Supply-chain attacks take aim at your AI coding agents
Attackers too are looking to cash in on the AI coding craze, adapting their supply-chain techniques to target coding agents themselves. Many AI agents autono...
TTPs
20 articles
Email threat landscape: Q1 2026 trends and insights
In early 2026, email threats increased with a rise in credential phishing, QR code phishing, and CAPTCHA-gated campaigns, highlighted by Microsoft’s disrupti...
ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories
The internet is noisy this week. We are seeing some wild new tactics, like people using fake cell towers to send scam texts, while some developers are accide...
Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks
In February 2026, researchers uncovered a shift that completely changed the game: threat actors are now using custom AI setups to automate attacks directly i...
Extending Ruzzy with LibAFL
LibAFL is all the rage in the fuzzing community these days, especially with LLVM’s libFuzzer being placed in maintenance mode. Written in Rust, LibAFL claims...
MacOS Native Tools Enable Stealthy Enterprise Attacks
macOS LOTL techniques bypass detection using native tools and metadata abuse
Formbook Malware Campaign Uses Multiple Obfuscation Techniques to Avoid Detection
Formbook attacks use combination of DLL Side-Loading and Obfuscated JavaScript to stay hidden, researchers at WatchGuard have uncovered
ClickFix Phishing Campaign Masquerading as a Claude Installer
Overview It is no secret that phishing campaigns utilizing various ClickFix techniques have been a commonly used method of social engineering. One of the mai...
Malicious Chrome Extensions Campaign Exposes User Data
108 malicious Chrome extensions steal sessions, Google data, inject ads via single C2 infrastructure
STX RAT Targets Finance Sector With Advanced Stealth Tactics
STX RAT, a newly identified remote access trojan, attempted deployment in finance, showing advanced C2 and stealthy delivery methods
A framework for securely collecting forensic artifacts into S3 buckets
When customers experience a security incident, they need to acquire forensic artifacts to identify root cause, extract indicators of compromise (IoCs), and v...
GitHub Used as Covert Channel in Multi-Stage Malware Campaign
LNK files use GitHub C2, embedded decoders and PowerShell for persistence and data exfiltration
DPRK-Related Campaigns with LNK and GitHub C2
Analysis of DPRK-linked LNK-based attacks using GitHub as covert C2 infrastructure, detailing multi-stage PowerShell execution, persistence mechanisms, and d...
EtherRAT Techniques Bypass Security Via Ethereum Smart Contracts
EtherRAT hides C2 in Ethereum smart contracts via EtherHiding, steals wallets and credentials
Tycoon2FA Phishing Service Resumes Activity Post-Takedown
Tycoon2FA phishing platform resumes activity post-takedown, leveraging AITM techniques to bypass MFA
M-Trends 2026: Data, Insights, and Strategies From the Frontlines
Every year, the cyber threat landscape forces defenders to adapt to evolving adversary tactics, techniques, and procedures (TTPs). In 2025, Mandiant observed...
Aeternum Botnet Shifts Command Control to Polygon Blockchain
New botnet Aeternum shifted C2 operations to Polygon blockchain, complicating takedown efforts
Using threat modeling and prompt injection to audit Comet
Before launching their Comet browser, Perplexity hired us to test the security of their AI-powered browsing features. Using adversarial testing guided by our...
Top 10 web hacking techniques of 2025
Welcome to the Top 10 Web Hacking Techniques of 2025, the 19th edition of our annual community-powered effort to identify the most innovative must-read web s...
Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft
Introduction Mandiant has identified an expansion in threat activity that uses tactics, techniques, and procedures (TTPs) consistent with prior ShinyHunters-...