On June 11, 2026 Check Point Research issued a critical security advisory after confirming that the deprecated IKEv1 key exchange protocol in its Remote Access VPN and Mobile Access products is being actively exploited by threat
Continue ReadingBlog
Phish Alert Press Play for Compromise Voicemail Phishing Kit SSO Hijacking Credential Theft RMM Delivery
Threat Overview The latest threat report from AlienVault outlines a sophisticated voicemail‑themed phishing campaign that targets Microsoft 365 users. Attackers send emails that appear to be legitimate voicemail notifications from well‑known vendors such as DocuSign, Outlook
Continue ReadingFirst Look Splinter Red Team Tool
Recent investigations by Palo Alto Networks’ Unit 42 have uncovered a new post‑exploitation framework dubbed Splinter. This tool, written in Rust and weighing roughly 7 MB due to its extensive static linking of external libraries, was discovered on
Continue ReadingActive Exploitation PAN OS CVE 2026 0257
In a recent intelligence gathering effort, AlienVault identified an active exploitation campaign against the authentication bypass vulnerability CVE-2026-0257 in Palo Alto Networks GlobalProtect. The threat actor—currently unnamed—has leveraged this flaw to establish unauthorized VPN sessions on
Continue ReadingTaxShadow Operation Targets Multiple Regions With Tax Phishing And In Memory Malware
Executive Summary The latest threat intelligence release identifies an advanced adversary group executing a multi‑stage malware campaign known as Operation TaxShadow. Leveraging tax‑themed social engineering, the attackers infiltrate Indian and Japanese organizations through seemingly official correspondence from
Continue ReadingRegional Malicious Infrastructure Report Reveals Over 1350 C2 Servers Across 98 Providers
Threat Overview The latest Hunt.io intelligence release, Middle East Malicious Infrastructure Report, documents more than one thousand three hundred fifty command‑and‑control (C2) servers distributed across ninety‑eight hosting and telecom providers in fourteen Middle Eastern countries. The
Continue ReadingRed Hat Cloud Services NPM Packages Targeted in Shai Hulud Supply Chain Attack
On June 2, 2026, Socket Dev released a detailed threat report titled Shai Hulud Supply‑Chain Campaign Targets Red Hat Cloud Services npm Packages. The publication exposes a coordinated malware operation that leveraged compromised @redhat-cloud-services packages to infiltrate developer environments and continuous integration
Continue ReadingHotel Customer Phishing Attack Luxembourg
Executive Summary On 1 June 2026, CIRCL identified a sophisticated phishing operation aimed at guests of hotels located in Luxembourg. The attackers exploit legitimate booking data to craft convincing messages that appear to come from the
Continue ReadingSapphire Sleet Threat on macOS
Sapphire Sleet Threat on macOS Overview of the Sapphire Sleet Campaign The latest AlienVault threat report, published on 2026-05-29, highlights a sophisticated multi‑stage intrusion campaign carried out by the North Korean state‑sponsored group known as Sapphire
Continue ReadingGlobal Smishing Campaign Targets 19 Nations Governments Postal Telecom Sectors
On 2026-05-27, AlienVault released a comprehensive threat report that exposed a coordinated smishing campaign targeting governments, postal services, and telecom operators across 19 countries. The operation, centered around fraudulent SMS messages that impersonated Romania’s official payment
Continue Reading