This week’s threat intel shows attackers using AI to scale malware and intrusions, with credential theft and internet-exposed systems as common entry points. Priority actions are to lock down management interfaces, enforce MFA, rotate secrets, and urgently patch actively exploited bugs (notably Roundcube and Cisco SD-WAN). Arkanix Stealer: Multi-Platform
Welcome to this week's Threat Intel Newsletter. This week we cover the most urgent threats where exploitation is happening fast and at scale. We start with mass exploitation of Ivanti EPMM—driven largely by a single bulletproof-hosted IP. Then we explain how trust is being abused in modern
Welcome to this week’s Threat Intel Newsletter. In this edition, the common thread is that compromise is increasingly happening through places defenders are forced to trust: edge infrastructure, virtualization layers, software update paths, and extension ecosystems. We break down China-linked targeting of Singapore’s telecom sector and leaked evidence
Welcome to this week’s Threat Intelligence Newsletter. This edition focuses on high-impact vulnerabilities and active tradecraft that shorten the path from initial access to full compromise, including multiple remote code execution (RCE) scenarios with low user interaction, and a notable software supply chain incident. We cover a one-click RCE
Overview ShinySp1d3r is a newly observed Ransomware-as-a-Service (RaaS) operation linked to the continued evolution of the ShinyHunters ecosystem and its collaboration with Scattered Spider/COM. While ShinyHunters first emerged in 2020 as a high-volume data theft and extortion group, recent campaigns show a clear progression toward more sophisticated intrusion models
This report discusses Atroposia, a new Remote Access Trojan (RAT) that has gained attention in underground forums. The malware is promoted as a multi-functional platform for remote control, data exfiltration, and stealth operations. It features advanced persistence and evasion tactics, along with a full C2 console for data exfiltration. The
Overview of the NightSpire Ransomware Group NightSpire is a ransomware group first discovered in the wild in March 2025. Within just 6 months, the group has captured the attention of global cybersecurity analysts and claimed over 73 victims worldwide. The group blends traditional ransomware tactics with aggressive public shaming and
Malware Analysis Blog
What is the Amatera Stealer Proofpoint has identified a new threat called the Amatera Stealer, a rebranded version of ACR stealer. While Amatera shares significant code overlap, features, and capabilities with ACR stealer, it has undergone substantial development and enhancement to emerge as a distinct potential threat in the cyber
What is Myth Stealer Security researchers at Trellix identified a fully undetected information stealer called Myth Stealer. Written in Rust, this malware has been marketed on Telegram since late December 2024. It was initially offered as a free trial for users to test its functionality and capabilities, before evolving into
Target: Financial Sector Observations The Android banking trojan known as Vultur has resurfaced with a suite of new features and improved anti-analysis and evasion techniques. First identified in early 2021, Vultur leverages Android's accessibility services APIs to execute malicious actions. Security researchers recently discovered a new version of