Sniper DZ PhaaS Platform Targets MENA Users via Facebook Scams
Group-IB researchers detail how Sniper DZ campaigns targeted MENA users through fake Facebook accounts, browser notification abuse, and traffic monetization sch
ToolsThreat Intelligence Feed
-
-
400+ Arch Linux AUR Packages Hijacked to Deploy Credential Stealer
Attackers hijacked over 400 AUR packages to install a Rust-based credential stealer. Systems built from affected packages since June 11 should be treated as com
VPN & Privacy -
INTERPOL Operation Ramz Dismantles Sniper Dz Phishing-as-a-Service Platform
INTERPOL's Operation Ramz disrupted Sniper Dz, a decade-old PhaaS platform, resulting in 201 arrests across 13 MENA countries and the takedown of its infrastruc
Guides -
ServiceNow Flaw Exploited to Access Customer Instance Tables
ServiceNow patched a flaw on June 5, 2026 after threat actors exploited it to query instance tables across a subset of customers.
VPN & Privacy -
UNC5221 Spent 18 Months Undetected Before Deploying Three Backdoors
Chinese APT group UNC5221 used Brickstorm, Plenet, and AgentPSD to maintain access across a victim network and its MSP for over 18 months.
Threats -
Your Smart TV's Idle Hours Are Selling Your Bandwidth
Free apps embed Bright Data's SDK to route web-scraping traffic through home IPs, including always-on smart TVs, with consent screens that don't match actual da
Threats
Analysis & Guides
Threats
SolarWinds Serv-U Crash Flaw Now Under Active Exploitation
CISA added CVE-2026-28318, a DoS flaw in SolarWinds Serv-U, to its KEV catalog with a federal patch deadline of June 19, 2026.
Threats
AI Found 21 FFmpeg Zero-Days for $1,000. Chrome Patched 429 in One Shot.
An AI agent found 21 FFmpeg zero-days for ~$1,000. That same week, Chrome 149 patched a record 429 bugs.
Threats
900 Gas Station Gauges Are Online and Undefended
Over 900 ATG systems in the US sit exposed on the open internet, vulnerable to command execution attacks that could disable fuel leak detection.
Threats
PCPJack Built a 230-Node SMTP Relay Network Inside Cloud Infrastructure
PCPJack compromised 230 AWS, Azure, and Google Cloud servers to build a covert SMTP relay network, leaving tools exposed on an open C2 directory.
Threats
Cisco SSRF, Iranian Crypto Sanctions, and an FSB Spyware Disclosure
A Cisco UCM flaw with a CVSS 8.6 score, FSB spyware claims, and $7.7B in sanctioned Iranian crypto volume define this week's threat landscape.
Threats
The Browser Is Now Where Breaches Begin and Go Undetected
The 2026 Verizon DBIR confirms what browser telemetry has shown for months: the browser is the primary attack surface most enterprises aren't watching.
Threats
WordPress Sites Under Fire From Everest Forms Pro Code Injection Flaw
CVE-2026-3300 in Everest Forms Pro lets unauthenticated attackers run arbitrary PHP and create rogue admin accounts.
Threats
How One Forum Post Is Teaching Beginners to Hack for Money
A dark web tutorial by "Hercules" breaks vulnerability exploitation into steps any beginner can follow - and it's spreading fast.
Threats
How Magecart Attackers Hid Card Skimmers Inside Stripe's Own API
A new skimming campaign routes stolen payment data through api.stripe.com, bypassing CSP filters by abusing trusted infrastructure.