TLP:CLEAR | Mixed audience | Updated: March 2026 1. IDENTIFICATION & ATTRIBUTION Designations: OilRig (CrowdStrike), Helix Kitten (CrowdStrike), APT34 (Mandiant/Google), IRN2 (SecureWorks), COBALT GYPSY (SecureWorks), Crambus (Symantec), Earth Simnavaz (Trend Micro), EUROPIUM (Microsoft) Origin: Iran Suspected sponsor: Iranian Ministry of Intelligence (MOIS — Vezarat-e Ettela’at va Amniat-e Keshvar) Sophistication level: High (confirmed APT, persistent operations…
On March 13, 2026, Microsoft released out-of-band update KB5084597 to remediate three remote code execution (RCE) vulnerabilities in the RRAS (Routing and Remote Access Service) MMC snap-in: CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111. Attack surface and exploitation vector The vulnerability resides in the RRAS MMC snap-in used for remote server management. The attack vector is client-side: the…
Sources: Krebs on Security · BleepingComputer · Cisco TalosReference: Microsoft Security Update Guide, March 2026Target audience: Windows administrators, SOC teams, CERT/CSIRT, patch management leads Overview On March 10, 2026, Microsoft released its monthly Patch Tuesday security updates, addressing 79 vulnerabilities across Windows, Office, SQL Server, Azure, and several third-party components. Three vulnerabilities are classified as…
Classification: TLP:CLEAR Unrestricted public distributionPrimary source: ANSSI CERTFR-2026-CTI-002 March 2026Frameworks: MITRE ATT&CK v16 · Diamond Model · Cyber Kill Chain · CVSS v3.1Regulatory context: NIS2 Directive · Cyber Resilience Act · GDPRSectors covered: Education · Healthcare · Telecom · Local Government · Defense · Cloud · OT/ICS This article is CTI analysis based on the…
Exploitation of CVE-2025-0282 | CVSS 9.0 | SPAWN/SPAWNCHIMERA Malware Family Dominant ATT&CK Techniques: T1190 (Exploit Public-Facing Application), T1071.001 (Web Protocols), T1556 (Modify Authentication Process) Affected Technology: Ivanti Connect Secure (Pulse Secure) VPN Appliance Classification: TLP:CLEAR-PAP:CLEAR 1. Executive Summary (Board-Level Strategic Abstract) The RESURGE implant represents a first-order structural threat to any organization operating Ivanti Connect…
Executive Summary The Australian Signals Directorate (ASD) has released Azul, an open-source malware analysis platform designed for large-scale operational environments including national CERTs, government cyber teams, and large enterprise SOCs. Azul provides a structured malware repository, an automated analytical engine derived from reverse engineering workflows, and a clustering framework powered by Opensearch. The platform is…
