CTI.FYI🚨New ransom group blog post!🚨
Group name: play
Post title: Branagh
Info: https://cti.fyi/groups/play.html
#ransomware #cti #threatintelligence #cybersecurity #infosec
HackerWorkspaceVK Styles: 500K Users Infected by Chrome Extensions That Hijack VKontakte Accounts
🚨New ransom group blog post!🚨
Group name: incransom
Post title: Bitgo
Info: https://cti.fyi/groups/incransom.html
#ransomware #cti #threatintelligence #cybersecurity #infosec
SOC GoulashMorning, cyber pros! ☕ It's been a slightly quieter 24 hours, but we've still got some critical updates to chew on, from a dominant threat actor exploiting Ivanti RCEs to North Korean fake recruiters and a low-tech crypto phishing scam. Let's dive in:
Ivanti RCE Exploitation Dominance ⚠️
- A single threat actor, using bulletproof infrastructure from IP 193.24.123.42, is behind 83% of recent active exploitation attempts targeting two critical Ivanti EPMM RCE vulnerabilities (CVE-2026-21962 and CVE-2026-24061).
- This IP address is not widely published in IOC lists, meaning many defenders might be missing the primary source of these automated attacks, which also target Oracle WebLogic and GNU Inetutils Telnetd.
- Ivanti has released hotfixes and recommends using specific RPM packages or, for the most conservative approach, rebuilding EPMM instances and migrating data until full patches are available in Q1.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/one-threat-actor-responsible-for-83-percent-of-recent-ivanti-rce-attacks/
Lazarus Group's Fake Job Scams 🕵️
- North Korean threat actors, likely the Lazarus Group, are targeting JavaScript and Python developers with fake job offers that include malicious coding challenges.
- These challenges trick developers into installing compromised packages from npm and PyPi (dubbed 'Graphalgo'), which then deploy a sophisticated Remote Access Trojan (RAT) capable of exfiltrating files and checking for MetaMask installations.
- Developers who may have installed packages like 'bigmathutils' or those with 'graph' or 'big' in their name from suspicious sources should immediately rotate all credentials, tokens, and consider a full OS reinstall.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/fake-job-recruiters-hide-malware-in-developer-coding-challenges/
Crypto Wallet Phishing via Snail Mail ✉️
- Threat actors are employing a rare physical phishing tactic, sending fake letters impersonating Trezor and Ledger to trick hardware wallet users into revealing their recovery phrases.
- The letters create urgency, claiming mandatory "Authentication Checks" or "Transaction Checks" and directing users to scan QR codes that lead to sophisticated phishing websites designed to steal 12-, 20-, or 24-word seed phrases.
- Remember: reputable hardware wallet manufacturers will NEVER ask you to enter your recovery phrase on a website or computer; it should only be entered directly on the device itself during restoration.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/snail-mail-letters-target-trezor-and-ledger-users-in-crypto-theft-attacks/
#CyberSecurity #ThreatIntelligence #Vulnerability #RCE #Ivanti #LazarusGroup #APT #Malware #RAT #Phishing #SocialEngineering #CryptoSecurity #InfoSec #IncidentResponse
One threat actor responsible for 83% of recent Ivanti RCE attacks
Threat intelligence observations show that a single threat actor is responsible for most of the active exploitation of two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-21962 and CVE-2026-24061.
this is really funny
this is really funny
Europe must adapt to ‘permanent’ cyber and hybrid threats, Sweden warns
https://therecord.media/sweden-cyber-threats-europe-permanent
Threats to the Defense Industrial Base | Google Cloud Blog
https://cloud.google.com/blog/topics/threat-intelligence/threats-to-defense-industrial-base
🚨New ransom group blog post!🚨
Group name: spacebears
Post title: Buff Law
Info: https://cti.fyi/groups/spacebears.html
#ransomware #cti #threatintelligence #cybersecurity #infosec
Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations
https://thehackernews.com/2026/02/google-links-china-iran-russia-north.html
EU can’t be ‘naive’ about enemies shutting down critical infrastructure, warns tech official
https://therecord.media/eu-cyber-critical-infrastructure-tech
EU can’t be ‘naive’ about enemies shutting down critical infrastructure, warns tech official
The European Union can no longer afford to be “naive” about adversaries’ ability to switch off critical infrastructure, the EU’s top tech official warned Friday, as she called for tougher rules and more investment to protect Europe from cyber and hybrid threats.