Original post on infosec.exchange

New, from our @deepfield ERT: found a new botnet dressing its C2 traffic as camera management.

#Drifter names its domains after Hikvision products, blending with surveillance traffic on the same VLAN as the Android TV boxes it infects. DNS queries go through an Australian resolver, which […]

Cyberattacks are evolving:
It’s no longer about disruption - it’s about access.
Supply chain exploits, GitHub phishing, infra targeting, and major leaks all point to one trend.
Defenses are holding - but just enough.
Link in pinned comment
#CyberSecurity #InfoSec #ThreatIntel

Loading...

Citrix oofise reaches primetime:

support.citrix.com/support-home/kbsearch/ar...

#netscaler, #threatintel

Iran-linked hackers breach FBI Director’s personal email
No classified data exposed
Still highlights personal attack surface
💬 Are personal accounts the weak link?
🔔 Follow TechNadu
#CyberSecurity #Infosec #ThreatIntel

CISA Adds F5 BIG-IP RCE to KEV

~Cisa~
CISA added an actively exploited F5 BIG-IP RCE vulnerability to its KEV catalog.
-
IOCs: CVE-2025-53521
-
#CVE2025_53521 #F5 #ThreatIntel

CCCS Daily Digest: Mar 27

~Cybergcca~
Security updates released for WatchGuard, Siemens, FreeBSD (RCE), and Ericsson.
-
IOCs: CVE-2026-4747, CVE-2026-4266, CVE-2026-4652
-
#Patch #ThreatIntel #Vulnerability

Ransomware Dip Masks Alarming Rise in Nation-State Attacks on Critical Infrastructure The Waterfall Threat Report 2026 indicates a temporary slowdown in ransomware is masking a dangerous trend: a doubling of nation-state and hacktivist attacks on critical infrastructure.

📊 THREAT REPORT: Ransomware attacks with physical impact fell 25% in 2025, but nation-state attacks on critical infrastructure DOUBLED. The slowdown is likely temporary. 🏭 #ThreatIntel #ICS #CriticalInfrastructure

Spain takes down cybercrime ring behind ~10M stolen records
Fraud, identity theft, crypto laundering, 30+ attacks
Organized. Scalable. Dangerous.
💬 Where should defenders focus?
🔔 Follow TechNadu
#CyberSecurity #Infosec #ThreatIntel

BreachForums V5 breach exposes ~340K accounts
• Emails + usernames leaked
• Password hashes exposed
• Claimed by ShinyHunters
Cybercrime platforms aren’t immune to compromise.

#CyberSecurity #DataBreach #ThreatIntel

TeamPCP & Vect Ransomware Target OSS

~Socket~
TeamPCP partnered with Vect ransomware to weaponize OSS supply chain compromises for enterprise attacks.
-
IOCs: TeamPCP, Vect
-
#Ransomware #SupplyChain #TeamPCP #threatintel

CYBER THREAT INTELLIGENCE BRIEFING Reporting Period: February 10 – March 27, 2026 Runtime: March 27, 2026 Classification: UNCLASSIFIED // OSINT

Just updated my weekly cyber threat report on Russia, China, North Korea, and Iran. #russia #china #northkorea #iran #cybersecurity #cyberattacks #threatintel

CYBER THREAT INTELLIGENCE BRIEFING open.substack.com/pub/cyberwar...

Scarlet Goldfinch’s year in ClickFix How Scarlet Goldfinch ditched its fake updates lure and adopted ClickFix, or "paste and run," in 2025 and beyond.

Originally from Red Canary: Scarlet Goldfinch’s year in ClickFix ( :-{ı▓ #threatintel #redcanary #cyberresearch

UK sanctions hit a massive cybercrime network
• Fraud compound holding thousands
• Crypto platform tied to ~$19.9B
• Global asset seizures
The convergence of cybercrime, crypto, and trafficking is accelerating.
#CyberSecurity #CryptoCrime #ThreatIntel

CVE-2026-22738

Most AI projects are moving too fast for security. This is the cost.

CVE-2026-22738.

www.yazoul.net/advisory/cve/cve-2026-22...

#InfoSec #ThreatIntel

[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks Most teams have security tools and signals that appear healthy, but few consistently test whether those defenses would stop a real attack. The webinar Exposure-Driven Resilience explains how to automate continuous testing driven by real attacker behavior and threat intelligence, with a live demonstration from Jermain Njemanze and Sebastien Miguel. #ExposureDrivenResilience...

Most security defenses are assumed effective but rarely tested against real attacker techniques. Exposure-Driven Resilience automates continuous testing using threat intelligence to simulate real attacks. #ExposureDriven #ThreatIntel #USA

SE Asian Gov Targeted by APTs

~Paloalto~
Three China-aligned clusters targeted a SE Asian gov using USBFect, PUBLOAD & FluffyGh0st RAT.
-
IOCs: webmail. rpcthai. com, webmail. homesmountain. com, 103. 15. 29. 17
-
#APT #Espionage #ThreatIntel

Looking to get into CTI and don’t have the slightest clue where to begin. Can anyone point me in the right direction?

#CTI #CyberThreatIntelligence #ThreatIntel #breakingintocyber
#cybersecurity

Free TIP Bundles to test, validate, and operationalize threat intelligence faster EclecticIQ TIP Bundles are time-limited, no-cost integrations that let SOC and CTI teams trial vendor services in their real workflows to validate signal quality, enrichment usefulness, and operational impact before committing commercially. The lineup includes integrations such as Bitdefender Sandbox Analyzer, ReversingLabs Spectra, VMRay, EUVD vulnerability intelligence, Modat Magnify Device DNA, TruePattern, and IntelFinder for takedowns. #EclecticIQ #Bitdefender

EclecticIQ TIP Bundles offer free, time-limited integrations for SOC and CTI teams to test threat intelligence tools like Bitdefender Sandbox and VMRay in real workflows to validate signal quality and impact. #ThreatIntel #SOCOperations #Netherlands

Original post on infosec.exchange

I'm happy to announce the long-awaited first release of misp-modules-cli version 1.0.0.

This initial release makes it nifty and convenient to use MISP expansion modules directly from the command line, whether you are working against a local or remote misp-modules service. The goal is simple […]

Talos 2025 Year in Review

~Talos~
Talos highlights identity-centric attacks in 2025, plus alerts for Oracle CVE-2026-21992 and PureLog Stealer.
-
IOCs: CVE-2026-21992, PureLog Stealer, Qilin
-
#CVE202621992 #CyberSecurity #ThreatIntel

TP-Link, Canva & HikVision Vulns

~Talos~
Cisco Talos disclosed 30 patched vulnerabilities in Canva Affinity, TP-Link routers, and HikVision terminals, including several RCE flaws.
-
IOCs: CVE-2025-66342, CVE-2025-62673, CVE-2025-66176
-
#CVE #ThreatIntel #Vulnerabilities

Fake VS Code Alerts on GitHub

~Socket~
Attackers are mass-posting fake VS Code security alerts in GitHub Discussions to distribute malware via malicious redirects.
-
IOCs: drnatashachinn[. ]com
-
#GitHub #Phishing #ThreatIntel

Keitaro Adtech Abused for Cybercrime

~Infoblox~
Threat actors are widely abusing the Keitaro adtech platform to distribute malware, phishing, and crypto drainers at scale.
-
IOCs: 62. 60. 226. 248, 62. 60. 178. 163, 158. 94. 209. 29
-
#Malware #Phishing #ThreatIntel

CISA Adds CVE-2026-33634 to KEV Catalog

~Cisa~
CISA added CVE-2026-33634 (Aqua Security Trivy) to the KEV catalog due to active exploitation.
-
IOCs: CVE-2026-33634
-
#CISA #CVE202633634 #threatintel

Talos & Splunk 2025 Insights

~Talos~
Talos and Splunk discuss 2025 cybersecurity trends, including RaaS and legacy vulnerabilities.
-
IOCs: (None identified)
-
#CyberSecurity #Ransomware #ThreatIntel

CCCS Daily Advisory: PTC & Aqua Security

~Cybergcca~
CCCS warns of a critical RCE in PTC Windchill and an actively exploited supply chain flaw (CVE-2026-33634) in Aqua Security Trivy.
-
IOCs: CVE-2026-33634
-
#CVE202633634 #PTC #Trivy #threatintel

Xiaomi Phishing Campaign

~Cofense~
Phishing campaign impersonates Xiaomi HR to steal credentials via fake certification emails.
-
IOCs: ocode. or. tz, www. amolikhousing. co. in
-
#Phishing #ThreatIntel #Xiaomi

Protos Labs Challenges Threat Intel Market with Freemium Agentic AI Platform Protos Labs introduces a freemium agentic AI platform, Protos AI, at RSA Conference 2026 to automate cyber threat intelligence investigations and make advanced CTI accessible.

Protos Labs launches a freemium agentic AI platform for threat intelligence at #RSAC2026. The solution uses specialized AI agents to automate investigations, aiming to democratize CTI for all organizations. 🤖 #ThreatIntel #AI #Cybersecurity

Cyber threats don’t wait. Why should you?

Stay protected with:
Real-time threat insights
APT intelligence
Actionable security reports

Get the Free Report: zurl.co/0FSMC

#CyberSecurity #Tech #AI #Automation #Security #ThreatIntel

Coruna IOS Kit Reuses 2023 Exploit Code
Read More: buff.ly/R5RiVuH

#Coruna #iOSSecurity #ExploitKit #MobileSecurity #SpywareThreat #OperationTriangulation #ZeroDay #ThreatIntel