Threat Overview The Russian‑aligned Advanced Persistent Threat (APT) group Pawn Storm (also known as APT28, Fancy Bear, UAC‑0001, Forest Blizzard) has released a new campaign that leverages the PRISMEX malware suite to target the Ukrainian defense
Continue ReadingMonth: March 2026
ClickFix Threats Target Windows And macOS Systems
Executive Summary The Insikt Group’s latest intelligence reveals a sophisticated, multi‑cluster social engineering campaign known as ClickFix. Leveraging deceptive interfaces that mimic trusted applications such as Intuit QuickBooks and Booking.com, the threat actors compel victims to
Continue ReadingTrivy To Checkmarx Supply Chain Compromise Expands
Background On March 19 2026, the threat actor TeamPCP compromised Aqua Security’s Trivy vulnerability scanner and its GitHub Actions, injecting a credential‑stealing payload into CI/CD pipelines across thousands of repositories. The malicious code was delivered through
Continue ReadingGentlemen TTPs Analysis Report
Introduction Published by Group-IB on 2026-03-21, the report titled Gentlemen TTPs Analysis Report offers an in‑depth look at a newly surfaced ransomware-as-a-service operation known as The Gentlemen. The threat actor, led by the pseudonymous hastalamuerte, has
Continue ReadingLangflow AI Pipeline Compromise in 20 Hours
Executive Summary The newly disclosed CVE‑2026‑33017 exposed Langflow, an open‑source visual framework for AI agents, to unauthenticated remote code execution via its public flow build endpoint. Sysdig’s Threat Research Team observed the first exploitation attempts within
Continue ReadingVoidStealer Debugging Chrome for Data Theft
VoidStealer Debugging Chrome for Data Theft AlienVault’s March 20, 2026 threat report, VoidStealer: Debugging Chrome to Steal Its Secrets, exposes a novel infostealer that extracts Chrome’s Application‑Bound Encryption key using a debugger‑based hardware breakpoint technique. The method bypasses
Continue ReadingDarkSword Exploit Chain Spreads Across Diverse Threat Actors
In March 2026, the Google Threat Intelligence Group (GTIG) released a detailed report on a sophisticated iOS full‑chain exploit known as DarkSword. The analysis reveals that multiple threat actors—from commercial surveillance vendors to suspected state‑sponsored groups—have
Continue ReadingHydra Saiga Covert Espionage and Infiltration of Critical Utilities
Threat Overview Hydra Saiga, also known as Yorotrooper, ShadowSilk, and Silent Lynx, is a state‑sponsored threat actor linked to Kazakhstan. Active since 2021, the group has targeted critical water and energy infrastructure across Central Asia, Europe,
Continue ReadingStorm 2561 SEO Poisoning Fake VPN Credential Theft
Overview The Storm-2561 threat actor has launched a credential‑stealing operation that leverages search engine optimization (SEO) poisoning to distribute counterfeit virtual private network (VPN) clients. By manipulating search results for popular VPN titles such as Pulse
Continue ReadingRevealing the MuddyWater Attack Chain
The latest threat report from Hunt.io, published by Tr1sa111 on March 11, 2026, lays out a comprehensive timeline of the MuddyWater intrusion chain, an Iranian‑linked APT group. The report, titled Clearing the Water: Unmasking an Attack Chain of
Continue Reading