Month: January 2026

Threat Overview Executive Summary In late January 2026, AlienVault released a comprehensive threat report titled "Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088". The report details how a high‑severity path traversal flaw in WinRAR, identified as

Threat OverviewThe latest intelligence from AlienVault reveals a sophisticated multi-domain traffic distribution system (TDS) operated by the threat actor known as Toxicsnake. The operation centers around the domain toxicsnake-wifes.com and functions as a commodity cybercrime TDS

Threat Overview On 28 January 2026 Microsoft released an out-of-band emergency patch for a high‑severity zero‑day vulnerability in Microsoft Office, identified as CVE‑2026‑21509. The flaw, which scores 7.8 on the CVSS scale, is a security feature

Threat Overview In a recent publication by AlienVault dated January 27, 2026, analysts identified a significant evolution in the threat landscape surrounding the HoneyMyte Advanced Persistent Threat (APT) group. The report details how HoneyMyte has upgraded

Threat Overview In late December 2025, security researchers uncovered a sophisticated watering‑hole campaign that targeted users of the popular text editor EmEditor. The adversary compromised the official installer distribution, inserting a multi‑stage malware payload that performs

Threat Overview In late 2025, Poland’s energy system endured what analysts are calling the country’s largest cyberattack in recent memory. The assault, which unfolded during the final week of December, targeted critical power infrastructure and was

Threat Overview In a recent publication dated 2026-01-22, security researchers from AlienVault identified a sophisticated wave of automated malicious activity targeting Fortinet FortiGate firewalls. The attackers exploit Single Sign-On (SSO) mechanisms to gain foothold and then

Threat Overview In a recent publication dated 2026-01-21, security researchers from AlienVault have identified a sophisticated threat actor known as PurpleBravo, a North Korean state-sponsored group that has been targeting software developers through deceptive recruitment campaigns.

Command Evade Turla Kazuar Loader The Turla group, a long‑standing threat actor with a history of sophisticated operations, has recently deployed a new loader that demonstrates advanced evasion techniques. The loader, which we refer to as

Threat Overview On 19 January 2026, AlienVault released a detailed threat report titled 'New Remcos Campaign Distributed Through Fake Shipping Document'. The report describes a phishing operation that delivers a fileless variant of the Remcos RAT,