Category: Threat Intelligence

This Weekly Threat Advisory highlights the latest Ransomware, Malware, CVEs, Threat Actors, and Phishing Kits targeting organizations globally.

Emerging malware strains and ransomware groups are leveraging advanced exploitation techniques to bypass security defenses.

Newly disclosed CVEs are actively being weaponized by threat actors, increasing the risk of targeted attacks.

Phishing kits are evolving, enabling large-scale credential theft and unauthorized access to critical systems.

Security teams must stay vigilant, patch vulnerabilities, enhance detection, and strengthen cyber defense strategies against these evolving threats.

HackForLab Weekly Threat Advisory · Jun 29 – Jul 5 2026 · command-center briefing cover · SITREP 026·27 · 1,524 unique IOCs · 1,129 high-severity · 64 clusters · 5 named APTs · 5 headline cards: AsyncRAT surge, TONResolver novel blockchain-resolved C2, trust-anchor verification-page phishing, APT week UNC1151 APT36 TeamPCP Lazarus BitterAPT, Anubis and The Gentlemen ransomware · midnight navy with cyan amber emerald coral palette
0 13
Posted in Threat Intelligence

Weekly Threat Advisory: 5 APTs, 200 RATs, 74% High-Severity — The Week the C2 Flood Went Quiet (Jun 29 – Jul 5, 2026)

1,524 unique IOCs across 64 clusters. Extraordinary week: DOMAIN volume beat IP for the first time; 74% of records HIGH severity (usual baseline: 1-2%). 5 named APTs active (UNC1151, APT36, TeamPCP, Lazarus, BitterAPT) + CyberAv3ngers subnet anchor at 185.82.73.0/24. AsyncRAT surged to 200+ IOCs — largest RAT footprint YTD. TONResolver introduces novel blockchain-based C2 resolution. Trust-anchor phishing (Fake Google/Cloudflare verification pages, 54 IOCs, two subnet anchors). Anubis + The Gentlemen ransomware active. Steganographic ad malware (StegoAd) and AI-agent phishing surface as new attack patterns. Full ATT&CK mapping per cluster, subnet anchors, top 15 IOCs per indicator type, 4 production-ready Sigma rules.

HackForLab Weekly Threat Advisory · June 22-28 2026 · editorial bulletin cover · The State of the Threat · 54,820 observations · 87 clusters · 632 high-severity · 7 named APTs · 5 story cards: APT Week (Gamaredon Turla MustangPanda CL-STA-1062 Silent Lynx), DragonForce Full Kill Chain, Messaging Weaponised (WhatsApp VBScript Campaign), Supply Chain Surge (GhostShell Malicious npm Browser ad-blocker), New RAT on the Block (ModeloRAT)
0 18
Posted in Threat Intelligence

Weekly Threat Advisory: APT Surge, Ransomware Full-Pivot, Messaging Weaponised — June 22-28, 2026

54,820 indicator observations across 87 adversary clusters this week. Four state-aligned APTs active in parallel (Gamaredon, Turla, MustangPanda, CL-STA-1062 + Silent Lynx + APT-C-35 + APT38). A ransomware operator rotated a full multi-pivot kill chain in 7 days (DragonForce). Direct-messaging platforms weaponised as initial-access surface (WhatsApp VBScript Campaign, 61 IOCs, tight 202.61.160.0/24 subnet anchor). Five concurrent supply-chain campaigns against the developer ecosystem (GhostShell, Miasma, Malicious npm Package, Operation FlutterBridge, Chrome ad-blocker extension cluster). A new RAT family arrived (ModeloRAT, 39 IOCs, full footprint). Full MITRE ATT&CK mapping per cluster, subnet anchors, top 15 IOCs per indicator type, four production-ready Sigma rules.

HACKFORLAB Weekly Threat Advisory · June 15-21, 2026 · 55,480 indicator observations across 89 adversary clusters · radar showing intelligence graph with multi-pivot locked cluster · Rhysida-Interlock 219 IOCs, ClickFix 215 IOCs, JetBrains plugin supply chain attack, AI platform abuse, APT37 and UNC6508 active
0 23
Posted in Threat Intelligence

Weekly Threat Advisory: Cluster Analysis & Top IOCs, June 15 – 21, 2026

55,480 indicator observations across 89 adversary clusters this week. A ransomware operator rotated a full multi-pivot kill chain (Rhysida-Interlock, 219 indicators across 4 IOC types). Developer supply chain became this week’s preferred attack surface (15 typosquat code-editor plugins + 8 browser extensions + 6 marketing-CDN typosquats). AI platforms began appearing as adversary infrastructure (19 chat-share redirector domains + 39-indicator AI-generated lure campaign). Full MITRE ATT&CK mapping per cluster, subnet-clustering signals, top 15 IOCs per indicator type, and 4 production-ready Sigma rules.

HACKFORLAB Weekly Threat Advisory · June 8-14, 2026 · 76,205 indicator observations across 154 adversary clusters · radar showing intelligence graph with crosshair locked on featured cluster · DPRK 6x escalation, Velvet Ant APT, Tor anonymisation surge, Mirai wave, Clearfake, Formbook
0 29
Posted in Threat Intelligence

Weekly Threat Advisory: Top Cyber Adversaries, June 8 – 14, 2026

76,205 indicator observations across 154 adversary clusters. Tor anonymisation network surged to 17% of the catalogue, DPRK activity escalated six-fold, and the Velvet Ant network-appliance APT cluster reappeared. Full MITRE ATT&CK technique pressure, Sigma detection recipes, and platform-ready intelligence.

HACKFORLAB Weekly Threat Intelligence Advisory · June 1-7, 2026 · 55,729 indicator observations across 91 adversary clusters · radar showing intelligence graph with crosshair locked on featured cluster · Silent Ransom, DPRK, VShell, Mirai infrastructure flood, AdaptixC2, VerdantBamboo
0 41
Posted in Threat Intelligence

Weekly Threat Advisory: Top Cyber Adversaries, June 1 – 7, 2026

55,729 indicator observations across 91 adversary clusters this week — featuring Silent Ransom Group, DPRK-aligned activity, VShell, and a Mirai-class IoT seeder wave. Trend analysis, severity breakdown, detection recipes, and the platform to query it all.