Intelligence · Updated daily

Security Intelligence

AI-analysed threats, vulnerabilities and campaigns. Not just what happened — what it means, who's affected, and what to do about it.

Page 14 of 30

326–350 of 728
highPolicyResolved

Systemic gap in romance scam victim support reveals coordination failure across institutions

Romance scam victims face fragmented support systems with limited coordination between law enforcement, financial institutions, and government agencies, leaving victims isolated and vulnerable to repeated exploitation. This policy gap demands institutional reform to create unified victim assistance pathways.

Law enforcement agencies, Financial institutions, Government support services
highCampaignResolved

GopherWhisper's Go-Based Backdoor Infrastructure Signals Shift Toward Living-Off-The-Land Tactics in Chinese State Espionage

A China-linked APT group identified as GopherWhisper is conducting targeted campaigns against government entities using multiple Go-based backdoors combined with legitimate service abuse to evade detection. The group's reliance on custom loaders and injectors suggests a maturing operational capability focused on persistence and evasion.

Government agencies (specific sectors not disclosed)
highMalwareResolved

UNC6692 deploys Snow malware via Microsoft Teams social engineering, signalling expansion of platform-based attack delivery

Threat actor UNC6692 is using Microsoft Teams to socially engineer targets into executing a custom malware suite called Snow, which comprises a browser extension, tunneler, and backdoor. This represents a shift toward trusted communication platforms as malware delivery vectors, complicating detection and increasing organisational risk.

Microsoft Teams, Microsoft 365 users
highCampaignResolved

BlackFile extortion gang weaponises vishing at scale against retail and hospitality

BlackFile, a financially motivated threat actor, has orchestrated a coordinated campaign of data theft and extortion attacks against retail and hospitality organisations since February 2026, combining social engineering with data exfiltration. The group's use of vishing as a primary attack vector suggests a shift toward human-centric compromise rather than technical vulnerability exploitation.

Retail sector organisations, Hospitality sector organisations
criticalVulnerabilityResolved

OpenC3 COSMOS Script Runner: Privilege Escalation via Docker Network Access and Credential Exposure

Authenticated users with script execution permissions can bypass API access controls by directly connecting to internal services (Redis, S3) via shared Docker network, escalating privileges to administrative level. This PoC demonstrates the exploitation chain requires minimal effort once script execution is granted.

GHSA-2wvh-87g2-89hr
openc3inc/openc3-cosmos-script-runner-api
highCampaignResolved

Teams as attack surface: threat actors weaponise Microsoft's collaboration platform for helpdesk impersonation and lateral movement

Microsoft has observed threat actors increasingly abusing external Teams channels to impersonate helpdesk staff, deceive users into credential disclosure, and establish footholds for lateral movement within enterprise networks. The attack exploits Teams' legitimacy and ubiquity to bypass social engineering defences.

Microsoft Teams, Enterprise organisations using Microsoft 365
highCampaignResolved

Gentlemen ransomware gang escalates infrastructure through SystemBC botnet integration

Gentlemen ransomware operators have integrated SystemBC proxy malware into their attack chain, leveraging a botnet of over 1,570 corporate hosts to obfuscate command-and-control communications and expand operational resilience. This represents a maturation of the gang's infrastructure and signals they are adopting commodity malware to increase attack surface.

Corporate networks (estimated 1,570+ victims)