AlphaHunt
@alphahunt.io
Your CTI Flight Crew — Anticipate, Don’t Chase.
alphahunt.io
by csirtgadgets.com
#AskYourTIP #AlphaHunt #ThreatIntel
@csirtgadgets.bsky.social
linkedin.com/company/csirtg
https://www.linkedin.com/in/wesyoung/
x.com/alphahunt_io
x.com/csirtgadgets
alphahunt.io
by csirtgadgets.com
#AskYourTIP #AlphaHunt #ThreatIntel
@csirtgadgets.bsky.social
linkedin.com/company/csirtg
https://www.linkedin.com/in/wesyoung/
x.com/alphahunt_io
x.com/csirtgadgets
Pinned
AlphaHunt
@alphahunt.io
· 28d
Trad-threat-intel is still writing yesterday’s report — we're already placed bets on tomorrow’s breach.
Check out the future of cyber- blog.alphahunt.io/tag/forecasts/
#AlphaHunt #ThreatIntelligence #CyberSecurity #Forecasting
Check out the future of cyber- blog.alphahunt.io/tag/forecasts/
#AlphaHunt #ThreatIntelligence #CyberSecurity #Forecasting
Kill the grid, keep the grift: Thailand flips the switch, scammers plug in generators + Starlink. 2.5k terminals go dark, the mills slide south. We map the choke points. 🛰️🔥
Skim it, then subscribe for the next move -> blog.alphahunt.io/kill-the-lig...
#AlphaHunt #CyberSecurity #Starlink #Myanmar
Skim it, then subscribe for the next move -> blog.alphahunt.io/kill-the-lig...
#AlphaHunt #CyberSecurity #Starlink #Myanmar
Kill the Lights, Fire Up Starlink: Scam Compounds Slide South
Thailand pulled the plug. The grift brought generators + Starlink. Shift north→south (Shwe Kokko/Myawaddy; Tachileik/Mae Sai). Squeeze OTC cash-outs + first-funding friction, or watch it respawn.
blog.alphahunt.io
November 10, 2025 at 10:45 PM
Kill the grid, keep the grift: Thailand flips the switch, scammers plug in generators + Starlink. 2.5k terminals go dark, the mills slide south. We map the choke points. 🛰️🔥
Skim it, then subscribe for the next move -> blog.alphahunt.io/kill-the-lig...
#AlphaHunt #CyberSecurity #Starlink #Myanmar
Skim it, then subscribe for the next move -> blog.alphahunt.io/kill-the-lig...
#AlphaHunt #CyberSecurity #Starlink #Myanmar
LE vs Cl0p: 20% odds their leak sites go dark by Apr 22, 2026—needs a real seizure banner or 14 days offline. Cronos/LockBit show the play; mirrors = Hydra. 🚨🕳️
Want the next move before the banner drops? Subscribe.
blog.alphahunt.io/cl0ps-leak-s...
#AlphaHunt #CyberSecurity #Ransomware #Infosec
Want the next move before the banner drops? Subscribe.
blog.alphahunt.io/cl0ps-leak-s...
#AlphaHunt #CyberSecurity #Ransomware #Infosec
Cl0p’s Leak Sites: 20% Chance They Go Dark by Apr 22, 2026
Forecast: 20% chance Cl0p’s leak sites go dark by Apr 22, 2026. Needs a seizure banner or ≥14 days down w/ LE attribution. Cronos showed it’s doable; mirrors make it brutal.
blog.alphahunt.io
November 10, 2025 at 2:03 PM
LE vs Cl0p: 20% odds their leak sites go dark by Apr 22, 2026—needs a real seizure banner or 14 days offline. Cronos/LockBit show the play; mirrors = Hydra. 🚨🕳️
Want the next move before the banner drops? Subscribe.
blog.alphahunt.io/cl0ps-leak-s...
#AlphaHunt #CyberSecurity #Ransomware #Infosec
Want the next move before the banner drops? Subscribe.
blog.alphahunt.io/cl0ps-leak-s...
#AlphaHunt #CyberSecurity #Ransomware #Infosec
COLDRIVER’s customer service: press 🤖 to “ClickFix” your life. From LOSTKEYS→ROBOT and WhatsApp/Signal linked-device abuse, we’re at 75% on a new family or access vector within 12 months. 😈
#AlphaHunt #CyberSecurity #APT #ThreatIntel
#AlphaHunt #CyberSecurity #APT #ThreatIntel
November 9, 2025 at 8:46 PM
COLDRIVER’s customer service: press 🤖 to “ClickFix” your life. From LOSTKEYS→ROBOT and WhatsApp/Signal linked-device abuse, we’re at 75% on a new family or access vector within 12 months. 😈
#AlphaHunt #CyberSecurity #APT #ThreatIntel
#AlphaHunt #CyberSecurity #APT #ThreatIntel
Storm-2657 treated Workday like a warm-up lap. We’re at 62% odds they hit another payroll stack next—AiTM + flimsy MFA scales better than grace. 🔒 Paydoors aren’t pretty if they’re open. Read the forecast. 🧾
#AlphaHunt #CyberSecurity #Workday #BEC
#AlphaHunt #CyberSecurity #Workday #BEC
November 9, 2025 at 4:28 PM
Storm-2657 treated Workday like a warm-up lap. We’re at 62% odds they hit another payroll stack next—AiTM + flimsy MFA scales better than grace. 🔒 Paydoors aren’t pretty if they’re open. Read the forecast. 🧾
#AlphaHunt #CyberSecurity #Workday #BEC
#AlphaHunt #CyberSecurity #Workday #BEC
CL0P moved in rent‑free—inside Oracle EBS memory. No locker, just loot now; extortion emails later via “pubstorm.” Patch CVE‑2025‑61882, choke egress, and watch for “TLSv3.1” beacons. 🔒
#AlphaHunt #CyberSecurity #Ransomware #OracleEBS
#AlphaHunt #CyberSecurity #Ransomware #OracleEBS
November 8, 2025 at 8:51 PM
CL0P moved in rent‑free—inside Oracle EBS memory. No locker, just loot now; extortion emails later via “pubstorm.” Patch CVE‑2025‑61882, choke egress, and watch for “TLSv3.1” beacons. 🔒
#AlphaHunt #CyberSecurity #Ransomware #OracleEBS
#AlphaHunt #CyberSecurity #Ransomware #OracleEBS
TA558 didn’t go loud—they went pro. Macros are out; HTML smuggling + LNK/DLL sideloads piping DarkGate into LATAM travel nets. Book a room, get a RAT. 🐀
Stay sharp—subscribe for the full brief.
👉 blog.alphahunt.io/ta558-2026-t...
#AlphaHunt #CyberSecurity #Phishing #ThreatIntel
Stay sharp—subscribe for the full brief.
👉 blog.alphahunt.io/ta558-2026-t...
#AlphaHunt #CyberSecurity #Phishing #ThreatIntel
TA558 2026: The Quiet Upgrade
Which scenario will best describe TA558’s (aka RevengeHotels) evolution by June 30, 2026?
blog.alphahunt.io
November 8, 2025 at 4:17 PM
TA558 didn’t go loud—they went pro. Macros are out; HTML smuggling + LNK/DLL sideloads piping DarkGate into LATAM travel nets. Book a room, get a RAT. 🐀
Stay sharp—subscribe for the full brief.
👉 blog.alphahunt.io/ta558-2026-t...
#AlphaHunt #CyberSecurity #Phishing #ThreatIntel
Stay sharp—subscribe for the full brief.
👉 blog.alphahunt.io/ta558-2026-t...
#AlphaHunt #CyberSecurity #Phishing #ThreatIntel
Edge boxes = no EDR. UNC5221 feasts. 55% odds of a new edge 0‑day by Dec 31.
🔥 Subscribe for sharper forecasts—before the boom.
blog.alphahunt.io/by-dec-31-20...
#AlphaHunt #CyberSecurity #ZeroDay #APT
🔥 Subscribe for sharper forecasts—before the boom.
blog.alphahunt.io/by-dec-31-20...
#AlphaHunt #CyberSecurity #ZeroDay #APT
By Dec 31, 2025, will UNC5221 be publicly linked to exploiting at least one new zero-day?
Question: By Dec 31, 2025, will UNC5221 be publicly linked to exploiting at least one new zero-day in a non-Ivanti edge platform (e.g., VMware vCenter/ESXi, Citrix NetScaler, F5, Palo Alto, Fortinet)?
blog.alphahunt.io
November 7, 2025 at 10:25 PM
Edge boxes = no EDR. UNC5221 feasts. 55% odds of a new edge 0‑day by Dec 31.
🔥 Subscribe for sharper forecasts—before the boom.
blog.alphahunt.io/by-dec-31-20...
#AlphaHunt #CyberSecurity #ZeroDay #APT
🔥 Subscribe for sharper forecasts—before the boom.
blog.alphahunt.io/by-dec-31-20...
#AlphaHunt #CyberSecurity #ZeroDay #APT
Modular C2 is eating 2026: Sliver/Mythic, QUIC/DoH, Graph/SharePoint cover. Serverless pop‑ups, APT≈cybercrime. 🕵️
Get the edge—subscribe for weekly threat alpha. -> blog.alphahunt.io/modular-c2-f...
#AlphaHunt #CyberSecurity #InfoSec #Ransomware
Get the edge—subscribe for weekly threat alpha. -> blog.alphahunt.io/modular-c2-f...
#AlphaHunt #CyberSecurity #InfoSec #Ransomware
Modular C2 Frameworks Quietly Redefine Threat Operations for 2025–2026
Attackers are rapidly shifting to modular, cloud-integrated C2 frameworks—Sliver, Havoc, Mythic, Brute Ratel C4, and Cobalt Strike—blurring lines between APT and cybercrime. These tools’ stealth,…
blog.alphahunt.io
November 7, 2025 at 2:06 PM
Modular C2 is eating 2026: Sliver/Mythic, QUIC/DoH, Graph/SharePoint cover. Serverless pop‑ups, APT≈cybercrime. 🕵️
Get the edge—subscribe for weekly threat alpha. -> blog.alphahunt.io/modular-c2-f...
#AlphaHunt #CyberSecurity #InfoSec #Ransomware
Get the edge—subscribe for weekly threat alpha. -> blog.alphahunt.io/modular-c2-f...
#AlphaHunt #CyberSecurity #InfoSec #Ransomware
TA558 hid commodity malware in “pretty pictures” and went trawling across oil, gas, and maritime. Stego isn’t cute—it’s critical infra foreplay. 🚢🖼️ Get the receipts.
Read more + subscribe -> blog.alphahunt.io/steganoamor-...
#AlphaHunt #CyberSecurity #CriticalInfrastructure #MaritimeSecurity
Read more + subscribe -> blog.alphahunt.io/steganoamor-...
#AlphaHunt #CyberSecurity #CriticalInfrastructure #MaritimeSecurity
SteganoAmor: TA558’s image-hidden malware targets oil, gas & maritime
TA558’s “SteganoAmor” campaign leverages steganography to deliver commodity malware across oil, gas, maritime, and industrial targets. The group’s use of image-embedded payloads and compromised…
blog.alphahunt.io
November 6, 2025 at 10:03 PM
TA558 hid commodity malware in “pretty pictures” and went trawling across oil, gas, and maritime. Stego isn’t cute—it’s critical infra foreplay. 🚢🖼️ Get the receipts.
Read more + subscribe -> blog.alphahunt.io/steganoamor-...
#AlphaHunt #CyberSecurity #CriticalInfrastructure #MaritimeSecurity
Read more + subscribe -> blog.alphahunt.io/steganoamor-...
#AlphaHunt #CyberSecurity #CriticalInfrastructure #MaritimeSecurity
29% that RedNovember uses a real 0-day in 2026. PoC-first N-days stay the mode, but Ivanti/Cisco edge drama says “don’t sleep.”
Read the forecast ↓ 🔥🛰️
blog.alphahunt.io/will-rednove...
#AlphaHunt #ZeroDay #ThreatIntel #China
Read the forecast ↓ 🔥🛰️
blog.alphahunt.io/will-rednove...
#AlphaHunt #ZeroDay #ThreatIntel #China
November 6, 2025 at 2:09 PM
29% that RedNovember uses a real 0-day in 2026. PoC-first N-days stay the mode, but Ivanti/Cisco edge drama says “don’t sleep.”
Read the forecast ↓ 🔥🛰️
blog.alphahunt.io/will-rednove...
#AlphaHunt #ZeroDay #ThreatIntel #China
Read the forecast ↓ 🔥🛰️
blog.alphahunt.io/will-rednove...
#AlphaHunt #ZeroDay #ThreatIntel #China
PoisonSeed: “update now,” empty wallet later. Supply-chain phish harvests seed phrases and breezes past MFA like it’s a suggestion. 🔒🧪
Read more and subscribe before the next “update.”
blog.alphahunt.io/poisonseed-s...
#AlphaHunt #CyberSecurity #Phishing #Web3
Read more and subscribe before the next “update.”
blog.alphahunt.io/poisonseed-s...
#AlphaHunt #CyberSecurity #Phishing #Web3
PoisonSeed: supply-chain phish, seed-phrase theft, MFA bypass
If your bulk email or CRM gets popped, PoisonSeed rides your good reputation straight past filters and users’ instincts. Here’s the fast path to detect and blunt it—without boiling the ocean.
blog.alphahunt.io
November 5, 2025 at 10:16 PM
PoisonSeed: “update now,” empty wallet later. Supply-chain phish harvests seed phrases and breezes past MFA like it’s a suggestion. 🔒🧪
Read more and subscribe before the next “update.”
blog.alphahunt.io/poisonseed-s...
#AlphaHunt #CyberSecurity #Phishing #Web3
Read more and subscribe before the next “update.”
blog.alphahunt.io/poisonseed-s...
#AlphaHunt #CyberSecurity #Phishing #Web3
SIGNALS WEEKLY:
A Windows .LNK just became an actual door key. #UNC6384 → PlugX at EU diplomats. CISA drops 2 new KEV vulns (CentreStack/Triofox & CWP) + 5 ICS advisories. Patch what you can, isolate what you can’t. 🗝️🚨
Read → blog.alphahunt.io/signals-week...
#AlphaHunt #Infosec #BlueTeam
A Windows .LNK just became an actual door key. #UNC6384 → PlugX at EU diplomats. CISA drops 2 new KEV vulns (CentreStack/Triofox & CWP) + 5 ICS advisories. Patch what you can, isolate what you can’t. 🗝️🚨
Read → blog.alphahunt.io/signals-week...
#AlphaHunt #Infosec #BlueTeam
November 5, 2025 at 3:01 PM
SIGNALS WEEKLY:
A Windows .LNK just became an actual door key. #UNC6384 → PlugX at EU diplomats. CISA drops 2 new KEV vulns (CentreStack/Triofox & CWP) + 5 ICS advisories. Patch what you can, isolate what you can’t. 🗝️🚨
Read → blog.alphahunt.io/signals-week...
#AlphaHunt #Infosec #BlueTeam
A Windows .LNK just became an actual door key. #UNC6384 → PlugX at EU diplomats. CISA drops 2 new KEV vulns (CentreStack/Triofox & CWP) + 5 ICS advisories. Patch what you can, isolate what you can’t. 🗝️🚨
Read → blog.alphahunt.io/signals-week...
#AlphaHunt #Infosec #BlueTeam
Space is hard. Popping your ground creds is easier. GNSS jamming + S3 smash-and-grabs are the new normal. 🚀🛑 Skim now—subscribe if it saves you a pager.
blog.alphahunt.io/space-iot-un...
#AlphaHunt #CyberSecurity #Starlink
blog.alphahunt.io/space-iot-un...
#AlphaHunt #CyberSecurity #Starlink
Space IoT: Under Siege.
If your organization consumes satellite data, runs VSATs (very small aperture terminals), or depends on vendors who do—you’re in scope. Since 2020, attackers have shifted from “space” to the easier…
blog.alphahunt.io
November 5, 2025 at 2:57 PM
Space is hard. Popping your ground creds is easier. GNSS jamming + S3 smash-and-grabs are the new normal. 🚀🛑 Skim now—subscribe if it saves you a pager.
blog.alphahunt.io/space-iot-un...
#AlphaHunt #CyberSecurity #Starlink
blog.alphahunt.io/space-iot-un...
#AlphaHunt #CyberSecurity #Starlink
OAuth is the new skeleton key: Russian APTs consent-grab, RDP-phish, and shrug off takedowns. 🔐🇷🇺 Get the playbook—and a risk edge—before they log in as you.
Read more + subscribe -> blog.alphahunt.io/russian-apts...
#AlphaHunt #CyberSecurity #APT29 #OAuth
Read more + subscribe -> blog.alphahunt.io/russian-apts...
#AlphaHunt #CyberSecurity #APT29 #OAuth
Russian APTs: OAuth Abuse, RDP Phish, and Takedowns
Russia-linked actors leaned hard on OAuth device codes and RDP phishing from Oct 2024–Aug 2025. Providers pushed back in concert. Here’s what changed, what to watch in your logs, and the quickest…
blog.alphahunt.io
November 4, 2025 at 10:06 PM
OAuth is the new skeleton key: Russian APTs consent-grab, RDP-phish, and shrug off takedowns. 🔐🇷🇺 Get the playbook—and a risk edge—before they log in as you.
Read more + subscribe -> blog.alphahunt.io/russian-apts...
#AlphaHunt #CyberSecurity #APT29 #OAuth
Read more + subscribe -> blog.alphahunt.io/russian-apts...
#AlphaHunt #CyberSecurity #APT29 #OAuth
UNC5221’s Q4 playbook: live on the edge, ship a zero-day, let attribution lag do the rest. We’ve got it at 32% before 12/31. Betting line or blind spot? 🧮🔎
Read → blog.alphahunt.io/will-unc5221...
#AlphaHunt #ZeroDay #UNC5221
Read → blog.alphahunt.io/will-unc5221...
#AlphaHunt #ZeroDay #UNC5221
November 4, 2025 at 2:17 PM
UNC5221’s Q4 playbook: live on the edge, ship a zero-day, let attribution lag do the rest. We’ve got it at 32% before 12/31. Betting line or blind spot? 🧮🔎
Read → blog.alphahunt.io/will-unc5221...
#AlphaHunt #ZeroDay #UNC5221
Read → blog.alphahunt.io/will-unc5221...
#AlphaHunt #ZeroDay #UNC5221
COLDRIVER speed-ran from ClickFix ROBOTs to WhatsApp/Signal linked-device hijacks. Odds they stop? 0%. We peg 75% they ship a new family or access vector next. Sleep tight. 🙃🔒
Read the forecast—then subscribe for the next hit -> blog.alphahunt.io/coldrivers-n...
#AlphaHunt #CyberSecurity #InfoSec
Read the forecast—then subscribe for the next hit -> blog.alphahunt.io/coldrivers-n...
#AlphaHunt #CyberSecurity #InfoSec
COLDRIVER’s Next Move
COLDRIVER went from LOSTKEYS to a full “ROBOT” chain and ClickFix tricks—then started poking linked-device flows. We put 75% on a truly new family or access vector within 12 months.
blog.alphahunt.io
November 3, 2025 at 10:45 PM
COLDRIVER speed-ran from ClickFix ROBOTs to WhatsApp/Signal linked-device hijacks. Odds they stop? 0%. We peg 75% they ship a new family or access vector next. Sleep tight. 🙃🔒
Read the forecast—then subscribe for the next hit -> blog.alphahunt.io/coldrivers-n...
#AlphaHunt #CyberSecurity #InfoSec
Read the forecast—then subscribe for the next hit -> blog.alphahunt.io/coldrivers-n...
#AlphaHunt #CyberSecurity #InfoSec
Storm-2657 didn’t stop at Workday—it paid the toll and kept driving. 62% odds the next payroll stack gets hit. Got phishing‑resistant MFA, or just vibes? 🔐🧯
Skim the forecast and subscribe for the next move. -> blog.alphahunt.io/storm-2657-w...
#AlphaHunt #CyberSecurity #Workday #BEC
Skim the forecast and subscribe for the next move. -> blog.alphahunt.io/storm-2657-w...
#AlphaHunt #CyberSecurity #Workday #BEC
Storm-2657 Watch: Does Workday mark the start — or just the first stop?
Workday was the first stop, not the destination. We’re at 62% odds it hits another payroll stack by 2026-04-17. Harden all the paydoors, not just the pretty one.
blog.alphahunt.io
November 3, 2025 at 2:04 PM
Storm-2657 didn’t stop at Workday—it paid the toll and kept driving. 62% odds the next payroll stack gets hit. Got phishing‑resistant MFA, or just vibes? 🔐🧯
Skim the forecast and subscribe for the next move. -> blog.alphahunt.io/storm-2657-w...
#AlphaHunt #CyberSecurity #Workday #BEC
Skim the forecast and subscribe for the next move. -> blog.alphahunt.io/storm-2657-w...
#AlphaHunt #CyberSecurity #Workday #BEC
CL0P went full ghost: in‑memory Java on Oracle EBS—data now, invoice later. Patch CVE‑2025‑61882; hunt TemplatePreviewPG + TLSv3.1. 🔥🕵️
blog.alphahunt.io/cl0p-fin11-g...
#AlphaHunt #CyberSecurity #Ransomware #Oracle
blog.alphahunt.io/cl0p-fin11-g...
#AlphaHunt #CyberSecurity #Ransomware #Oracle
CL0P/FIN11 Go In-Memory on Oracle EBS — The Extortion Comes Later
Oracle EBS got in-memory Java loaders, not lockerware. Patch CVE-2025-61882, lock egress, hunt TemplatePreviewPG with TMP|DEF + XSL-TEXT|XML. Extortion rides in via “pubstorm.”
blog.alphahunt.io
November 2, 2025 at 8:46 PM
CL0P went full ghost: in‑memory Java on Oracle EBS—data now, invoice later. Patch CVE‑2025‑61882; hunt TemplatePreviewPG + TLSv3.1. 🔥🕵️
blog.alphahunt.io/cl0p-fin11-g...
#AlphaHunt #CyberSecurity #Ransomware #Oracle
blog.alphahunt.io/cl0p-fin11-g...
#AlphaHunt #CyberSecurity #Ransomware #Oracle
TA558 didn’t pivot—just hit Do Not Disturb on your EDR. LLM loaders, JS/VBS→PowerShell, stego, ngroked RATs; expansion only if NA/EU pops twice. 🔒🕵️♂️
Read the 2026 forecast and subscribe -> blog.alphahunt.io/ta558-2026-t...
#AlphaHunt #CyberSecurity #ThreatIntel #TA558
Read the 2026 forecast and subscribe -> blog.alphahunt.io/ta558-2026-t...
#AlphaHunt #CyberSecurity #ThreatIntel #TA558
TA558 2026: The Quiet Upgrade
Which scenario will best describe TA558’s (aka RevengeHotels) evolution by June 30, 2026?
blog.alphahunt.io
November 2, 2025 at 4:28 PM
TA558 didn’t pivot—just hit Do Not Disturb on your EDR. LLM loaders, JS/VBS→PowerShell, stego, ngroked RATs; expansion only if NA/EU pops twice. 🔒🕵️♂️
Read the 2026 forecast and subscribe -> blog.alphahunt.io/ta558-2026-t...
#AlphaHunt #CyberSecurity #ThreatIntel #TA558
Read the 2026 forecast and subscribe -> blog.alphahunt.io/ta558-2026-t...
#AlphaHunt #CyberSecurity #ThreatIntel #TA558
Oracle EBS 0-day (CVE-2025-61882): OOB patch, now KEV, and your exec inbox is a ransom fan club. We’re at 76% a primary source names it the door-in by 12/31. Patch or pray. 🔥🧨
Front-run the breach—read, then subscribe.
blog.alphahunt.io/by-dec-31-20...
#AlphaHunt #CyberSecurity #CISA #Oracle
Front-run the breach—read, then subscribe.
blog.alphahunt.io/by-dec-31-20...
#AlphaHunt #CyberSecurity #CISA #Oracle
By Dec 31, 2025, will a reputable primary source (Oracle, CISA, Mandiant/MSTIC, affected org’s SEC 8-K/IR blog) confirm at least one breach where CVE-2025-61882 was the initial access vector?
Oracle EBS zero-day (CVE-2025-61882): OOB patch, KEV-listed, exec extortion emails flying. We’re at 76% that a primary source names it as initial access by 12/31. Raise or fade? 🧨🧭
blog.alphahunt.io
November 1, 2025 at 7:51 PM
Oracle EBS 0-day (CVE-2025-61882): OOB patch, now KEV, and your exec inbox is a ransom fan club. We’re at 76% a primary source names it the door-in by 12/31. Patch or pray. 🔥🧨
Front-run the breach—read, then subscribe.
blog.alphahunt.io/by-dec-31-20...
#AlphaHunt #CyberSecurity #CISA #Oracle
Front-run the breach—read, then subscribe.
blog.alphahunt.io/by-dec-31-20...
#AlphaHunt #CyberSecurity #CISA #Oracle
RedNovember: N‑days now, 30% odds of a 0‑day in 2026. Plan left of boom. 🔥 blog.alphahunt.io/will-rednove...
#AlphaHunt #CyberSecurity #ZeroDay
#AlphaHunt #CyberSecurity #ZeroDay
Will RedNovember be publicly reported to exploit at least one zero-day vulnerability in 2026?
RedNovember likely stays fast-follow on edge devices using N-days and public PoCs, not 0-days. China-nexus peers show willingness to burn edge 0-days, so a pivot is plausible but not base case...
blog.alphahunt.io
November 1, 2025 at 3:17 PM
RedNovember: N‑days now, 30% odds of a 0‑day in 2026. Plan left of boom. 🔥 blog.alphahunt.io/will-rednove...
#AlphaHunt #CyberSecurity #ZeroDay
#AlphaHunt #CyberSecurity #ZeroDay
UNC5221 odds: post‑Ivanti and fresh 0‑days, I’m pricing Dec 31 like a weekly. Edge boxes = punching bag. 🔧🎯
Subscribe to front‑run the next 0‑day—read more and join us.
blog.alphahunt.io/by-dec-31-20...
#AlphaHunt #CyberSecurity #ZeroDay #Ivanti
Subscribe to front‑run the next 0‑day—read more and join us.
blog.alphahunt.io/by-dec-31-20...
#AlphaHunt #CyberSecurity #ZeroDay #Ivanti
By Dec 31, 2025, will UNC5221 be publicly linked to exploiting at least one new zero-day?
Question: By Dec 31, 2025, will UNC5221 be publicly linked to exploiting at least one new zero-day in a non-Ivanti edge platform (e.g., VMware vCenter/ESXi, Citrix NetScaler, F5, Palo Alto, Fortinet)?
blog.alphahunt.io
October 31, 2025 at 9:25 PM
UNC5221 odds: post‑Ivanti and fresh 0‑days, I’m pricing Dec 31 like a weekly. Edge boxes = punching bag. 🔧🎯
Subscribe to front‑run the next 0‑day—read more and join us.
blog.alphahunt.io/by-dec-31-20...
#AlphaHunt #CyberSecurity #ZeroDay #Ivanti
Subscribe to front‑run the next 0‑day—read more and join us.
blog.alphahunt.io/by-dec-31-20...
#AlphaHunt #CyberSecurity #ZeroDay #Ivanti
Modular C2 is the APT Lego set: swap beacons, ride SaaS/CDNs, disappear on cue. Your SOC? Whack‑a‑mole. 🧩🕵️♂️ Read before 2026 hits.
Get the edge—subscribe for the full playbook.
blog.alphahunt.io/modular-c2-f...
#AlphaHunt #CyberSecurity #Ransomware #AI
Get the edge—subscribe for the full playbook.
blog.alphahunt.io/modular-c2-f...
#AlphaHunt #CyberSecurity #Ransomware #AI
Modular C2 Frameworks Quietly Redefine Threat Operations for 2025–2026
Attackers are rapidly shifting to modular, cloud-integrated C2 frameworks—Sliver, Havoc, Mythic, Brute Ratel C4, and Cobalt Strike—blurring lines between APT and cybercrime. These tools’ stealth,…
blog.alphahunt.io
October 31, 2025 at 1:06 PM
Modular C2 is the APT Lego set: swap beacons, ride SaaS/CDNs, disappear on cue. Your SOC? Whack‑a‑mole. 🧩🕵️♂️ Read before 2026 hits.
Get the edge—subscribe for the full playbook.
blog.alphahunt.io/modular-c2-f...
#AlphaHunt #CyberSecurity #Ransomware #AI
Get the edge—subscribe for the full playbook.
blog.alphahunt.io/modular-c2-f...
#AlphaHunt #CyberSecurity #Ransomware #AI
TA558 is stuffing malware into JPEGs—targeting oil, gas & ships. One click, man overboard. 🚢 Read: blog.alphahunt.io/steganoamor-... 🧨
#AlphaHunt #CyberSecurity #MaritimeSecurity
#AlphaHunt #CyberSecurity #MaritimeSecurity
SteganoAmor: TA558’s image-hidden malware targets oil, gas & maritime
TA558’s “SteganoAmor” campaign leverages steganography to deliver commodity malware across oil, gas, maritime, and industrial targets. The group’s use of image-embedded payloads and compromised…
blog.alphahunt.io
October 30, 2025 at 9:03 PM
TA558 is stuffing malware into JPEGs—targeting oil, gas & ships. One click, man overboard. 🚢 Read: blog.alphahunt.io/steganoamor-... 🧨
#AlphaHunt #CyberSecurity #MaritimeSecurity
#AlphaHunt #CyberSecurity #MaritimeSecurity
🔌🛰️💸 Thailand pulled the plug. The grift brought generators + Starlink. Shift north→south (Shwe Kokko/Myawaddy; Tachileik/Mae Sai).
Squeeze OTC cash-outs + first-funding friction, or watch it respawn. Read: blog.alphahunt.io/kill-the-lig...
#AlphaHunt #CyberSecurity #OSINT
Squeeze OTC cash-outs + first-funding friction, or watch it respawn. Read: blog.alphahunt.io/kill-the-lig...
#AlphaHunt #CyberSecurity #OSINT
Kill the Lights, Fire Up Starlink: Scam Compounds Slide South
Thailand pulled the plug. The grift brought generators + Starlink. Shift north→south (Shwe Kokko/Myawaddy; Tachileik/Mae Sai). Squeeze OTC cash-outs + first-funding friction, or watch it respawn.
blog.alphahunt.io
October 30, 2025 at 2:02 PM
🔌🛰️💸 Thailand pulled the plug. The grift brought generators + Starlink. Shift north→south (Shwe Kokko/Myawaddy; Tachileik/Mae Sai).
Squeeze OTC cash-outs + first-funding friction, or watch it respawn. Read: blog.alphahunt.io/kill-the-lig...
#AlphaHunt #CyberSecurity #OSINT
Squeeze OTC cash-outs + first-funding friction, or watch it respawn. Read: blog.alphahunt.io/kill-the-lig...
#AlphaHunt #CyberSecurity #OSINT