Threat Intelligence, Vulnerability Analysis, and Cyber Attack Research

Feed reports an active, large-scale supply-chain exploitation campaign using CVE-2026-1731 (CVSS 9.9) that has weaponized ~695,000 links; multiple actors (UNC6201, UAT-10027, and SafePay RaaS) are active, employing DoH C2 via Cloudflare for evasion, an OAuth device-flow vector that bypasses MFA, and a BADBOX + Triada malware chain, with exploitation observed as quickly as three days post-PoC.