Sliver | The blockbuster whose big finale nearly killed three people – then got cut

https://fed.brid.gy/r/https://filmstories.co.uk/news/the-blockbuster-whose-big-finale-nearly-killed-three-people-then-got-cut/

Middle East Malicious Infrastructure Report: 1,350+ C2 Servers Mapped Across 98 Providers

Between February and May 2026, over 1,350 active command-and-control servers were identified across 98 infrastructure providers spanning 14 Middle Eastern countries. Saudi Arabia's STC hosted 981 C2 servers, representing 72.4% of all regional malicious infrastructure, the largest concentration globally. C2 infrastructure dominated at 96.8% of detected activity, with IoT-focused botnets like Hajime, Mozi, and Mirai, alongside offensive frameworks including Tactical RMM, Cobalt Strike, and Sliver representing the primary malware families. The infrastructure supported diverse operations from state-sponsored espionage campaigns like Eagle Werewolf targeting state entities, to Malware-as-a-Service platforms, cryptomining operations, and destructive attacks such as DYNOWIPER. Key providers included SERVERS TECH FZCO in UAE, OMC in Israel, Türk Telekom, and Regxa in Iraq, demonstrating how telecommunications giants and specialized hosting services enable both commodity cybercrime and advanced persistent threat op...

Pulse ID: 6a0f8f36422c8adb515a9804
Pulse Link: https://otx.alienvault.com/pulse/6a0f8f36422c8adb515a9804
Pulse Author: AlienVault
Created: 2026-05-21 23:03:18

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CobaltStrike #CryptoMining #CyberCrime #CyberSecurity #Espionage #InfoSec #IoT #Israel #Malware #MalwareAsAService #MiddleEast #Mirai #OTX #OpenThreatExchange #RAT #SaudiArabia #Sliver #Telecom #Telecommunication #UAE #bot #botnet #AlienVault

Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities

Cisco Talos tracks active exploitation of CVE-2026-20182, an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager, allowing remote attackers to obtain administrative privileges. The exploitation is attributed to UAT-8616, a sophisticated threat actor previously involved in similar attacks. Additionally, multiple threat clusters have been exploiting CVE-2026-20133, CVE-2026-20128, and CVE-2026-20122 since March 2026, following public release of proof-of-concept code by ZeroZenX Labs. Post-compromise activities include deployment of various webshells, including XenShell, Godzilla, and Behinder variants, along with cryptocurrency miners, red team frameworks like Sliver and AdaptixC2, and credential stealers. Ten distinct threat clusters have been identified, each utilizing different malicious tooling and infrastructure. Affected systems require immediate patching and security measures.

Pulse ID: 6a062c38dfdb5434bb2f0876
Pulse Link: https://otx.alienvault.com/pulse/6a062c38dfdb5434bb2f0876
Pulse Author: AlienVault
Created: 2026-05-14 20:10:32

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cisco #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #Sliver #Talos #Troll #Vulnerability #bot #cryptocurrency #AlienVault

New blog post!

This time I talk about my new favorite evasive shellcode loader, Charon. I give a brief overview about what it does, how it works and which techniques it uses.

Also a brief addendum for enjoyers of bloated Implants such as Sliver.

https://ti-kallisti.com/general/ms/descending-into-hades.html

#InfoSec #Malware #Shellcode #RedTeam #RedTeaming #Pentesting #Charon #Sliver #Merlin #Mythic

every block, just a

every block, just a 
sliver of sky – keep an eye 
on the horizon
.
20260424:2005
y

«Ждите гостей»: новые инструменты и тактики PhantomCore в атаках на российские компании

На примере новой атаки PhantomCore - одной из главных киберугроз для российских и белорусских компаний - показываем, как группировка развивает свои инструменты и тактики, внедряет новое ВПО и расширяет спектр используемых технологий, включая AI-решения. Одна из главных особенностей PhantomCore – её постоянная изменчивость: эта АРТ-группа быстро приспосабливается к новым условиям, оперативно меняет инструменты и изобретает нестандартные способы доставки ВПО до атакуемых организаций.

https://habr.com/ru/companies/F6/articles/1024486/

#phantomcore #apt #kermit_rat #фишинговые_письма #киберразведка #threat_intelligence #mattermost #cyberstrike_ai #mashagent #sliver