Cyber Threat Intelligence

NoName057(16) led 14 listings, Lazarus leaked Westminster International University in Tashkent, and Drupal Core SQLi plus Laravel-Lang join CISA KEV.

Unit 42 maps Iranian APT Screening Serpens; FBI arrests Canadian KimWolf DDoS operator behind 1M+ devices; 60 breach claims include BMW AG and FSB.

LAPSUS-GROUP claims a GitHub data sale; The BlackH4t MD-Ghost names NATO; NoName057(16) hits Ukraine with 11 DDoS; 32 of 120 events are data-breach claims.

GitHub confirms internal repo theft via VS Code extension; Microsoft disrupts Fox Tempest signing service; 53 critical data exposure events hit US, France, India.

Exchange Markets claims breaches at Qatar, Kuwait financial entities. Microsoft disrupts Fox Tempest malware-signing service. Drupal warns of critical patch. JAX7 targets Indonesian govt data.

159 events tracked; 48 critical exposures. Qilin, NoName057(16) active. India, US, Indonesia top victims. Healthcare, telecom, government sectors hit. Supply chain threats escalate.

47 critical data exposures logged, with Kazu targeting health and government sectors globally. NGINX CVE-2026-42945 exploited in the wild. Grafana GitHub token breach disclosed.

165 events tracked; 66 critical exposures. Qilin, LockBit active. Multiple government, telecom, and education breaches reported globally.

UNC6671's BlackFile brand goes dark amid ongoing vishing extortion campaigns. Cisco SD-WAN zero-day CVE-2026-20182 exploited in the wild. Major breaches hit Coinbase, Eli Lilly, and U.S. Department of

Qilin, Pharaoh's Team drive 197 events; Foxconn confirms ransomware; Ghostwriter targets Ukraine; critical data exposures hit India, France, Chile.

Microsoft patches 138 flaws including zero-click Outlook bug; AI tools find 16 vulns. Breaches hit Egypt Education, Indonesia BNI, US govt agencies. UK reforms cybercrime law.

Instructure pays ShinyHunters for 3.65TB Canvas data; Mini Shai-Hulud npm wave hits TanStack, Mistral AI, UiPath; 56 alleged breach/leak claims.

Lazarus targets passport databases globally; Google detects first AI-developed zero-day exploit; new Linux kernel vulnerability 'Dirty Frag' emerges; UK water company fined for undetected breach.

174 events tracked; 35 critical exposures. Lazarus claims multiple US/China leaks. Keymous Plus targets Egypt govt. Critical Ollama CVE-2026-7482 (CVSS 9.1) disclosed.

Actor The GODFATHER of all claims breaches of BlackRock, Vanguard, Palantir, and others. XORCAT and Qilin remain active. Critical infrastructure and healthcare targeted.

ShinyHunters claims 9,000 schools impacted by Canvas breach; Polish water plants hit by ICS attacks; 74 critical data exposures include US DoD, Taiwan Military, and financial firms.

32 critical data exposure events today, led by telecom and government leaks in France, Canada, and Israel. Cisco and PAN-OS zero-day patches urgent. Cloud worm PCPJack steals credentials at scale.

Palo Alto PAN-OS zero-day exploited in the wild; Daemon Tools supply-chain attack; MuddyWater false-flag ransomware; 54 critical data exposures including US, Brazil, France, and Indonesia.

Today's brief covers a critical Linux kernel LPE, an Apache HTTP/2 RCE, and a DAEMON Tools supply chain attack. Over 50 data exposure events hit Israel, Mexico, and Ecuador, with Cinzz and NoName057(1

55 critical data exposures reported including U.S. Navy, Robinhood, and Rheinmetall. Active exploitation of Linux 'Copy Fail' bug begins. Phishing campaign hits 80+ orgs using RMM tools.

Massive data leak campaign by FreeCity hits 10+ organizations across Malaysia, Vietnam, UK, Spain. CISA warns of active exploitation of Linux privilege escalation bug CVE-2026-31431. Israeli, Indonesi

212 events, 53 critical. Forum claims target Microsoft, Orange, Aviso Wealth; Trellix confirms source-code breach; CVE-2026-31431 Linux root active.

180 events tracked; 70 critical exposures. Indonesia, US, Brazil targeted. Mr. Hanz Xploit active. Government, telecom, finance sectors hit.

47 forum data-breach posts hit US targets; Google patches CVSS-10 Gemini CLI RCE; Linux 'Copy Fail' kernel flaw enables root.

62 critical data exposure events today, with TheFallen targeting US insurance and finance. Indonesia, Morocco, and US lead victim countries. Supply chain attacks on npm and SAP packages reported.

184 events tracked; Polymarket API breach, Wells Fargo data sale, GitHub CVE-2026-3854 RCE, VECT 2.0 wiper, and LofyGang stealer resurface. Indonesia, France, US heavily targeted.