CIRCLE WITH A DOT

@nopatience have you seen this? Seems similar. https://www.sentinelone.com/labs/from-narrative-to-knowledge-graph-llm-driven-information-extraction-in-cyber-threat-intelligence/

New.Google Threat Intelligence Group: Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit #Google #infosec #threatintel #threatintelligence #Apple #iOS

INC RANSOM claims ransomware attack on USA's Precision Coating. Exfiltrated data includes proprietary developments, technologies, patents, partner company information, and sensitive photo and video component materials. #Ransomware #Healthcare #USA #ThreatIntel

@neurovagrant @DomainTools This is a great report, congratulations.

APT28 (Fancy Bear) is exploiting a Windows zero-day (CVE-2026-21513) using malicious LNK files.Zero-day + phishing = still one of the most reliable attack paths.All it takes is one wrong click to ruin your day!https://thehackernews.com/2026/03/apt28-tied-to-cve-2026-21513-mshtml-0.html#CyberSecurity #ZeroDay #ThreatIntel

(zscaler.com) Dust Specter APT: Iran-Nexus Threat Actor Deploys Novel Malware Against Iraqi Government OfficialsZscaler ThreatLabz uncovered "Dust Specter," a suspected Iran nexus campaign targeting Iraqi government officials by impersonating Iraq's Ministry of Foreign Affairs. The operation deployed four previously undocumented malware families, SPLITDROP, TWINTASK, TWINTALK, and GHOSTFORM, delivered through password protected archives and ClickFix style lures hosted on compromised Iraqi government infrastructure. The malware uses DLL sideloading, AES 256 CBC encryption, JWT based bot identification, and randomized C2 URI paths with embedded checksums to evade detection. Evidence of generative AI use in malware development was also identified.IOCs in the article.https://www.zscaler.com/blogs/security-research/dust-specter-apt-targets-government-officials-iraqFediverse: Not known #ThreatIntel #Cybersecurity

Qilin claims ransomware attack on United States' traffic tech. Exfiltrated internal data. #Ransomware #Transportation #USA #ThreatIntel

Claude Code + GPT-4.1 reportedly operationalized in Mexican gov breach.150GB+ exfiltrated. ~195M identities exposed.1,000+ AI prompts used to generate exploits & automate attack chain.AI-powered intrusion at scale.Full report:https://www.technadu.com/claude-code-weaponized-in-mexican-government-cyberattack-exposing-roughly-195-million-identities/621738/#InfoSec #AI #DataBreach #ThreatIntel

🟠 New security advisory:CVE-2026-3398 affects multiple systems.• Impact: Significant security breach potential• Risk: Unauthorized access or data exposure• Mitigation: Apply patches within 24-48 hoursFull breakdown:https://yazoul.net/advisory/cve/cve-2026-3398#Cybersecurity #ZeroDay #ThreatIntel

While #threatIntel is out trying to profit off the #Iran invasion, the real ones are getting their #GAYINT on for that actionable intel.

Command-and-control IPv4 map, 2026-02-16 to 2026-03-01 #ThreatIntelhttps://abjuri5t.github.io/SarlackLab/178.16.52[.]0/22158.94.208[.]0/2223.226.58[.]0/2343.240.239[.]0/2491.92.240[.]0/22103.39.16[.]0/2223.226.48[.]0/2323.248.208[.]0/2143.249.172[.]0/22

️ New security advisory:CVE-2025-13673 affects multiple systems.• Impact: Significant security breach potential• Risk: Unauthorized access or data exposure• Mitigation: Apply patches within 24-48 hoursFull breakdown:https://yazoul.net/advisory/cve/cve-2025-13673#Cybersecurity #ZeroDay #ThreatIntel

Qilin claims ransomware attack on United States' North Andover Country Club. Exfiltrated data. #Ransomware #USA #ThreatIntel

New security advisory:CVE-2026-28562 affects multiple systems.• Impact: Significant security breach potential• Risk: Unauthorized access or data exposure• Mitigation: Apply patches within 24-48 hoursFull breakdown:https://yazoul.net/advisory/cve/cve-2026-28562#InfoSec #ZeroDay #ThreatIntel

️ New security advisory:CVE-2026-3379 affects multiple systems.• Impact: Significant security breach potential• Risk: Unauthorized access or data exposure• Mitigation: Apply patches within 24-48 hoursFull breakdown:https://yazoul.net/advisory/cve/cve-2026-3379#Cybersecurity #ZeroDay #ThreatIntel

(krebsonsecurity.com) Unmasking Dort: The Threat Actor Behind the Kimwolf BotnetOSINT investigators have linked the operator of the Kimwolf botnet, known as "Dort," to Jacob Butler, a young Canadian from Ottawa, following a sustained retaliation campaign of doxing, swatting, and DDoS attacks against the researcher and journalist who publicly exposed the botnet. Kimwolf exploited vulnerabilities in residential proxy services to infect consumer IoT devices on internal networks. The attribution pivoted across breach tracking data from Constella Intelligence and Spycloud, domain records via DomainTools, cybercrime forum accounts indexed by Intel 471, and Telegram posts indexed by Flashpoint. Butler's prior activity includes ties to LAPSUS$, SIM swapping services, and CAPTCHA bypass tooling.Source: https://krebsonsecurity.com/2026/02/who-is-the-kimwolf-botmaster-dort/@briankrebs #Cybersecurity #ThreatIntel

(socket.dev) StegaBin: North Korean-Linked npm Supply Chain Campaign Uses Pastebin Steganography to Deploy Nine-Module Infostealer and RATSocket researchers identified 26 malicious npm packages tied to North Korea's Contagious Interview campaign (FAMOUS CHOLLIMA / Lazarus Group), using a technique dubbed "StegaBin" that embeds C2 addresses via character level steganography in Pastebin pastes. The typosquatted packages deploy an RC4 encrypted loader that resolves C2 infrastructure through 31 Vercel deployments, ultimately delivering a WebSocket RAT and a nine module infostealer toolkit targeting developer credentials, SSH keys, browser passwords, cryptocurrency wallets, and VSCode configurations, with FTP based exfiltration on a secondary port. IOCs in the article.Source: https://socket.dev/blog/stegabin-26-malicious-npm-packages-use-pastebin-steganography#ThreatIntel #Cybersecurity

LunarisSec claims data breach on France's University of Reims Champagne-Ardenne. Leaked data. #DataBreach #Education #France #ThreatIntel

New security advisory:CVE-2026-25851 affects multiple systems.• Impact: Remote code execution or complete system compromise possible• Risk: Attackers can gain full control of affected systems• Mitigation: Patch immediately or isolate affected systemsFull breakdown:https://yazoul.net/advisory/cve/cve-2026-25851#InfoSec #ZeroDay #ThreatIntel

UAT-10027 targeting U.S. healthcare & education with:• “Dohdoor” DoH-based backdoor• Cloud-masked C2 via encrypted DNS• Cobalt Strike beaconsPossible DPRK nexus (low confidence).Full analysis:https://www.technadu.com/uat-10027-leverages-dohdoor-backdoor-and-cobalt-strike-against-us-education-and-healthcare/621270/#InfoSec #APT #HealthcareSecurity #ThreatIntel