tag: threat-intelligence
2026-03-06
2026-03-09
The Shadowserver Foundation
Nonprofit security organization doing full daily IPv4 scanning, sending remediation reports, and partnering with law enforcement to take down cybercrime infrastructure.2026-03-12
SSLMate/certspotter
An open-source Certificate Transparency log monitor that alerts you when SSL/TLS certificates are issued for your domains, helping detect unauthorized or misissued certificates.2026-03-13
Iran Names Amazon, Google, Microsoft as Legitimate Targets
Iran has publicly designated major US tech companies including Amazon, Google, and Microsoft as legitimate targets, escalating cyber and geopolitical tensions.2026-03-24
Supply Chain Attack in litellm 1.82.8 on PyPI
Analysis of a compromised litellm PyPI release that executed via a malicious .pth file, attempted credential exfiltration and Kubernetes persistence, and prompted urgent incident-response guidance.Major unconfirmed breach — OVH alleged data for sale on dark web
A threat actor claims to be selling a large OVHcloud breach (1.6M customer records and data from 5.9M hosted websites) on a dark‑web forum; a sample record was provided as proof. Reported via a single X post and currently unverified — treat as unconfirmed.2026-03-25
La Sentinella nella supply chain
Descrive SENT, un sistema di rilevamento in tempo reale per la supply chain dei package (PyPI, npm, WordPress) basato su grafo a cascata, diff-first AST analysis e detonazione dinamica per intercettare aggiornamenti malevoli stealth.SENT — Supply-chain Event Network Triage
Real-time supply-chain monitoring for package ecosystems. SENT prioritizes high-impact releases using a cascade-weighted dependency graph, performs diff-first AST behavioral analysis and argument-level "call_diff" detection, and supports optional dynamic detonation to confirm suspicious updates.2026-03-30
MISP — Open Source Threat Intelligence Platform
MISP (Malware Information Sharing Platform) is an open‑source threat‑intelligence platform for sharing, storing, correlating and analysing indicators, threat reports and malware samples. Includes MISP Galaxy, taxonomies, PyMISP, MISP‑STIX integrations and tools for automation and collaborative CTI workflows.Telegram — vulnerabilità 0‑click (AVVISO ACN)
Advisory ACN (CSIRT‑ITA) su una vulnerabilità 0‑click in Telegram per Android e Linux che può permettere l'esecuzione remota di codice tramite sticker animati opportunamente predisposti (CVSS ~9.8). Contiene raccomandazioni operative per utenti e organizzazioni.2026-03-31
CRITICAL: Active supply-chain attack on axios
Alert based on a thread reporting an active supply‑chain compromise of axios (npm). The latest axios@1.14.1 pulls a newly published dependency `plain-crypto-js@4.2.1` that appears to be obfuscated installer/malware; recommendation: pin your axios version, audit lockfiles, and avoid upgrading until verified.2026-04-01
Cisco source code stolen in Trivy-linked dev environment breach
Reports indicate threat actors leveraged credentials stolen via the Trivy supply‑chain compromise to breach Cisco development environments, clone hundreds of repositories and exfiltrate source code and AWS keys. Incident is being linked to TeamPCP and related supply‑chain attacks.2026-04-07
Lockheed Martin data reportedly listed on a dark web market
Hackread report claiming a dark web market is advertising 375 TB of Lockheed Martin data, a potentially significant security and supply-chain risk signal.2026-04-10
HWInfo and CPU-Z both compromised
VX-Underground flags a supply-chain compromise affecting HWInfo and CPU-Z, with trojanized installers, file masquerading, multi-stage in-memory payloads, and C2 infrastructure tied to the campaign.2026-04-29
GitHub RCE Vulnerability (CVE-2026-3854)
Wiz research on a critical remote code execution vulnerability in GitHub Enterprise Server.2026-05-04
Fast16 Malware
Analysis of Fast16 malware — a fileless, PowerShell-based RAT deployed via Google Ads that hijacks Chrome profiles and uses legitimate processes to blend in, targeting financial services and tech sectorsGEANT Security Newsletter
Regular security newsletter from GEANT covering threat intelligence, vulnerability advisories, and security best practices for the European research and education networkSmokedHam, la backdoor scelta dagli amministratori IT
SmokedHam (UNC2465) — backdoor C#/PowerShell su Cloudflare Workers, distribuita via malvertising a IT admin tramite installer contraffatti di RVTools, PuTTY e Remote Desktop Manager2026-05-07