Remote code execution via the Reading Pane, without user interaction Executive summary On May 12, 2026, as part of the monthly Patch Tuesday cycle, Microsoft released a fix for CVE-2026-40361, a critical use-after-free vulnerability (CWE-416) officially classified by the vendor as a “Microsoft Office Word Remote Code Execution Vulnerability” (1) (2). Researcher Haifei Li, founder…
Universal Local Privilege Escalation in the Linux Kernel Executive summary On May 7, 2026, researcher Hyunwoo Kim (alias @v4bel) publicly disclosed a new class of Linux kernel vulnerabilities named Dirty Frag (1) (2). This disclosure, brought forward as a result of an embargo break by an unrelated third party, exposes an exploitation chain combining two…
TLP:CLEAR | CTI Team | Updated: March 2026 1. IDENTIFICATION & ATTRIBUTION Designations (vendor aliases) The group is tracked under the following designations: Agrius (SentinelLabs), Agonizing Serpens (Palo Alto Networks Unit 42), Pink Sandstorm (Microsoft, formerly Americium), Marshtreader (Security.com), BlackShadow (public hack-and-leak persona), DEV-0022 (Microsoft pre-attribution). Additional alias: G1030 (MITRE ATT&CK). Origin Iran. Presumed sponsor…
TLP:CLEAR | CTI Team | Updated: March 2026 1. IDENTIFICATION & ATTRIBUTION Designations (vendor aliases) The group is tracked under the following designations by vendors: APT42 (Mandiant/Google TI, reference designation : first public documentation September 2022), Damselfly (Mandiant internal), UNC788 (Mandiant pre-attribution), CALANQUE (Google Threat Analysis Group), OwlSandstorm (Microsoft), Yellow Garuda (PwC), ITG18 (IBM X-Force).…
TLP:CLEAR | CTI Team | Updated: March 2026 1. IDENTIFICATION & ATTRIBUTION Designations (vendor aliases) The group is tracked under the following designations by vendors: MERCURY (Microsoft, historical designation), MuddyWater (ClearSky, common usage designation), Mango Sandstorm (Microsoft, current designation), Seedworm (Symantec/Broadcom), Static Kitten (CrowdStrike), Earth Vetala (Trend Micro), TEMP.Zagros (Mandiant/FireEye pre-attribution), TA450 (Proofpoint), Boggy Serpens…
