Storm-1175 focuses gaze on vulnerable web-facing assets in high ...

The financially motivated cybercriminal actor tracked by Microsoft Threat Intelligence as Storm-1175 operates high-velocity ransomware campaigns that weaponize N-days, targeting vulnerable, web-facing systems during the window between vulnerability disclosure and widespread patch adoption. Following successful exploitation, Storm-1175 rapidly moves from initial access to data exfiltration and deployment of Medusa ransomware, often within a few days and, in some cases, within 24 hours. The threat actor’s high operational tempo and proficiency in identifying exposed perimeter assets have proven successful, with recent intrusions heavily impacting healthcare organizations, as well as those in the education, professional services, and finance sectors in Australia, United Kingdom, and United States.

Pulse ID: 69d41711b3984d53ffc4f8ce
Pulse Link: https://otx.alienvault.com/pulse/69d41711b3984d53ffc4f8ce
Pulse Author: AlienVault
Created: 2026-04-06 20:26:57

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Australia #CyberSecurity #Education #Healthcare #InfoSec #Microsoft #OTX #OpenThreatExchange #RAT #RansomWare #UnitedKingdom #UnitedStates #Vulnerability #bot #AlienVault

Seqrite: Advisory: Middle East Conflict & Cyber Escalation

Iran’s cyber ecosystem operates through a layered structure that combines state-directed APT groups (IRGC-linked and MOIS-linked); semi-official contractors and front entities; hacktivist personas and collectives operated by intelligence services; and ideologically aligned foreign collectives operating in parallel. The Stryker Corporation attack on March 11, 2026 marked a significant escalation: a destructive wiper operation against the US, executed without malware by abusing legitimate MDM infrastructure representing a qualitative shift in Iranian operational capability and willingness to target Western corporate infrastructure.

Pulse ID: 69d3cb85f3db16d53c999e18
Pulse Link: https://otx.alienvault.com/pulse/69d3cb85f3db16d53c999e18
Pulse Author: AlienVault
Created: 2026-04-06 15:04:37

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Hacktivist #IRGC #InfoSec #Iran #Malware #MiddleEast #OTX #OpenThreatExchange #RAT #bot #AlienVault

Inside an AIenabled device code phishing campaign

Microsoft Defender Security Research has observed a widespread phishing campaign leveraging the Device Code Authentication flow to compromise organizational accounts at scale. While traditional device code attacks are typically narrow in scope, this campaign demonstrated a higher success rate, driven by automation and dynamic code generation that circumvented the standard 15-minute expiration window for device codes. This activity aligns with the emergence of EvilToken, a Phishing-as-a-Service (PhaaS) toolkit identified as a key driver of large-scale device code abuse.

Pulse ID: 69d4175ab0f5278eae91f1cf
Pulse Link: https://otx.alienvault.com/pulse/69d4175ab0f5278eae91f1cf
Pulse Author: AlienVault
Created: 2026-04-06 20:28:10

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #Phishing #RAT #bot #AlienVault

Inside the Axios supply chain compromise - one RAT to rule them all

Pulse ID: 69d33a3305485b860e5a56a2
Pulse Link: https://otx.alienvault.com/pulse/69d33a3305485b860e5a56a2
Pulse Author: Tr1sa111
Created: 2026-04-06 04:44:35

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #SupplyChain #bot #iOS #Tr1sa111

North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack

Pulse ID: 69d33a442f585df3ff14e467
Pulse Link: https://otx.alienvault.com/pulse/69d33a442f585df3ff14e467
Pulse Author: Tr1sa111
Created: 2026-04-06 04:44:52

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Korea #NPM #NorthKorea #OTX #OpenThreatExchange #SupplyChain #bot #iOS #Tr1sa111

Unpacking Augmented Marauder’s Multi-Pronged Casbaneiro Campaigns

Pulse ID: 69d33a3ab9b13902209d10ad
Pulse Link: https://otx.alienvault.com/pulse/69d33a3ab9b13902209d10ad
Pulse Author: Tr1sa111
Created: 2026-04-06 04:44:42

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #OTX #OpenThreatExchange #bot #Tr1sa111

Stranger Strings: Yurei Ransomware Operator Toolkit Exposed

Pulse ID: 69d33a50d28a2f4b416cc023
Pulse Link: https://otx.alienvault.com/pulse/69d33a50d28a2f4b416cc023
Pulse Author: Tr1sa111
Created: 2026-04-06 04:45:04

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #RansomWare #bot #Tr1sa111

North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack

Pulse ID: 69d33a5b493b7f2ea2aa0d52
Pulse Link: https://otx.alienvault.com/pulse/69d33a5b493b7f2ea2aa0d52
Pulse Author: Tr1sa111
Created: 2026-04-06 04:45:15

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Korea #NPM #NorthKorea #OTX #OpenThreatExchange #SupplyChain #bot #iOS #Tr1sa111

Cisco Talos: Qilin EDR killer infection chain

Pulse ID: 69d33a5e7b8174614730aac9
Pulse Link: https://otx.alienvault.com/pulse/69d33a5e7b8174614730aac9
Pulse Author: Tr1sa111
Created: 2026-04-06 04:45:18

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cisco #CyberSecurity #EDR #InfoSec #OTX #OpenThreatExchange #Talos #bot #Tr1sa111

Blurred Lines: AdTech Abuse Delivers Browser Hijackers Through the Microsoft Store

Pulse ID: 69d33a7fcccc3e34b2b4df70
Pulse Link: https://otx.alienvault.com/pulse/69d33a7fcccc3e34b2b4df70
Pulse Author: Tr1sa111
Created: 2026-04-06 04:45:51

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #CyberSecurity #InfoSec #Microsoft #OTX #OpenThreatExchange #bot #Tr1sa111