6 days ago 0 0 0 0
CTI Daily Brief: 2026-04-10 — Four critical CVEs (crypto/x509 auth bypass, Linux TOCTOU root escape, heap overflow, Chromium WebCodecs race); The Gentlemen and ShinyHunters ransomware escalate 124 reports processed: four critical vulnerability alerts affecting Go crypto/x509, Linux, and Chromium WebCodecs; ransomware leak activity by The Gentlemen, Nightspire and ShinyHunters dominates the ...

4 critical CVEs in 24h: Go crypto/x509 auth bypass, Linux root escape, Chromium WebCodecs RCE. ShinyHunters leaks Rockstar Games, Mytheresa & Amtrak.The Gentlemen hit healthcare & biotech.

Full brief: intel.overresearched.net/2026/04/11/c...

#Daily #ThreatIntel #CVE #Ransomware

1 week ago 1 1 0 0
CTI Daily Brief: 2026-04-09 - Flannel cross-node RCE (CVE-2026-32241), iOS kexploit, Iranian ICS targeting, CPUID supply-chain compromise 52 reports processed. Critical Flannel cross-node RCE and an iOS 18/26 kexploit headline the day. Iranian state-backed actors targeting ~4,000 US Rockwell PLCs, a CPUID supply-chain compromise pushing trojanised CPU-Z/HWMonitor, and sustained ransomware pressure from Qilin, The Gentlemen, Inc Ransom, and PEAR dominate the operational picture.

iOS 18 & iOS 26 “kexploit” full-root exploit — WIP darksword (CRITICAL)

CVE-2026-32241 — Flannel cross-node remote code execution (CRITICAL)

Nearly 4,000 US industrial devices exposed to Iranian cyberattacks

Full brief: intel.overresearched.net/2026/04/10/c...

#Daily #ThreatIntel #iOS #CVE

1 week ago 1 0 0 0
CTI Daily Brief: 2026-04-08 — Adobe Reader Zero-Day Exploited in Wild; Marimo RCE Weaponised in Under 10 Hours; Qilin Ransomware Surge 89 reports processed across 15 sources. Critical zero-day exploitation of Adobe Reader ongoing since December. Marimo Python notebook RCE exploited within 10 hours of disclosure. CISA ICS advisory for Contemporary Controls BASC 20T PLC (CVE-2025-13926). Multiple OpenPrinting CUPS critical RCEs disclosed. Qilin ransomware group continues high-tempo operations across legal, education, and maritime sectors.

🔴 Adobe Reader zero-day exploited since Dec — no patch
🔴 Marimo RCE weaponised in under 10hrs
🔴 CISA ICS: CVE-2025-13926 (CVSS 9.8)
🟠 Smart Slider supply chain hits 900K+ sites
🟠 Qilin ransomware surging

Full brief: intel.overresearched.net/2026/04/09/c...

#Daily #ThreatIntel #InfoSec #Ransomware

1 week ago 1 0 1 0
CTI Daily Brief: 2026-04-07 — Iran OT Sabotage Campaign, CISA KEV Ivanti EPMM, Coinbase Cartel RaaS Blitz 70 reports processed across 15 sources. Iranian APT groups actively sabotaging US energy and water OT infrastructure. CISA added CVE-2026-1340 (Ivanti EPMM) to the KEV catalogue with an April 11 patch...

Iran APTs hitting US energy/water OT infra. CISA KEV: Ivanti EPMM CVE-2026-1340 due Apr 11. Coinbase Cartel claims 7+ victims. DPRK supply chain attack across 5 pkg ecosystems. TeamPCP breaches Cisco dev env.

Full Brief: intel.overresearched.net/2026/04/08/c...

#Daily #ThreatIntel #InfoSec

1 week ago 1 0 1 0
Preview
Anthropic Claude Mythos Preview | CrowdStrike CrowdStrike is a founding member of Anthropic’s security coalition for the Mythos frontier model, securing AI where it executes. Learn more.

We are starting to definitely see the speed in which TAs are taking vulnerabilities and weaponizing them. Especially with Anthropics Claude Mythos research: www.crowdstrike.com/en-us/blog/c...

Worth also checking out: www.anthropic.com/glasswing

1 week ago 1 0 1 0

Iranian APT hitting US critical infrastructure PLCs per FBI/CISA advisory. Russian GRU hijacking routers for M365 tokens. Flowise RCE exploited in the wild.

Full Brief: intel.overresearched.net/2026/04/07/c...

#Daily #ThreatIntel #InfoSec #APT #Microsoft

1 week ago 2 0 2 0
Advertisement
CTI Weekly Brief: 30 Mar – 05 Apr 2026 — TeamPCP Supply Chain Escalation, Axios npm Compromise, and Ransomware Surge Across Critical Sectors 523 reports processed across 14 correlation batches. The week was dominated by the TeamPCP supply chain campaign reaching the European Commission, the North Korean-attributed Axios npm compromise, a c...

TeamPCP supply chain hit EU Commission, 340GB stolen via Trivy compromise. DPRK behind Axios npm attack & $280M Drift crypto theft. FortiClient EMS zero-day active. Qilin deploys EDR killer targeting 300+ drivers

Full brief: intel.overresearched.net/2026/04/07/c...

#threatintel #infosec #weekly

1 week ago 2 1 0 0
CTI Daily Brief: 2026-04-05 — Fortinet EMS Zero-Day Added to CISA KEV; Storm-1175 Chains Medusa Ransomware with Zero-Day Exploits; North Korean Hackers Behind $280M Drift Crypto Theft Critical 24-hour period dominated by active exploitation of Fortinet FortiClient EMS (CVE-2026-35616) added to CISA KEV, Microsoft attribution of Storm-1175 to Medusa ransomware zero-day campaigns, a ...

#CISA just added #CVE-2026-35616 to the KEV, Fortinet EMS pre-auth bypass, CVSS 9.1, exploited in the wild. Storm-1175 chaining zero-days for Medusa ransomware, NK hackers stole $280M from #Drift after a 6-month in-person op.
Full brief: intel.overresearched.net/2026/04/06/c...
#ThreatIntel #InfoSec

1 week ago 0 0 0 0
CTI Daily Brief: 2026-04-04 — FortiClient EMS Zero-Day Exploited, Axios npm Supply Chain Attack Linked to North Korea, DragonForce RaaS Campaigns Continue Eight critical reports dominated the 24-hour cycle, led by an actively exploited FortiClient EMS zero-day (CVE-2026-35616), a North Korean supply chain attack on the Axios npm package, and continued D...

UNC1069 compromised #Axios through a targeted social engineering campaign against its lead maintainer. ShinyHunters posted a claim alleging exfiltration of several terabytes of data from Snowflake, Mixpanel, & Salesforce
Full brief: intel.overresearched.net/2026/04/05/c...
#InfoSec #ThreatIntel

1 week ago 0 0 0 0
CTI Daily Brief: 2026-04-03 — DragonForce RaaS Cartel Surges, BQTLock Hits US Hospital, Device Code Phishing Explodes 37x Ransomware-as-a-service operations dominated the threat landscape with DragonForce claiming five victims across pharma, manufacturing, and retail sectors while BQTLock exfiltrated 5.3TB from a US hosp...

A US hospital lost 5.3TB of patient data. Device code phishing surged 37x this year - with 11+ kits now making it plug-and-play.
Full brief: intel.overresearched.net/2026/04/04/cti-daily-brief
#ThreatIntelligence #InfoSec #Ransomware

2 weeks ago 2 0 0 0