Tag: threat-intelligence

Weekly Threat Brief: Mar 29 - Apr 5, 2026 — Supply Chain Under Siege

North Korean APT UNC1069 compromised the axios npm package affecting 100M+ weekly downloads while AI-assisted malware development reached operational maturity with professional-grade output. Critical zero-day exploits hit Fortinet and other enterprise infrastructure as Iran-linked groups breached high-profile government targets including the FBI Director's email.

Apr 5, 2026Black Temple Weekly Digest

weekly-roundupthreat-intelligencesupply-chain-attacks

🏴ShinyHunters

🇺🇸Lockheed Martin🇺🇸LinkedIn🇦🇪Telegram🇺🇸Google🇨🇳Huawei🇺🇸Apple🇺🇸Meta Platforms

mediumMalware & Threats

Device Code Phishing Attacks Surge 37x as Automated Kits Proliferate

Threat actors are increasingly leveraging OAuth 2.0 Device Authorization Grant flows for phishing attacks, with incidents surging 37 times higher than previous years. The proliferation of automated attack kits is making these sophisticated authentication bypasses accessible to lower-skilled attackers.

Apr 5, 2026BleepingComputer

oauthphishingdevice-code

highIndustry & Policy

Iranian APTs Blur Criminal Lines While AI Security Gaps Widen

Iranian state-sponsored groups are blurring lines with cybercriminal activities through pseudo-ransomware targeting US organizations, while AI security gaps emerge across Google Vertex AI and ChatGPT platforms. Manufacturing remains heavily compromised with 80% of UK facilities hit by cyber incidents in the past year.

Apr 1, 2026Dark Reading, Infosecurity Magazine

iranian-aptsai-securitycloud-security

🇺🇸Google

highVulnerabilities & Exploits

Vulnerability Intelligence Roundup: State-Sponsored Campaigns, Russian Toolkits, and the Secrets Sprawl Crisis

The secrets sprawl crisis intensified in 2025 with 29 million new hardcoded credentials discovered on GitHub, representing a 34% year-over-year increase. Meanwhile, Russian and Chinese threat actors continue sophisticated campaigns against government targets using custom toolkits and multi-stage malware deployments.

Mar 30, 2026The Hacker News, SANS ISC

secrets-sprawlstate-sponsoredrussian-toolkit

criticalIndustry & Policy

Weekly Threat Brief: March 22-29, 2026 — Supply Chain Warfare and Nation-State Escalation

TeamPCP orchestrated a sophisticated supply chain campaign compromising PyPI packages including LiteLLM and Trivy. Iranian actors breached FBI Director Kash Patel's Gmail while critical vulnerabilities in Cisco, NetScaler, and Quest KACE systems face active exploitation.

Mar 29, 2026Black Temple Weekly Digest

weekly-roundupthreat-intelligencesupply-chain-attacks

🏴ShinyHunters

🇺🇸Meta Platforms🇦🇪Telegram🇨🇳TP-Link🇨🇳TikTok🇺🇸Google🇺🇸Oracle Data Cloud🇨🇳Huawei

mediumIndustry & Policy

RSAC 2026 Highlights: EU Leadership, AI-Driven Threats, and Industrial-Scale Identity Abuse

RSA Conference 2026 featured EU officials taking the lead on cybersecurity policy while US government participation remained minimal. Meanwhile, AI emerged as both the dominant attack vector and defensive solution, with researchers warning of industrial-scale identity exploitation campaigns.

Mar 26, 2026Dark Reading, Infosecurity Magazine

rsacartificial-intelligenceransomware

🇺🇸LinkedIn🇺🇸Near Intelligence

highIndustry & Policy

Supply Chain Attacks Surge as AI Tools Reshape Security Perimeter

Multiple supply chain campaigns are actively targeting developer tools and security software, while AI coding tools are creating new vulnerabilities in enterprise endpoints. Enterprise cybersecurity software reportedly fails 20% of the time due to poor patch management.

Mar 25, 2026Dark Reading, Infosecurity Magazine

supply-chainai-securitymalware

🇺🇸Meta Platforms

mediumIndustry & Policy

Weekly Intel: AI Transforms SOCs, Ransomware Evolves, and High-Tech Becomes Top Target

Security teams experiment with AI in SOCs while attackers leverage the same technology for faster ransomware campaigns. High-tech has overtaken finance as the most targeted sector, according to new Mandiant data.

Mar 24, 2026Dark Reading, Infosecurity Magazine

artificial-intelligenceransomwaresoc-operations

criticalIndustry & Policy

Weekly Threat Brief: March 15-22, 2026 — Supply Chain Attacks and Zero-Day Exploitation Surge

Supply chain attacks compromised major security tools including Trivy scanner and AppsFlyer SDK while Russian APTs actively exploited zero-days in iOS, Cisco firewalls, and Zimbra. Critical infrastructure faced sustained assault from ransomware groups and state actors.

Mar 22, 2026Black Temple Weekly Digest

weekly-roundupthreat-intelligencesupply-chain-attacks

🇰🇵Lazarus🏴Lapsus$🇨🇳Winnti

🇺🇸Meta Platforms🇦🇪Telegram🇺🇸Google🇺🇸Oracle Data Cloud🇺🇸Snap Inc

criticalIndustry & Policy

Critical Oracle RCE, Beast Gang Exposed, Interlock Hits Cisco: Weekly Threat Roundup

Oracle released emergency patches for a critical unauthenticated RCE in Fusion Middleware components exposed to the web. Meanwhile, operational security failures by Beast ransomware gang revealed their systematic approach to targeting network backups, while Interlock ransomware demonstrated access to a Cisco firewall zero-day weeks before public disclosure.

Mar 21, 2026Dark Reading

oracleransomwarecisco

🇺🇸Oracle Data Cloud

highIndustry & Policy

Zero-Day Exploitation Windows Shrink as AI Accelerates Attacks, FCA Tightens Incident Rules

AWS reports that Interlock ransomware has been exploiting an undisclosed Cisco firewall zero-day since January, while Rapid7 research shows AI is accelerating attacker response times to just 5 days from vulnerability disclosure to CISA KEV inclusion.

Mar 19, 2026Infosecurity Magazine

zero-dayransomwareregulatory-compliance

🇺🇸Amazon

highIndustry & Policy

Credential Theft Surge, Ransomware Evolution, and AI Security Risks Shape Threat Landscape

Threat actors are increasingly relying on stolen credentials rather than traditional exploitation, while ransomware groups adapt to lower payment rates by changing tools and tactics. Meanwhile, new attack vectors targeting AI development environments and mobile payment systems highlight expanding attack surfaces.

Mar 18, 2026Dark Reading, Infosecurity Magazine

credential-theftransomwareinfostealer

🇷🇺Inception

🇺🇸Reddit