On December 29, 2025, a coordinated series of destructive cyberattacks struck Poland’s energy sector during a period of severe winter weather. The attackers targeted a mix of renewable energy farms, a manufacturing company, and a combined
Continue ReadingMonth: April 2026
Phone Fraud International Revenue Share Scheme Exploits Fake CAPTCHA
Executive Summary This report explains how a coordinated fraud operation uses fake CAPTCHA pages to generate international revenue share fraud (IRSF) by forcing users to send bulk SMS messages to phone numbers across multiple high‑fee countries.
Continue ReadingUntangling Linux Incident OpenAI Twist Part Two
In the second installment of the Codex Red series, the Huntress SOC uncovered a complex Linux breach that involved three distinct threat actors, a malicious cryptominer, a multi‑revenue botnet, and a credential‑harvesting campaign. The incident was
Continue ReadingBissa Scanner Exposed AI Assisted Mass Exploitation Credential Harvesting Threat Report
Executive Summary The Bissa Scanner platform demonstrates a highly organized, AI‑driven campaign that leveraged mass exploitation, credential harvesting, and post‑compromise triage to target high‑value organizations across finance, cryptocurrency, and retail sectors. The operation exploited publicly known
Continue ReadingRedSun ZeroDay Privilege Escalation Exploit
The latest threat report from AlienVault, published on 2026-04-21, reveals a critical zero‑day vulnerability in Microsoft Defender that enables local privilege escalation from a standard user to SYSTEM level on Windows systems. The exploit, named RedSun.exe,
Continue ReadingIncreased Bomgar RMM Exploitation Alert
Uptick in Bomgar RMM Exploitation Published by Tr1sa111 on 2026-04-21T04:23:44.949Z A new threat report from Huntress SOC highlights a recent surge in incidents exploiting a critical flaw in Bomgar remote monitoring and management (RMM) software, now
Continue ReadingPhantomCLR Operation Stealth Execution Via AppDomain Hijacking And InMemory DotNet Abuse
On 2026-04-18, AlienVault released a comprehensive threat report titled "Operation PhantomCLR: Stealth Execution via AppDomain Hijacking and In-Memory .NET Abuse." The report details a highly sophisticated multi‑stage post‑exploitation framework that has been actively targeting organizations within
Continue ReadingUNC1945 Threat Overview Leveraging Custom Islands for Targeted Infiltration
UNC1945 Threat Overview Leveraging Custom Islands for Targeted Infiltration Published by CyberHunter_NL on 2026-04-17, this threat report delivers a comprehensive analysis of the actor group UNC1945. The report focuses on the financial and professional consulting sectors,
Continue ReadingAPT Group Targets Web3 Support Teams With Malware Hidden as Customer Screenshots
On 17 April 2026, the threat intelligence community received a new threat report from CODERED_VTA titled Working the Queue: APT‑Q‑27 Malware Targets Web3 Customer Support. The report details a highly targeted campaign that exploits the human
Continue ReadingN8N N8mare How Threat Actors Exploit AI Workflow Automation
N8N N8mare How Threat Actors Exploit AI Workflow AutomationThe latest threat report from Cisco Talos, published 2026-04-16, uncovers a sophisticated malware campaign targeting Taiwanese non‑governmental organizations and universities. The campaign centers on a Lua‑based stager named
Continue Reading