Blog

Threat Overview On 2026-01-16 AlienVault released a new threat report titled Targets critical infrastructure sectors in North America (UAT-8837). The report identifies a China‑nexus advanced persistent threat (APT) actor that has been actively targeting critical infrastructure

Threat Overview On January 15, 2026, AlienVault released a comprehensive threat report titled HUMINT Operations Uncover Cryptojacking Campaign: Discord-Based Distribution of Clipboard Hijacking Malware Targeting Cryptocurrency Communities. The report details a sophisticated operation carried out by

Shadow Reactor is a sophisticated multi‑stage Windows malware campaign that first surfaced in a threat report published by AlienVault on 13 January 2026. The campaign demonstrates a complex infection chain that relies on obfuscated VBS scripts,

On January 13, 2026, AlienVault released a comprehensive threat report titled Booking.com Phishing Campaign Targeting Hotels and Customers. The analysis uncovers a sophisticated, multi‑stage phishing operation that specifically targets the hospitality sector. By compromising Booking.com administrator

Black Cat Gang Threat Overview In a recent intelligence briefing released by AlienVault on 9 January 2026, security analysts were warned about a sophisticated campaign conducted by the criminal group known as the "Black Cat" gang.

Threat Overview The latest intelligence from AlienVault, published on 2026-01-09, reveals a sophisticated campaign dubbed PHALT#BLYX that targets the hospitality industry. The adversaries employ a multi‑stage social engineering attack that begins with a phishing email designed

Threat OverviewOn January 7 2026 AlienVault published a new threat report titled Phishing actors exploiting complex routing scenarios and misconfigured spoof protections. The analysis reveals that adversaries are leveraging advanced email routing techniques and weak spoof‑protection

Threat Overview The latest threat intelligence report, published by CyberHunter_NL on January 6, 2026, details a sophisticated campaign in which a threat actor has leveraged multiple outdated FortiWeb web application firewalls to establish long‑term persistence via

Threat Overview In 2025, security analysts observed a sharp rise in rogue ScreenConnect installations, a remote monitoring and management (RMM) tool widely used by IT teams worldwide. Threat actors hijacked the legitimate software to gain footholds,

EmEditor Site Download Button Malware Incident Between December 19 and December 22, 2025 the official EmEditor website was compromised. Attackers hijacked the main download button and replaced the legitimate installer with a malicious payload. The fake