Threat Research

    Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities

    Pawn Storm, a Russia-aligned APT group, is targeting Ukraine’s defense supply chain and allied nations. It deploys PRISMEX, a modular malware suite using steganography, COM hijacking, and cloud-based C2. The group exploited multiple flaws, including a Windows zero-day (CVE-2026-21513). Malicious .lnk files via CVE-2026-21509 may chain with CVE-2026-21513, per Akamai findings....
    3/26/2026  0
    Read More »

    The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors

    DarkSword is a sophisticated iOS full-chain exploit leveraging multiple zero-day vulnerabilities to fully compromise devices running iOS 18.4 to 18.7. Since late 2025, it has been used by commercial surveillance vendors and state-sponsored actors across campaigns targeting regions including Saudi Arabia, Turkey, Malaysia, and Ukraine....
    3/19/2026  0
    Read More »

    Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit

    The Coruna exploit kit is a sophisticated toolkit targeting Apple iPhones running iOS 13.0 through 17.2.1, containing five full exploit chains and 23 exploits, including zero-day exploits, that leverage advanced, non-public techniques to bypass iOS security protections....
    3/9/2026  0
    Read More »

    Critical Vulnerabilities in Ivanti EPMM Exploited

    Two critical zero-day vulnerabilities, CVE-2026-1281 and CVE-2026-1340, are impacting Ivanti Endpoint Manager Mobile (EPMM). They are actively exploited in the wild, targeting enterprise mobile fleets and corporate networks. The flaws allow unauthenticated remote code execution on affected servers....
    2/19/2026  0
    Read More »

    From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day

    During analysis of compromised Dell RecoverPoint for Virtual Machines systems, Identified BRICKSTORM binaries later replaced by GRIMBOLT in September 2025. GRIMBOLT is a C# foothold backdoor built with Native AOT compilation and packed using UPX....
    2/18/2026  0
    Read More »

    UAT-8837 Targets Critical Infrastructure Sectors in North America

    UAT-8837 is a China-nexus threat actor assessed with medium confidence to specialize in gaining initial access to high-value organizations, with a clear focus on critical infrastructure targets in North America since at least 2025....
    1/19/2026  0
    Read More »

    Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue

    Despite U.S. sanctions, Intellexa continues selling its Predator spyware and remains one of the most aggressive exploit operators, rapidly developing or acquiring mobile zero-days....
    12/5/2025  0
    Read More »

    BRONZE BUTLER Exploits Japanese Asset Management Software Vulnerability

    In mid-2025, researchers identified a sophisticated BRONZE BUTLER campaign that leveraged a zero-day vulnerability in Motex LANSCOPE Endpoint Manager to exfiltrate sensitive data....
    10/31/2025  0
    Read More »

    Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign

    Beginning in late September 2025, a threat actor linked to the CL0P extortion group launched a large-scale campaign targeting organizations using Oracle E-Business Suite (EBS)....
    10/10/2025  0
    Read More »

    Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors

    We are tracking BRICKSTORM malware, used to maintain long-term access to U.S. organizations. Since March 2025, Team Consulting has responded to intrusions in sectors like legal, SaaS, BPOs, and tech. The targets likely support zero-day development and serve as pivot points to broader victims....
    10/9/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.