🎙️ New #ShadowTalk Episode: LockBit Resurgence? Predicting and Preventing Ransomware in 2026 🎙️ Ransomware is evolving, and LockBit 5.0’s return signals a new wave of threats. Is your organization prepared to combat the next generation of ransomware in 2026? This week, we

🔐 AI-powered pen-testing tools will help less-skilled attackers bypass traditional defenses. 📦 Supply-chain attacks on open-source maintainers will inject malware and steal credentials. 🇨🇳 China's IoT dominance will lead to backdoors in critical infrastructure for espionage

🚨 Top Initial Access Trends – November 2025 🚨 Attackers are still leaning hard on people + common gaps. Here’s what we’re seeing: 🔗 Spearphishing Links – Continues to lead the lead the way into environments 💾 Replication via Removable Media – infecting new systems when

🛡️ React2Shell: Rapid Exploitation by Nation-State and Ransomware Actors 🛡️ The critical React2Shell vulnerability (CVE-2025-55182) is being aggressively exploited by both advanced persistent threats (APTs) and ransomware groups like Weaxor. 📌 Key Exploitation Observations: 🚨

🎙️ New #ShadowTalk Episode: Holiday Season Cyber Defense—Strengthening Security Amid Seasonal Risks 🎙️ The holiday season is a prime time for cyberattacks—are you prepared to defend your organization against the increased risks? This week, we unpack the specific threats

🚨 Browser extensions are a serious but often overlooked cybersecurity risk, even for enterprises. ShadyPanda’s 7-year campaign infected 4.3M+ users by weaponizing trusted extensions like Clean Master to deploy RCE backdoors, hijack searches, and steal data. For organizations,

🚨 November 2025 Malware Trends: What You Need to Know 🚨 BaoLoader made up the majority of incidents this month, driven by malvertising and trojanized installers masquerading as popular utilities (e.g., fake PDF editors/OneStart). ClickFix remained active, while NetSupport RAT

🎙️ New #ShadowTalk Episode: React2Shell Exploits, CISA’s Brickstorm Warning, and more Join host John along with systems security engineer Corey and intelligence analyst Hayden as they discuss: ✅ How Chinese hackers are exploiting React2Shell ✅ CISA warns about Brickstorm

🎁 Shanya: The Packer-as-a-Service (PaaS) Fueling Ransomware Gangs 🎁 Ransomware operators like Akira, Medusa, and Qilin are turning to Shanya, a PaaS platform, to obfuscate payloads and evade detection. 📌 How It Works: • Custom encryption + junk code = undetectable malware.

🎙️ New #ShadowTalk Episode: Brickstorm Backdoor—China’s Silent VMware Threat 🎙️ This week, we dive into the details of the ongoing Brickstorm backdoor attacks, where Chinese state-sponsored actors target VMware vSphere environments. Here’s what we’ll cover: 🔍 How two

🚨 We’ve observed the Chinese APT group Silver Fox using "false flag" Cyrillic filenames and installers to disguise their latest SEO poisoning campaign. They are serving up weaponized Microsoft Teams installers (teamscn[.]com) that drop ValleyRAT via Binary Proxy Execution.

🚨 Update on Critical React Vulnerabilities ReliaQuest is actively tracking post-compromise exploitation attempts related to Next.js (CVE-2025-66478). CVE-2025-55182, the root vulnerability in the React Server Components protocol, has also been added to the CISA Catalog of Known

🎙️ New #ShadowTalk Episode: Scattered Lapsus$ Hunters, SilverFox's ValleyRat Campaign, and more. Join host John and intelligence analysts Alex and Hayden as they discuss: ✅ Scattered Lapsus$Hunters' Targeting Zendesk ✅ Microsoft Teams Guest Access Phishing Bypass ✅ Dark AI

🚨 Heads up: Critical React Vulnerability (CVE-2025-55182) 🚨 A major flaw in React Server Components (19.0–19.2.0) enables unauthenticated remote code execution (RCE) through malicious payloads targeting Server Function endpoints. Active exploitation is currently not confirmed,

🤖 Dark LLMs: AI's Shadow Side Is Empowering Low-Level Cybercriminals 🤖 Threat actors are increasingly turning to "Dark LLMs" like WormGPT 4 and KawaiiGPT—AI tools marketed as having "no boundaries" to bypass safety guardrails. 📌 What They Do: • Generate grammatically

🚨 A forum user claims to have leaked FREE Full Ring0 source code for a Windows CLFS Local Privilege Escalation (CVE-2025-60709), targeting Windows 11 24H2 and Windows Server 2025. The exploit allegedly bypasses ETW, enables stealthy token theft, and includes full cleanup. If

🎙️ New #ShadowTalk Episode: Silver Fox’s Russian Ruse—ValleyRAT Targets Chinese Speakers! 🎙️ This week, we break down the latest on the Chinese APT group Silver Fox and its cunning campaign. Join us as we: 🔍 Unpack Silver Fox’s false flag tactics with ValleyRAT malware

🎙️ New #ShadowTalk Episode: Cyber Predictions, Chinese AI Attacks, IoT Takeovers, and more. Join host Kim along with intelligence analyst John & special guest CISO Rafal Baran as they discuss: ✅ New NPM Supply Chain Threat ✅ China Manipulates AI for Initial Access ✅ Cloud

🚨 ReliaQuest observed a surge in BaoLoader malware activity this November. BaoLoader, a backdoor malware, is used to deploy more dangerous payloads. ⚠️ 90% of incidents involved node.exe executing malicious .js files from 'AllManualsReader,' which disguises itself as legitimate

🚨 The recent Zendesk campaign uncovered by ReliaQuest shows how attackers exploit trust in SaaS platforms. Using phishing SSO pages, fake ticket links, and typosquatted domains, they trick employees into handing over credentials. This is a wake-up call: SaaS platforms are