Sapphire Sleet Threat on macOS Overview of the Sapphire Sleet Campaign The latest AlienVault threat report, published on 2026-05-29, highlights a sophisticated multi‑stage intrusion campaign carried out by the North Korean state‑sponsored group known as Sapphire
Continue ReadingMonth: May 2026
Global Smishing Campaign Targets 19 Nations Governments Postal Telecom Sectors
On 2026-05-27, AlienVault released a comprehensive threat report that exposed a coordinated smishing campaign targeting governments, postal services, and telecom operators across 19 countries. The operation, centered around fraudulent SMS messages that impersonated Romania’s official payment
Continue ReadingGhost Stadium Fraud Operation Threatens Billions at World Cup
Threat Overview In late 2025, analysts began noticing a surge in fraudulent activity targeting the upcoming 2026 FIFA World Cup. The operation, dubbed GHOST STADIUM, has evolved into a sophisticated, multi‑vector phishing and fraud ecosystem that
Continue ReadingRemotePE Lazarus RAT Memory Resident
Recent analysis from FOX IT has unveiled a sophisticated new variant of the long‑established Lazarus Group’s RemotePE RAT. Unlike traditional payloads that drop binaries to disk, RemotePE remains entirely in RAM, evading file‑based scanners and making
Continue ReadingMassive GitHub Repository Backdooring Campaign Unveils Thousands of Compromised Projects
Incident Overview On 18 May 2026 a coordinated supply‑chain attack named Megalodon compromised more than five thousand public repositories hosted on GitHub. The adversary leveraged the platform’s automated CI/CD system to inject a malicious workflow file
Continue ReadingCommodity Malware Threat from BadIIS Ecosystem
Threat Overview In a recent Cisco Talos publication a commodity variant of the BadIIS malware has been identified. Targeted primarily at Chinese‑speaking threat actors, the variant is being sold or shared as a service. The ecosystem
Continue ReadingVidar v1 5 Go Variant Heavy Sandbox Checks
Vidar v1 5 Go Variant Heavy Sandbox Checks Threat Overview In late May 2026 a new report was published by AlienVault detailing version 1 5 of the Vidar malware family. Vidar has long been a staple
Continue ReadingCisco SD-WAN Vulnerability Exploitation Continues
Executive Summary: Cisco Talos has released a new threat report on the ongoing exploitation of Cisco Catalyst SD‑WAN vulnerabilities, focusing on the UAT‑4356 actor group. The report details how the group leverages two n‑day CVEs (CVE‑2025‑20333
Continue ReadingThe Gentlemen Ransomware Threat Analysis
The Gentlemen Ransomware Threat Analysis The Gentlemen Ransomware Threat Analysis Published by AlienVault on 2026-05-13, the recent threat report titled Thus Spoke…The Gentlemen offers an unprecedented inside view of a ransomware‑as‑a‑service (RaaS) operation that has rapidly
Continue ReadingPanOs Captive Portal Zero-Day Exploitation Unauthenticated Remote Code Execution
Executive Summary In May 2026 Palo Alto Networks announced the discovery of a critical buffer‑overflow vulnerability (CVE‑2026‑0300) in the User‑ID Authentication Portal, also referred to as the Captive Portal, of its PAN‑OS firewall software. The flaw
Continue Reading