UAT-9244 hits South American telcos with TernDoor, PeerTime and BruteEntry
Cisco Talos links the activity cluster to China-nexus tooling, including CrowDoor variants and ORB-style proxy infrastructure
30 reports
Cisco Talos links the activity cluster to China-nexus tooling, including CrowDoor variants and ORB-style proxy infrastructure
Reverse engineering shows pragmatic obfuscation, hardcoded crypto, and cloud-native infrastructure supporting scalable intrusion delivery.
Iran • hacktivists • IRGC • MOIS • DDoS • wipers • ransomware • critical infrastructure
Cross-origin browser-to-localhost access, missing loopback throttling, and implicit device trust combine into a silent takeover path from a single web visit.
Designing upstream controls that cut off access brokers, endpoint breakout, and perimeter device exploitation before T1021 starts
Ransomware lateral movement techniques in 2026 are increasingly identity-led, cloud-aware, and executed through legitimate admin channels, forcing defenders to prioritise high-fidelity telemetry,…
UK financial stability and customer outcomes are increasingly shaped by operational cyber risk: attacks (and disruptive technology failures) that impair critical services, amplify fraud losses,…
Operational profile of the Black Basta ransomware ecosystem (2022–2026) Black Basta, BASTA, ransomware, RaaS, double extortion, UNC4393, Storm-1811, QakBot, DarkGate, Quick Assist, vishing, MITRE…
UK further education (FE) colleges and higher education (HE) institutions face a persistently high-volume threat environment driven by phishing, account compromise, ransomware/extortion, and…
LAPSUS$ is an extortion-focused cybercriminal collective best known for high-tempo intrusions against large enterprises and service providers, frequently leveraging social engineering and identity…
Cl0p (often written “CL0P”) is a financially motivated extortion operation best known for high-scale data theft campaigns that disproportionately impact organisations running internet-facing…
Two Fortinet FortiWeb vulnerabilities — CVE-2025-64446 (relative path traversal enabling unauthenticated administrative command execution) and CVE-2025-58034 (OS command injection enabling…