Key Findings: During threat hunting activities conducted on the ANY.RUN platform, the artifact was identified in public submissions of the interactive sandbox. The analysis of samples available in the public repository allowed correlating hashes and network behaviors with the already mapped…
How the Iran-Israel War Triggered a Global Cyber Cascade
On February 28, 2026, the United States and Israel launched a joint military offensive — codenamed Operation Epic Fury (USA) and Operation Roaring Lion (Israel) — against strategic targets in Iran, including nuclear facilities, IRGC command centers, and regime leadership compounds….
VENON: The First Brazilian Banker RAT in Rust
Introduction In February 2026, the ZenoX threat intelligence team identified an unknown malware family during hunting activity, internally classified as VENON due to references in the code (spelled with an N). The sample was initially flagged for behavior consistent with Latin…
OmniGPT Leak Highlights Security Risks in AI Tools
Last Monday (February 9), a user on BreachForums identified as “Gloomer” claimed to have compromised OmniGPT, a widely used Artificial Intelligence (AI) aggregator that provides access to various models, including ChatGPT-4, Claude 3.5, Gemini, and Midjourney. The malicious actor claims to…
How Hackers are Using AI to Discover Zero Days
During our monitoring of dark web forums, we identified a particular case that caught our attention when a threat actor shared in detail their methodology of using an open source project, originally developed for LLM system protection, to identify critical security…
Hacker explains how to replicate Intelbrokers attacks
Recently, we came across an alarming discussion in a Telegram group dedicated to trading stolen credentials and other fraudulent activities. In this conversation, one member shared a practical tutorial on how to replicate techniques used by the well-known IntelBrokers cybercrime operation,…
Hacker USDoD Claims to Have Leaked CrowdStrike’s Threat Actor List
User USDoD posted on the cybercrime forum BreachForums claiming to have obtained what they alleged to be “the entire threat actor list” from CrowdStrike. The user also claimed to possess “the entire IOC [Indicators of Compromise] list” from CrowdStrike and stated…