83% of observed Ivanti EPMM exploitation (CVE-2026-1281) traces to one bulletproof IP that isn't on any published IOC list. The IPs that are? VPN exits with zero Ivanti activity. We broke down who's actually doing this ⬇️
#Ivanti #ThreatIntel #CVE20261281 #InfoSec
We have started to report webshells (or other artifacts) found on Ivanti EPMM devices, likely compromised via CVE-2026-1281. 56 IPs found on 2026-02-06
Data in shadowserver.org/what-we-do/n...
Tree Map view: dashboard.shadowserver.org/statistics/c...
Thank you to the KSA NCA for the heads up!
This has been confirmed today: operation-endgame.com
Europol took down servers for the Rhadamanthys infostealer, the VenomRAT, and the Elysium botnet
Que "The Final Countdown" by Europe 🎶 and lock in 💻-- it's time for final submissions for #FIRSTCTI26 #lastcall #timesup 🔗 go.first.org/EHUnv
🚨 New research: ShinyHunters teamed up with Scattered Spider for vishing attacks on cloud application users, bribed employees for insider access, and targeted engineering users to compromise CI/CD tools. blog.eclecticiq.com/shinyhunters...
@likethecoins.bsky.social @campuscodi.risky.biz
#CTI
Yep, I've been pwned. 2FA reset email, looked very legitimate.
Only NPM affected. I've sent an email off to @npmjs.bsky.social to see if I can get access again.
Sorry everyone, I should have paid more attention. Not like me; have had a stressful week. Will work to get this cleaned up.
New, by me: The hackers who breached Allianz Life earlier this month and stole the personal information belonging to the "majority" of its 1.4 million customers, also took Social Security numbers during the breach, per new filings with U.S. states.
LOL... someone scrapped celebrity Spotify accounts/playlists and leaked their music preferences
The *chef's kiss* here is the name of the site: Panama Playlists 😆
panamaplaylists.com
Screenshot of text that reads: "Mandatory reporting is also being developed, which would equip law enforcement with essential intelligence to hunt down perpetrators and disrupt their activities, allowing for better support for victims. Consultation responses showed strong support for a new mandatory reporting regime to better protect British organisations and industry."
This is by far the coolest part in the UK's proposed ransomware ban and mandatory reporting proposal
www.gov.uk/government/n...
"This report presents the first detailed study of China’s cyber militia system since 2015. It draws from an analysis of 136 individual militia units, as well as authoritative Chinese-language military writings and mobilization documents."
margin.re/mobilizing-c...
Ohhh…I smell a takedown coming!
Via @jgreig.bsky.social & @therecordmedia.bsky.social
GreyNoise observed a major spike in scanning against Ivanti products weeks before two zero-days were disclosed in Ivanti EPMM. Full update: www.greynoise.io/blog/surge-i...
#Ivanti #GreyNoise #Cybersecurity #ZeroDays
Victoria’s Secret website down as company investigates security incident
via @jgreig.bsky.social & @therecordmedia.bsky.social
Microsoft has discovered a cluster of worldwide cloud abuse activity by new Russia-affiliated threat actor Void Blizzard (LAUNDRY BEAR), whose cyberespionage activity targets gov't, defense, transportation, media, NGO, and healthcare in Europe and North America. https://msft.it/63324S9Jkp
Dutch intelligence discover a new Russian APT—LAUNDRY BEAR
www.aivd.nl/documenten/p...
Microsoft calls it Void Blizzard. Their report is here: www.microsoft.com/en-us/securi...
Ivanti patches two zero-days under active attack as intel agency warns customers
Never a dull day in cybersecurity. Check out today's Metacurity for the critical infosec developments you need to know.
www.metacurity.com/russias-apt2...
"A global law enforcement operation coordinated by Europol has struck a major blow to the criminal underground, with 270 arrests of dark web vendors and buyers across ten countries"
www.europol.europa.eu/media-press/...
A Chinese APT (UNC5221) is behind recent attacks exploiting an Ivanti zero-day (CVE-2025-4427)
This is a known Chinese APT group that seems to be specialized in Ivanti and other Western enterprise products... they have a long list of past zero-days in their name
blog.eclecticiq.com/china-nexus-...
cc @likethecoins.bsky.social
🇨🇳 UNC5221 China-Nexus Threat Actor Actively Exploiting Ivanti EPMM (CVE-2025-4428).Targets critical networks like US airports and Telecommunications companies in EU. Exfiltrating sensitive data from managed mobile devices. #cyber
Here is the full report:
blog.eclecticiq.com/china-nexus-...
-Ransomware IAB spreads trojanized KeePass installer
-APT28 targets email servers with XSS attacks
-Good report on DPRK cyber and IT worker schemes
-Russia uses USAID shutdown in info-op targeting Moldova
-RU disinfo group Storm-1516 is behind the Macron coke memes
Storm-1516, a pro-Kremlin 🇷🇺 disinformation group, launched an AI-driven influence operation to discredit European leaders. 🇪🇺 blog.eclecticiq.com/storm-1516-d...
@hatr.bsky.social
🎉 Happy to share that my talk has been accepted at Virus Bulletin! I’ll be presenting in 🇩🇪 Berlin on Friday, September 26 at VB2025:
Details: www.virusbulletin.com/conference/v...
See you there! #vbconference #VB2025
The FBI is awaiting signals from telecom victims that Salt Typhoon is fully excised from their systems. My Q&A with Deputy Assistant Director for Cyber Operations Brett Leatherman about Salt Typhoon and other topics at #RSAC2025 below:
www.nextgov.com/cybersecurit...
Microsoft Teams appears to have been used as part of the cyber kill chain in the Co-Op hack. I've recently seen similar tactics, where threat actors employed voice phishing via Teams calls. It’s a threat worth watching.
Podcast: risky.biz/RBNEWS418/
Newsletter: news.risky.biz/risky-bullet...
-French government grows a spine and calls out Russia's hacks
-Marks & Spencer sends staff home after ransomware attack
-China accuses US of hacking cryptography provider
-AirBorne vulnerabilities impact Apple's AirPlay
As RSA 2025 gets into full swing, stay ahead of the curve by checking out today's Metacurity for the most critical infosec developments you should know.
www.metacurity.com/france-accus...
🚨 Erlang SSH RCE (CVE-2025-32433) is a significant supply chain risks to ICS and OT devices, particularly critical networking equipment like routers, switches, and smart sensors. The public availability of a POC makes this vulnerability especially concerning, as it is straightforward to exploit.
