UNC5221 Spent 18 Months Undetected Before Deploying Three Backdoors
Chinese APT group UNC5221 used Brickstorm, Plenet, and AgentPSD to maintain access across a victim network and its MSP for over 18 months.
ThreatsThreat Intelligence Feed
-
-
Your Smart TV's Idle Hours Are Selling Your Bandwidth
Free apps embed Bright Data's SDK to route web-scraping traffic through home IPs, including always-on smart TVs, with consent screens that don't match actual da
Threats -
SolarWinds Serv-U Crash Flaw Now Under Active Exploitation
CISA added CVE-2026-28318, a DoS flaw in SolarWinds Serv-U, to its KEV catalog with a federal patch deadline of June 19, 2026.
Threats -
AI Found 21 FFmpeg Zero-Days for $1,000. Chrome Patched 429 in One Shot.
An AI agent found 21 FFmpeg zero-days for ~$1,000. That same week, Chrome 149 patched a record 429 bugs.
Threats -
900 Gas Station Gauges Are Online and Undefended
Over 900 ATG systems in the US sit exposed on the open internet, vulnerable to command execution attacks that could disable fuel leak detection.
Threats -
PCPJack Built a 230-Node SMTP Relay Network Inside Cloud Infrastructure
PCPJack compromised 230 AWS, Azure, and Google Cloud servers to build a covert SMTP relay network, leaving tools exposed on an open C2 directory.
Threats
Analysis & Guides
Threats
Cisco SSRF, Iranian Crypto Sanctions, and an FSB Spyware Disclosure
A Cisco UCM flaw with a CVSS 8.6 score, FSB spyware claims, and $7.7B in sanctioned Iranian crypto volume define this week's threat landscape.
Threats
The Browser Is Now Where Breaches Begin and Go Undetected
The 2026 Verizon DBIR confirms what browser telemetry has shown for months: the browser is the primary attack surface most enterprises aren't watching.
Threats
WordPress Sites Under Fire From Everest Forms Pro Code Injection Flaw
CVE-2026-3300 in Everest Forms Pro lets unauthenticated attackers run arbitrary PHP and create rogue admin accounts.
Threats
How One Forum Post Is Teaching Beginners to Hack for Money
A dark web tutorial by "Hercules" breaks vulnerability exploitation into steps any beginner can follow—and it's spreading fast.
Threats
How Magecart Attackers Hid Card Skimmers Inside Stripe's Own API
A new skimming campaign routes stolen payment data through api.stripe.com, bypassing CSP filters by abusing trusted infrastructure.
Threats
A Single GitHub Issue Could Have Poisoned Anthropic's Own Action
A flaw in Claude Code's GitHub Action let any attacker with a bot account hijack public repos and steal write credentials via prompt injection.
Threats
ShinyHunters Dumps 234 GB of DentaQuest Data After Ransom Fails
DentaQuest's breach exposed 2.6 million accounts including health IDs and insurance data after ShinyHunters published 234 GB when negotiations collapsed.