DFIR, deception, detection. Posts I wrote, intel my pipeline summarized, and redacted writeups from the fleet.
The rapid adoption of AI agents like OpenClaw has introduced a new identity threat surface in Microsoft cloud environments. These applications are often granted sweeping tenant-wide permissions, effectively acting as highly privileged service principals that bypass traditional endpoint defenses and could allow attackers to inherit administrative control if the agent is compromised.
Huntress analyzed recent NightSpire ransomware incidents, noting a shift from using native LOLBins to deploying a suite of third-party tools for persistence, discovery, and exfiltration. The variation in TTPs and tooling between incidents suggests NightSpire may operate under a Ransomware-as-a-Service (RaaS) model with multiple affiliates.
Iranian-affiliated APT actors are actively targeting internet-exposed programmable logic controllers (PLCs), specifically Rockwell Automation devices, across multiple U.S. critical infrastructure sectors. The attackers utilize native configuration software and Dropbear SSH to manipulate project files and HMI displays, leading to operational disruptions and financial losses.
The Talos 2025 Year in Review highlights a dual threat landscape where attackers rapidly exploit newly discovered vulnerabilities like React2Shell while continuing to heavily target legacy flaws in embedded components such as Log4j and PHPUnit. Threat actors are increasingly focusing on identity-adjacent systems and network infrastructure to bypass authentication and segmentation, aided by Agentic AI accelerating exploit development.
EvilTokens is an advanced Phishing-as-a-Service (PhaaS) platform that automates Business Email Compromise (BEC) attacks via Microsoft device code phishing. It uniquely integrates AI models to automatically analyze compromised mailboxes, identify financial targets, and generate context-aware BEC lures, significantly reducing the time and skill required for threat actors to monetize compromised accounts.
Threat actors are increasingly utilizing real-time deepfake technology to conduct sophisticated identity-based social engineering attacks over video calls. While physical tests like the 'three-finger test' can currently expose cheaper AI overlays due to object occlusion rendering flaws, rapid advancements in generative AI are rendering these visual tells obsolete. Organizations must shift from relying on human detection to implementing resilient, out-of-band verification processes for sensitive transactions.
The Canadian Centre for Cyber Security issued an advisory regarding a critical API authentication and authorization bypass vulnerability (CVE-2026-35616) in Fortinet FortiClientEMS. Affecting versions 7.4.5 to 7.4.6, this flaw has been added to CISA's Known Exploited Vulnerabilities catalog, indicating active exploitation and requiring immediate patching.
Threat actors are actively exploiting the recent Claude Code packaging error by hosting fake GitHub repositories that distribute trojanized archives. These archives contain a Rust-compiled dropper that deploys Vidar, GhostSocks, and PureLog Stealer to harvest credentials and establish residential proxies on compromised Windows systems.
Russian state-sponsored threat actor APT28 is exploiting vulnerable SOHO routers to modify DHCP and DNS settings, redirecting user traffic to malicious infrastructure. This DNS hijacking facilitates Adversary-in-the-Middle (AitM) attacks designed to harvest credentials and OAuth tokens for web and email services.
A recent phishing campaign exploits public anxiety regarding the Middle East conflict by distributing fake government emergency alerts. The emails use embedded QR codes to direct victims through a deceptive human verification check, ultimately landing them on a fraudulent Microsoft sign-in page designed to harvest their credentials.
Storm-1175 is a financially motivated threat actor that rapidly exploits N-day and zero-day vulnerabilities in web-facing assets to deploy Medusa ransomware. The group utilizes a high-tempo attack chain, leveraging LOLBins, RMM tools, and credential theft to move laterally and exfiltrate data before executing ransomware, often completing the entire attack lifecycle within days.
CISA has added CVE-2026-35616, an improper access control vulnerability in Fortinet FortiClient EMS, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. All organizations are strongly urged to prioritize the timely remediation of this vulnerability to reduce their exposure to cyberattacks.
Unit 42 researchers demonstrated a red-teaming methodology against Amazon Bedrock's multi-agent applications, highlighting the risks of prompt injection in orchestrated AI systems. By systematically bypassing agent guardrails, attackers can extract sensitive instructions, map tool schemas, and invoke integrated tools with malicious inputs, though built-in Bedrock Guardrails effectively mitigate these threats.
Following an accidental source code leak of Anthropic's Claude Code via npm, threat actors rapidly deployed fake GitHub repositories to distribute a Rust-compiled dropper. This dropper, part of a broader rotating-lure campaign, deploys Vidar stealer and GhostSocks proxy while utilizing extensive anti-analysis checks and PowerShell to disable Windows Defender.
Elastic has released nine new third-party integrations for Q1 2026, enhancing visibility across macOS, cloud environments, email security, and SIEM platforms. These integrations provide out-of-the-box data normalization, prebuilt dashboards, and AI-driven analysis capabilities to streamline security operations and threat detection.
The source code for Anthropic's Claude Code CLI was accidentally exposed through .map files in a public npm release. This leak reveals the internal architecture, permission models, and safety guardrails of the AI agent, potentially allowing attackers to craft targeted prompt injections or distribute tampered dependencies through unofficial repositories.
Following an accidental leak of Anthropic's Claude Code source material, threat actors rapidly deployed a social engineering campaign using fake GitHub repositories. The campaign distributes trojanized archives containing a Rust-compiled dropper that deploys Vidar stealer and GhostSocks proxy malware, specifically targeting developers seeking AI tools.
In March 2026, severe software supply chain attacks targeted popular open-source packages. A North Korean threat actor compromised the Axios NPM package to distribute a cross-platform RAT, while the TeamPCP group poisoned the LiteLLM PyPI package to harvest cloud and infrastructure secrets.
Trail of Bits has open-sourced CoBRA, a highly effective tool designed to deobfuscate Mixed Boolean-Arithmetic (MBA) expressions commonly used by malware authors and software protectors. Available as a CLI tool, C++ library, and LLVM pass, CoBRA successfully simplifies nearly 100% of complex MBA expressions, significantly aiding reverse engineering and malware analysis efforts.
A critical supply chain attack compromised the official Axios npm package, deploying malicious versions v1.14.1 and v0.30.4. The packages contained a fake runtime dependency that automatically executed post-install, downloading platform-specific Remote Access Trojans (RATs) to Windows, MacOS, and Linux systems to facilitate credential exfiltration and remote access.
