THREAT_INTEL

The Night the Data Centers Went Dark

Full intelligence assessment of the March 2026 Iran–Israel cloud-kinetic conflict. Drone strikes on AWS UAE & Bahrain, a 5.2 Tbps DDoS campaign, Shamoon 4.0 wipers, Dindoor backdoors, and $400M+ in Gulf economic damage — synthesized with IOCs, threat actor profiles, and a 15-point defender playbook.

Handala HackMuddyWaterAPT33APT34Shamoon 4.0DindoorAWS me-central-1Cloud War

Read Full Intelligence Report

Latest Edition

EDITION #052026-05-19

Threat Intel Weekly #20 — Week ending 19 May 2026

This week's digest covers 8 critical and 6 high-severity CVEs published between 2026-05-12 and 2026-05-19, plus 2 new CISA Known Exploited Vulnerabilities. Add your summary here.

CVEWordPressRCECISA-KEVActive Exploitation

Read Full Digest

Previous Editions

#042026-03-19

DarkSword iPhone Spyware Exposed. Russia-Linked Group Weaponized Ukrainian Websites to Silently Compromise 220 Million Vulnerable Devices

A full-chain iOS exploit called DarkSword has been silently compromising iPhones since November 2025, deployed through watering hole attacks on Ukrainian news and government websites by the Russia-linked group UNC6353. The exploit chains six zero-day vulnerabilities to achieve kernel privileges and deploys three malware families that steal everything from crypto wallets to iCloud data before self-destructing within minutes. An estimated 220 million iPhones running iOS 18.4 through 18.7 were in the blast radius.

DarkSwordiOS-exploitzero-clickwatering-hole

#032026-03-17

Threat Intel Weekly #11 — Week ending 17 Mar 2026

This week: two Chrome zero-days (EPSS 27% — top 1% globally) with an incomplete initial patch, a CVSS 9.9 n8n sandbox escape exploited by MuddyWater and Zerobot v9 botnet hitting 24,700+ exposed instances, a WordPress LMS OAuth bypass hit 300 times in 24h, unauthenticated Modbus RCE on energy meters, and a CVSS 10.0 pre-auth n8n companion CVE you may have missed.

CVEWordPressMicrosoftSAP

#022026-03-08

Threat Intel Weekly #09 — Week ending 08 Mar 2026

This week's digest covers 14 CVEs published between 2026-03-01 and 2026-03-08, including a critical unauthenticated RCE in IDExpert MFA Agent, a zero-day in DB-GPT, phar deserialization in Chamilo LMS, and 7 new CISA KEV additions spanning VMware Aria Operations, Qualcomm chipsets, Rockwell Logix, and Hikvision cameras.

CVERCESQL-InjectionBuffer-Overflow

#012026-02-24

Threat Intel Weekly #08 — Week ending 24 Feb 2026

This week's digest covers 8 critical and 6 high-severity CVEs published between 2026-02-17 and 2026-02-24, plus 8 new CISA Known Exploited Vulnerabilities. Add your summary here.

CVELinuxWordPressWindows

Stay current on active threats

New intel reports on active threats, CVEs, and emerging attack vectors — curated by 4nuxd.

Get in touch