Lazarus-linked activity using Medusa ransomware
Summary: Symantec links Lazarus tooling to Medusa RaaS extortion activity observed in the Middle East and against a U.S. healthcare target. 1. Executive Summary Broadcom/Symantec’s Threat Hunter Team reported North…
BLACK BASTA – Threat Actor Profile
Operational profile of the Black Basta ransomware ecosystem (2022–2026)Black Basta, BASTA, ransomware, RaaS, double extortion, UNC4393, Storm-1811, QakBot, DarkGate, Quick Assist, vishing, MITRE ATT&CK Executive overview Black Basta (also written…
FICOBA breach exposes data linked to 1.2 million French bank accounts
1. Executive Summary France’s Ministry of the Economy and Finance disclosed unauthorised access to FICOBA, the national registry of bank accounts, affecting data associated with approximately 1.2 million accounts. According…
Threat Actor Profile: APT42 (MITRE G1044)
1) Executive overview APT42 is an Iran-aligned cyber espionage and surveillance actor assessed by multiple vendors as state-sponsored. Mandiant assesses with high confidence that APT42 conducts information collection and surveillance…
Cyber Threats Facing UK Further and Higher Education
1. Executive Summary UK further education (FE) colleges and higher education (HE) institutions face a persistently high-volume threat environment driven by phishing, account compromise, ransomware/extortion, and periodic surges in denial-of-service…
Peaklight malware: Stealthy memory-resident delivery chain abusing LNK, mshta, CDN and WebDAV
Peaklight malware deep dive, peaklight, emmenhtal, in-memory malware, lnk, mshta, powershell, bunnycdn, webdav, cryptbot, lumma, shadowladder, hijackloader, threat hunting, incident response, mitre att&ck 1. Executive Summary Peaklight (also tracked as…
Payload Ransomware: Early Profile
Tags: Payload ransomware, data broker extortion, double extortion, Tor leak site, ESXi ransomware, RECOVERY-xx0001.txt, IOCs, incident response Published: 21 February 2026 (Europe/London) 1. Executive Summary Payload is an emerging ransomware…
APT33 – Threat Actor Profile
APT33, Elfin, Peach Sandstorm, HOLMIUM, Refined Kitten, Iran, aerospace, energy, petrochemical, spearphishing, password spraying, Outlook Home Page, Ruler, TurnedUp, DropShot, ShapeShift, StoneDrill 1. Executive Summary APT33 is a suspected Iranian…
BeyondTrust CVE-2026-1731: Pre-auth RCE escalates from rapid scanning to ransomware-linked intrusions
CISA has now flagged CVE-2026-1731—a critical, pre-authentication remote code execution flaw in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) as being used in ransomware campaigns, signalling that exploitation…
Ivanti EPMM Pre-Auth RCE (CVE-2026-1281) Under Active Exploitation
Ivanti Endpoint Manager Mobile (EPMM) sits in a uniquely privileged position: it manages device enrollment, policy enforcement, and app/content distribution across entire mobile fleets. When an internet-facing EPMM server is…