REvil infrastructure back online
REvil ransomware infrastructure resurfaces after the July 2021 shutdown: leak site, payment portal status and tracking signals for the rebuilt operation.
Category
Emerging Threats
Read the analysis
MSHTML vulnerability — Defence and Threat Hunting
MSHTML vulnerability defensive approach: telemetry sources, hunting queries, indicators of exploitation and detection rules for SOC teams.
Fortinet Firewall: compromises in Italy
Fortinet firewall compromises observed across Italian organisations: leaked credentials, exploitation patterns and remediation priorities.
STRRAT malware and JRE abuse
STRRAT remote access trojan leveraging Java Runtime Environment for cross-platform persistence: capabilities, distribution patterns and detection considerations.
Atlassian Confluence: ongoing attacks
Active exploitation of Atlassian Confluence vulnerabilities: CVEs targeted, post-exploitation behaviour, IOCs observed and remediation steps for affected deployments.
Babuk ransomware source code leaked
Babuk ransomware source code leak: implications for clone development, copycat groups, detection-engineering opportunities and downstream variant tracking.
Ragnarok shuts down and releases the decrypter
Ragnarok ransomware operation closure with public master decrypter release: scope of recovery for past victims and operator transition signals.
Phishing campaign abusing open-redirect links
Widespread phishing campaign weaponising open-redirect parameters on legitimate domains to bypass URL reputation filters and reach corporate inboxes.
Atera software abused as a backdoor during Cyber-Attack
Threat actors weaponising Atera RMM agent for unauthorised remote access: living-off-the-land patterns, telemetry signals and post-compromise operator behaviour.
