Threat Overview In late 2025, analysts began noticing a surge in fraudulent activity targeting the upcoming 2026 FIFA World Cup. The operation, dubbed GHOST STADIUM, has evolved into a sophisticated, multi‑vector phishing and fraud ecosystem that
Continue ReadingBlog
RemotePE Lazarus RAT Memory Resident
Recent analysis from FOX IT has unveiled a sophisticated new variant of the long‑established Lazarus Group’s RemotePE RAT. Unlike traditional payloads that drop binaries to disk, RemotePE remains entirely in RAM, evading file‑based scanners and making
Continue ReadingMassive GitHub Repository Backdooring Campaign Unveils Thousands of Compromised Projects
Incident Overview On 18 May 2026 a coordinated supply‑chain attack named Megalodon compromised more than five thousand public repositories hosted on GitHub. The adversary leveraged the platform’s automated CI/CD system to inject a malicious workflow file
Continue ReadingCommodity Malware Threat from BadIIS Ecosystem
Threat Overview In a recent Cisco Talos publication a commodity variant of the BadIIS malware has been identified. Targeted primarily at Chinese‑speaking threat actors, the variant is being sold or shared as a service. The ecosystem
Continue ReadingVidar v1 5 Go Variant Heavy Sandbox Checks
Vidar v1 5 Go Variant Heavy Sandbox Checks Threat Overview In late May 2026 a new report was published by AlienVault detailing version 1 5 of the Vidar malware family. Vidar has long been a staple
Continue ReadingCisco SD-WAN Vulnerability Exploitation Continues
Executive Summary: Cisco Talos has released a new threat report on the ongoing exploitation of Cisco Catalyst SD‑WAN vulnerabilities, focusing on the UAT‑4356 actor group. The report details how the group leverages two n‑day CVEs (CVE‑2025‑20333
Continue ReadingThe Gentlemen Ransomware Threat Analysis
The Gentlemen Ransomware Threat Analysis The Gentlemen Ransomware Threat Analysis Published by AlienVault on 2026-05-13, the recent threat report titled Thus Spoke…The Gentlemen offers an unprecedented inside view of a ransomware‑as‑a‑service (RaaS) operation that has rapidly
Continue ReadingPanOs Captive Portal Zero-Day Exploitation Unauthenticated Remote Code Execution
Executive Summary In May 2026 Palo Alto Networks announced the discovery of a critical buffer‑overflow vulnerability (CVE‑2026‑0300) in the User‑ID Authentication Portal, also referred to as the Captive Portal, of its PAN‑OS firewall software. The flaw
Continue ReadingMalspam Attacks Weaponize Tiflux RMMs
Overview Security analysts have recently uncovered a sophisticated malspam campaign that leverages the Brazilian remote‑management tool Tiflux to establish stealthy persistence on victim machines. The threat actors combine Tiflux with legacy and commercial remote‑access products—UltraVNC, Splashtop,
Continue ReadingAerospace Supply Chains Face Intense Data Extortion Pressure
The latest threat intelligence released by AlienVault on 06 May 2026 highlights a dramatic escalation in data extortion efforts targeting the global aerospace and aviation sector. The report, titled Data Extortion Groups Intensify Pressure On Global
Continue Reading