 | Seeking Counsel: Ongoing Targeted Campaign Against US Law Firms | 2026-06-05 | True | Mandiant | True | | |
| Exploitation of KnowledgeDeliver via ViewState Deserialization Vulnerability | 2026-05-25 | True | Mandiant | True | | |
| 2 PhaaS 2 Furious: The Evolution of Chinese-language Phishing Services | 2026-05-25 | True | Google Threat Intelligence Group | True | | |
| Welcome to BlackFile: Inside a Vishing Extortion Operation | 2026-05-15 | True | Google Threat Intelligence Group | True | | |
| GTIG AI Threat Tracker: Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access | 2026-05-11 | True | Google Threat Intelligence Group | True | | |
| Snow Flurries: How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suite | 2026-04-23 | True | Mandiant | True | | |
| The German Cyber Criminal Überfall: Shifts in Europe's Data Leak Landscape | 2026-04-15 | True | Google Threat Intelligence Group | True | | |
| North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack | 2026-03-31 | True | Google Threat Intelligence Group | True | | |
| M-Trends 2026: Data, Insights, and Strategies From the Frontlines | 2026-03-23 | True | Jurgen Kutscher | True | | |
| The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors | 2026-03-18 | True | Google Threat Intelligence Group | True | | |
| Ransomware Under Pressure: Tactics, Techniques, and Procedures in a Shifting Threat Landscape | 2026-03-16 | True | Google Threat Intelligence Group | True | | |
| Look What You Made Us Patch: 2025 Zero-Days in Review | 2026-03-05 | True | Google Threat Intelligence Group | True | | |
| Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit | 2026-03-03 | True | Google Threat Intelligence Group | True | | |
| Exposing the Undercurrent: Disrupting the GRIDTIDE Global Cyber Espionage Campaign | 2026-02-25 | True | Google Threat Intelligence Group | True | | |
| From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day | 2026-02-17 | True | Mandiant | True | | |
| Beyond the Battlefield: Threats to the Defense Industrial Base | 2026-02-10 | True | Google Threat Intelligence Group | True | | |
| UNC1069 Targets Cryptocurrency Sector with New Tooling and AI-Enabled Social Engineering | 2026-02-09 | True | Mandiant | True | | |
| Guidance from the Frontlines: Proactive Defense Against ShinyHunters-Branded Data Theft Targeting SaaS | 2026-01-30 | True | Mandiant | True | | |
| No Place Like Home Network: Disrupting the World's Largest Residential Proxy Network | 2026-01-28 | True | Google Threat Intelligence Group | True | | |
| Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088 | 2026-01-27 | True | Google Threat Intelligence Group | True | | |
| Multiple Threat Actors Exploit React2Shell (CVE-2025-55182) | 2025-12-12 | True | Google Threat Intelligence Group | True | | |
| Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue | 2025-12-03 | True | Google Threat Intelligence Group | True | | |
| Beyond the Watering Hole: APT24's Pivot to Multi-Vector Attacks | 2025-11-20 | True | Google Threat Intelligence Group | True | | |
| Frontline Intelligence: Analysis of UNC1549 TTPs, Custom Tools, and Malware Targeting the Aerospace and Defense Ecosystem | 2025-11-17 | True | Mandiant | True | | |
| Time Travel Triage: An Introduction to Time Travel Debugging using a .NET Process Hollowing Case Study | 2025-11-13 | True | Mandiant | True | | |
| No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480 | 2025-11-10 | True | Mandiant | True | | |
| Keys to the Kingdom: A Defender's Guide to Privileged Account Monitoring | 2025-10-28 | True | Mandiant | True | | |
| Help Wanted: Vietnamese Actors Using Fake Job Posting Campaigns to Deliver Malware and Steal Credentials | 2025-10-23 | True | Google Threat Intelligence Group | True | | |
| Pro-Russia Information Operations Leverage Russian Drone Incursions into Polish Airspace | 2025-10-21 | True | Google Threat Intelligence Group | True | | |
| To Be (A Robot) or Not to Be: New Malware Attributed to Russia State-Sponsored COLDRIVER | 2025-10-20 | True | Google Threat Intelligence Group | True | | |
| DPRK Adopts EtherHiding: Nation-State Malware Hiding on Blockchains | 2025-10-16 | True | Mandiant | True | | |
| New Group on the Block: UNC5142 Leverages EtherHiding to Distribute Malware | 2025-10-16 | True | Mandiant | True | | |
| Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign | 2025-10-09 | True | Mandiant | True | | |
| Cybercrime Observations from the Frontlines: UNC6040 Proactive Hardening Recommendations | 2025-09-30 | True | Mandiant | True | | |
| Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors | 2025-09-24 | True | Mandiant | True | | |
| ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690) | 2025-09-03 | True | Mandiant | True | | |
| Widespread Data Theft Targets Salesforce Instances via Salesloft Drift | 2025-08-26 | True | Google Threat Intelligence Group | True | | |
| Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats | 2025-08-25 | True | Google Threat Intelligence Group | True | | |
| A Cereal Offender: Analyzing the CORNFLAKE.V3 Backdoor | 2025-08-20 | True | Mandiant | True | | |
| From Help Desk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944 | 2025-07-23 | True | Mandiant | True | | |
| Beyond Convenience: Exposing the Risks of VMware vSphere Active Directory Integration | 2025-07-23 | True | Mandiant | True | | |
| Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor | 2025-07-16 | True | Mandiant | True | | |
| Protecting the Core: Securing Protection Relays in Modern Substations | 2025-06-30 | True | Mandiant | True | | |
| What’s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia | 2025-06-18 | True | Google Threat Intelligence Group | True | | |
| Hello, Operator? A Technical Analysis of Vishing Threats | 2025-06-04 | True | Mandiant | True | | |
| The Cost of a Call: From Voice Phishing to Data Extortion | 2025-06-04 | True | Google Threat Intelligence Group | True | | |
| Mark Your Calendar: APT41 Innovative Tactics | 2025-05-28 | True | Google Threat Intelligence Group | True | | |
| COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs | 2025-05-07 | True | Google Threat Intelligence Group | True | | |
| Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines | 2025-05-06 | True | Mandiant | True | | |
| Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis | 2025-04-29 | True | Google Threat Intelligence Group | True | | |
