ThreatCluster
@threatcluster
Followers
100
Following
36
Media
49
Statuses
2K
Your threat intel hub. Tracks 7K+ sources on actors, malware, CVEs & IOCs. Daily digests @ 6am UTC. Free: https://t.co/fCLS534Fl0 | #CyberSec
Connected Intelligence.
Joined July 2025
Nova Scotia MLA Rick Burns targeted in bitcoin blackmail after email hack, with hackers leaking personal images when ransom was refused. RCMP investigating amid rising extortion attacks in Canada. https://t.co/zKk87fOViv
threatcluster.io
Rick Burns, a member of the Nova Scotia legislature, was targeted in a blackmail attempt where hackers accessed his email and demanded payment in bitcoin. After refusing to pay, the hackers released...
0
0
0
Oracle issues out-of-band alert for CVE-2026-21992, a 9.8 CVSS unauthenticated RCE in Oracle Identity Manager and Web Services Manager over HTTP. Apply patches immediately. #RCE
https://t.co/FbYDwY5U8z
threatcluster.io
Oracle has issued an out-of-band security alert for CVE-2026-21992, a critical remote code execution vulnerability affecting Oracle Identity Manager and Oracle Web Services Manager. This vulnerabil...
0
0
0
Musician Michael Smith pleads guilty to $10M AI-driven streaming fraud, using 1,000+ bots to fake billions of plays and divert royalties on major platforms, faces up to 5 years, forfeits $8.1M. #Fraud
https://t.co/yUlLgqTkJV
threatcluster.io
Michael Smith, a 54-year-old musician from North Carolina, has pleaded guilty to a federal charge of conspiracy to commit wire fraud, admitting to a scheme that generated over $10 million in royalty...
0
0
0
Jenkins project issues Mar 18 advisory on critical bugs in core and LoadNinja plugin, incl. CVE-2026-33001 enabling RCE on CI/CD servers. Admins urged to patch controllers promptly. #RCE
https://t.co/Dpzz6bBj1p
threatcluster.io
On March 18, 2026, a critical security advisory was issued for multiple vulnerabilities in Jenkins core and the LoadNinja plugin. These vulnerabilities, including CVE-2026-33001, allow attackers to...
0
0
1
Navia Benefit Solutions discloses breach affecting 2.7M after access from Dec 22 2025 to Jan 15 2026, exposing personal and health plan data. 12 months protection offered. #DataBreach
https://t.co/hM7iOP4Q8Y
threatcluster.io
Navia Benefit Solutions, Inc. has disclosed a data breach impacting approximately 2.7 million individuals. The breach occurred due to unauthorized access to the company's systems between December 22,...
1
0
0
DOJ, with Canada and Germany, dismantles four IoT botnets (Aisuru, Kimwolf, JackSkid, Mossad) that hijacked 3M+ routers and cameras for record DDoS attacks. Orgs urged to watch for botnet shifts. #DDoS
https://t.co/q7I3yuNRfM
threatcluster.io
The U.S. Justice Department, in collaboration with Canadian and German authorities, has dismantled four significant botnets—Aisuru, Kimwolf, JackSkid, and Mossad—that collectively compromised over 3...
0
0
0
Google will let Android users install unverified apps via a new multi-step process, including dev mode, restart, 1-day delay and biometrics, ahead of stricter dev verification in 2026. #Android
https://t.co/stO03vHrVk
threatcluster.io
Google announced a new process allowing Android users to install apps from unverified developers, responding to community dissatisfaction with its developer verification requirement. Starting...
0
0
0
Keenadu firmware backdoor found preinstalled on low-cost Android phones, giving attackers full device control via Zygote hijack, with 500+ devices across ~50 models affected in 40 countries. #Android
https://t.co/hFsPrioIC0
threatcluster.io
In late February 2026, SophosLabs identified the Keenadu backdoor affecting Android devices, which is embedded in the libandroid_runtime.so library. This firmware-level malware injects itself into...
0
0
0
Chinese state group Lotus Blossom compromised Notepad++ update infrastructure in 2025, using malicious installers to target US and EU energy, finance, government and more. Enable signed updates. #SupplyChain
https://t.co/ADbchZtGof
threatcluster.io
Between June and December 2025, the Chinese state group Lotus Blossom compromised the shared hosting provider for Notepad++, redirecting update traffic to deliver malicious installers to targeted...
0
0
0
FBI seizes two Handala hacktivist websites after destructive cyberattack on Stryker that reportedly wiped ~80,000 devices, citing use in foreign state-linked malicious cyber operations. #APT
https://t.co/gcG9wjjoqj
threatcluster.io
The FBI has seized two websites associated with the pro-Iranian hacktivist group Handala after they executed a destructive cyberattack on Stryker, a U.S. medical technology firm. The attack, which...
0
0
0
Infostealer.Speagle targets Cobra DocGuard users, with Symantec and Carbon Black reporting data exfiltration through a compromised DocGuard server that mimics legitimate client traffic. https://t.co/M2BCj0mSz7
threatcluster.io
Researchers from Symantec and Carbon Black have identified a new malware strain, Infostealer.Speagle, which compromises the Cobra DocGuard security software to exfiltrate sensitive information. This...
0
0
0
Phishing campaign targets OpenClaw AI agent developers via fake GitHub airdrop issues, luring them to a cloned https://t.co/lrik3RR0dq with a Connect Wallet prompt to steal crypto, OX Security reports. #phishing
https://t.co/GKXZ794Yly
threatcluster.io
A phishing campaign has emerged targeting developers of the OpenClaw AI agent project, exploiting its rising popularity. Attackers created fake GitHub accounts and initiated issues in controlled...
3
1
4
Ransomware gangs now use EDR killers to disable endpoint defenses before encryption, with ESET tracking about 90 tools, including 54 BYOVD-based and emerging driverless methods. https://t.co/kwWiKYMZhE
threatcluster.io
Ransomware attackers are increasingly using EDR killers to disable endpoint detection and response software before launching their encryptors. ESET Research has tracked nearly 90 EDR killers in...
0
0
0
Ubiquiti patches max severity CVE-2026-22557 in UniFi Network Application, fixing unauth path traversal enabling account takeover and full system control. Update to 10.1.89+ immediately. https://t.co/CNF0DFU0nQ
threatcluster.io
Ubiquiti has patched two critical vulnerabilities in the UniFi Network Application, including CVE-2026-22557, a maximum-severity flaw that allows unauthenticated attackers to exploit a path traversal...
0
0
0
Open VSX fast-draft extension backdoored in versions 0.10.89, .105, .106, .112, deploying RAT and infostealer via GitHub downloader to 26K+ users. Update to clean 0.10.135. #SupplyChain
https://t.co/x6J60b4QPe
threatcluster.io
The KhangNghiem/fast-draft extension on Open VSX was found to contain multiple malicious releases that deploy a remote access trojan (RAT) and an infostealer. Versions 0.10.89, 0.10.105, 0.10.106,...
0
0
0
Horabot banking trojan resurfaces in Mexico, using fake CAPTCHA phishing and an email worm-style spreader to steal banking credentials from compromised hosts in an ongoing campaign. #Malware
https://t.co/6kFpxygJn9
threatcluster.io
The Horabot banking trojan has re-emerged in Mexico, launching a sophisticated campaign that employs a multi-stage infection chain. This threat utilizes an email worm to convert infected machines...
0
0
0
Malicious 'pyronut' package on PyPI impersonates 'pyrogram', backdooring Telegram bots and userbots with remote code execution on sessions and host systems. Devs urged to verify packages. https://t.co/feSt7r3UCW
threatcluster.io
A malicious Python package named 'pyronut' has been identified on the Python Package Index (PyPI), posing a significant threat to developers of Telegram bots. This package masquerades as a legitimate...
0
0
0
Perseus Android malware targets user notes to steal passwords and financial data, spread via fake IPTV apps in unofficial stores, mainly hitting Turkey and Italy. Built on Phoenix/Cerberus codebase. #AndroidMalware
https://t.co/8i7rk1iNWm
threatcluster.io
A new Android malware named Perseus has been identified, actively targeting user notes to extract sensitive information such as passwords and financial data. Distributed via unofficial app stores...
0
0
0
Aura confirms breach exposing 900,000 contact records after a targeted phone phishing attack, with data from under 20,000 active and 15,000 former customers accessed, mostly names and emails. #DataBreach
https://t.co/ozuNxQcnOb
threatcluster.io
Aura, an online safety service, confirmed a data breach affecting approximately 900,000 records, primarily names and email addresses, linked to a marketing tool from a company it acquired in 2021....
0
0
1
CISA orders U.S. agencies to patch actively exploited Zimbra XSS bug CVE-2025-66376 by April 1, 2026. Flaw enables remote JavaScript via malicious emails. #XSS
https://t.co/7E9OTCR5LL
threatcluster.io
CISA has mandated U.S. government agencies to patch a critical vulnerability in the Zimbra Collaboration Suite, tracked as CVE-2025-66376, which has been actively exploited. This stored cross-site...
0
0
0