THREAT OPS › Threat News
Threat Intelligence News
2711 reports from 110+ open cyber-threat-intelligence sources — APT activity, malware, vulnerabilities and campaigns, newest first.
- Cat’s Got Your Files: Lynx Ransomwaredfirreport · 2025-12-17
- Coordinated Credential-Based Campaign Targets Cisco and Palo Alto Networks VPN Gatewaysgreynoise_blog · 2025-12-17
- There's Payloads, And Then There's pAIloads: A Look At Selected Opportunistic (And Possibly AI-"Enhanced") React2Shell Probes and Attacksgreynoise_blog · 2025-12-17
- Battling check fraud in the U.S.intel471 · 2025-12-16
- Welcome to the new Project Zero Blogproject_zero · 2025-12-16
- Gootloader Malware Updateintel471 · 2025-12-11
- HTTPS certificate industry phasing out less secure domain validation methodsgoogle_security · 2025-12-10
- Shai-Hulud Worm 2.0intel471 · 2025-12-10
- The Fragile Lock: Novel Bypasses For SAML Authenticationportswigger_research · 2025-12-10
- Introducing Saved Searches in Google Threat Intelligence (GTI) and VirusTotal (VT): Enhance Collaboration and Efficiencyvirustotal_blog · 2025-12-10
- Further Hardening Android GPUsgoogle_security · 2025-12-09
- Architecting Security for Agentic Capabilities in Chromegoogle_security · 2025-12-08
- [Breach] Dragonica Lunaris — 126,293 accounts exposedhibp_breaches · 2025-12-06
- Cybersecurity industry overreacts to React vulnerability, starts panic, burns own house down againdoublepulsar · 2025-12-05
- The Normalization of Deviance in AIembracethered · 2025-12-05
- CVE-2025-55182 (React2Shell) Opportunistic Exploitation In The Wild: What The GreyNoise Observation Grid Is Seeing So Fargreynoise_blog · 2025-12-05
- New FvncBot Android banking trojan targets Polandintel471 · 2025-12-04
- Dangerous Invitations: Russian Threat Actor Spoofs European Security Events in Targeted Phishing Attacksvolexity · 2025-12-04
- 2025-041: Critical Security Vulnerability in React Server Componentscert_eu · 2025-12-04
- A Hidden Pattern Within Months of Credential-Based Attacks Against Palo Alto GlobalProtectgreynoise_blog · 2025-12-04
- Android expands pilot for in-call scam protection for financial appsgoogle_security · 2025-12-03
- Small numbers of Notepad++ users reporting security woesdoublepulsar · 2025-12-02
- How GitHub’s agentic security principles make our AI agents as secure as possiblegithub_security_lab · 2025-11-25
- Antigravity Grounded! Security Vulnerabilities in Google's Latest IDEembracethered · 2025-11-25
- White Paper Preview: Black "Fraud Day” and Beyond — The Key Cyber Threats Facing the Retail Sector this Holiday Seasonintel471 · 2025-11-25
- Your IP Address Might Be Someone Else's Problem (And Here's How to Find Out)greynoise_blog · 2025-11-25
- What organisations can learn from the record breaking fine over Capita’s ransomware incidentdoublepulsar · 2025-11-20
- Threat hunting case study: Detecting IAB activityintel471 · 2025-11-20
- Using deception to extract cyber threat intelligenceintel471 · 2025-11-20
- Android Quick Share Support for AirDrop: A Secure Approach to Cross-Platform File Sharinggoogle_security · 2025-11-20
- Lynx Ransomwareintel471 · 2025-11-19
- Palo Alto Scanning Surges 40X in 24 Hours, Marking 90-Day Highgreynoise_blog · 2025-11-19
- FortiWeb CVE‑2025‑64446: What We’re Seeing in the Wildgreynoise_blog · 2025-11-19
- Introducing Query-Based Blocklists: Fully Configurable, Real-Time Threat Blocking in the GreyNoise Platformgreynoise_blog · 2025-11-19
- YAMAGoya: A Real-time Client Monitoring Tool Using Sigma and YARA Rulesjpcert_blog · 2025-11-18
- When Bulletproof Hosting Proves Bulletproof: The Stark Industries Shell Gamegreynoise_blog · 2025-11-17
- Rust in Android: move fast and fix thingsgoogle_security · 2025-11-13
- Qilin Ransomware Groupintel471 · 2025-11-12
- ClickFix: Tricking users into installing infostealersintel471 · 2025-11-11
- Cybercrime Takedowns: Trust, Partnerships and Focusintel471 · 2025-11-11
- Introducing HTTP Anomaly Rankportswigger_research · 2025-11-11
- VTPRACTITIONERS{ACRONIS}: Tracking FileFix, Shadow Vector, and SideWindervirustotal_blog · 2025-11-10
- Reversing at Scale: AI-Powered Malware Detection for Apple’s Binariesvirustotal_blog · 2025-11-06
- Update on Attacks by Threat Group APT-C-60jpcert_blog · 2025-11-05
- How card fraud is powered by underground card checkersintel471 · 2025-11-05
- What GreyNoise Learned from Deploying MCP Honeypotsgreynoise_blog · 2025-11-05
- PHP Cryptomining Campaign: October/November 2025greynoise_blog · 2025-11-04
- CyberSlop — meet the new threat actor, MIT and Safe Securitydoublepulsar · 2025-11-03
- November is the Month of Searches: Explore, Learn, and Share with #MonthOfVTSearchvirustotal_blog · 2025-11-03
- Tracking down The Comintel471 · 2025-10-30
- How Android provides the most effective protection to keep you safe from mobile scamsgoogle_security · 2025-10-30
- HTTPS by defaultgoogle_security · 2025-10-28
- Claude Pirate: Abusing Anthropic's File API For Data Exfiltrationembracethered · 2025-10-28
- TSUBAME Report Overflow (Apr-Jun 2025)jpcert_blog · 2025-10-28
- Turning Chaos into Clarity: The Next Phase of Intel 471’s Geopolitical Intelligence Solutionintel471 · 2025-10-26
- We Got Yelled At by Amazon So You Didn’t Have Togreynoise_blog · 2025-10-24
- Microsoft builds on Recall with Gaming Copilot — fails basic privacy testsdoublepulsar · 2025-10-23
- Hugging Face and VirusTotal: Building Trust in AI Modelsvirustotal_blog · 2025-10-23
- GreyNoise Welcomes New Director of Intelligence, Nishawn Smaghgreynoise_blog · 2025-10-23
- The FBI’s Group 78: Covertly fighting ransomware?intel471 · 2025-10-22
- How threat actors bypass multifactor authenticationintel471 · 2025-10-22
- VTPRACTITIONERS{SEQRITE}: Tracking UNG0002, Silent Lynx and DragonClonevirustotal_blog · 2025-10-21
- Inside the breach that broke the internet: The untold story of Log4Shellgithub_security_lab · 2025-10-20
- Threat Actors Deploying New IPs Daily to Attack Microsoft RDPgreynoise_blog · 2025-10-20
- Crimson Collectiveintel471 · 2025-10-16
- GreyNoise’s Recent Observations Around F5greynoise_blog · 2025-10-15
- In a digital age, US paper check fraud flourishesintel471 · 2025-10-14
- How you can defend against AI-driven fraud and phishingintel471 · 2025-10-14
- Introducing GreyNoise Block: Fully configurable, real-time blocklistsgreynoise_blog · 2025-10-14
- 100,000+ IP Botnet Launches Coordinated RDP Attack Wave Against US Infrastructuregreynoise_blog · 2025-10-10
- Simpler Access for a Stronger VirusTotalvirustotal_blog · 2025-10-08
- APT Meets GPT: Targeted Operations with Untamed LLMsvolexity · 2025-10-08
- Introducing GreyNoise Feeds: Real-Time Intel for Real-Time Responsegreynoise_blog · 2025-10-08
- Palo Alto Scanning Surges ~500% in 48 Hours, Marking 90-Day Highgreynoise_blog · 2025-10-03
- Detecting cybercriminal activity on Telegramintel471 · 2025-10-02
- Coordinated Grafana Exploitation Attempts on 28 Septembergreynoise_blog · 2025-10-02
- Crowdsourced AI += Exodia Labsvirustotal_blog · 2025-10-01
- Advanced Threat Hunting: Automating Large-Scale Operations with LLMsvirustotal_blog · 2025-09-30
- From a Single Click: How Lunar Spider Enabled a Near Two-Month Intrusiondfirreport · 2025-09-29
- Cross-Agent Privilege Escalation: When Agents Free Each Otherembracethered · 2025-09-24
- Accelerating adoption of AI for cybersecurity at DEF CON 33google_security · 2025-09-24
- GreyNoise Intel Now Available Through MCPgreynoise_blog · 2025-09-18
- WebSocket Turbo Intruder: Unearthing the WebSocket Goldmineportswigger_research · 2025-09-17
- Supporting Rowhammer research to protect the DRAM ecosystemgoogle_security · 2025-09-15
- Post-quantum security for SSH access on GitHubgithub_security_lab · 2025-09-15
- How Pixel and Android are bringing a new level of trust to your images with C2PA Content Credentialsgoogle_security · 2025-09-10
- Blurring the Lines: Intrusion Shows Connection With Three Major Ransomware Gangsdfirreport · 2025-09-08
- Supercharging Your Threat Hunts: Join VirusTotal at Labscon for a Workshop on Automation and LLMsvirustotal_blog · 2025-09-05
- Uncovering a Colombian Malware Campaign with AI Code Analysisvirustotal_blog · 2025-09-04
- 25,000 IPs Scanned Cisco ASA Devices — New Vulnerability Potentially Incominggreynoise_blog · 2025-09-04
- Cookie Chaos: How to bypass __Host and __Secure cookie prefixesportswigger_research · 2025-09-03
- Wrap Up: The Month of AI Bugsembracethered · 2025-08-31
- AgentHopper: An AI Virusembracethered · 2025-08-30
- Windsurf MCP Integration: Missing Security Controls Put Users at Riskembracethered · 2025-08-28
- Integrating Code Insight into Reverse Engineering Workflowsvirustotal_blog · 2025-08-28
- Cline: Vulnerable To Data Exfiltration And How To Protect Your Dataembracethered · 2025-08-27
- AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injectionembracethered · 2025-08-26
- Inline Style Exfiltration: leaking data with chained CSS conditionalsportswigger_research · 2025-08-26
- Applying AI Analysis to PDF Threatsvirustotal_blog · 2025-08-25
- Safeguarding VS Code against prompt injectionsgithub_security_lab · 2025-08-25