Enigma-Global

Intel Report [HIGH] - A new cyber espionage campaign codenamed Operation Dragon Weave has been identified by Seqrite Labs, targeting government officials and citizens in the Czech Republic and Taiwan. The campaign delivers an AdaptixC2 agent through... enigma-global.com/og/report/oper…

Intel Report [CRITICAL] - CIFSwitch is a critical local privilege escalation (LPE) vulnerability in the Linux kernel's CIFS client that has been present since 2007—hidden in plain sight for 19 years. Discovered by SpaceX security engineer Asim... enigma-global.com/og/report/cifs…

Intel Report [HIGH] - Gamaredon, a Russian state-sponsored espionage group formally attributed to Russia's Federal Security Service (FSB) Center 18, has been observed deploying a sophisticated worm dubbed GammaWorm that conceals its components within... enigma-global.com/og/report/gama…

Thousands of Attacks Per Day: The Mass Exploitation of Citrix NetScaler The Patch Was Ready. The Attackers Were Faster... read now on: enigma-global.com/og/blog/mass-e…

Screening Serpens Blinds EDR Tools Before the Fight Even Starts read now on: enigma-global.com/og/blog/screen…

Intel Report [CRITICAL] - A coordinated wave of destructive cyberattacks attributed to Iranian state-linked threat actors has targeted organizations across the Middle East, United States, and Western nations following the U.S.-Israeli military strikes... enigma-global.com/og/report/iran…

Intel Report [CRITICAL] - Multiple critical vulnerabilities affecting the Windows Netlogon service have been identified and are being actively exploited or have public proof-of-concept exploits available. These vulnerabilities collectively target the... enigma-global.com/og/report/mult…

Intel Report [CRITICAL] - An Iran-nexus advanced persistent threat group known as Screening Serpens (also tracked as UNC1549, Smoke Sandstorm, and Iranian Dream Job) has been conducting sophisticated cyber espionage campaigns against entities in the... enigma-global.com/og/report/iran…

Intel Report [HIGH] - A sophisticated cyber espionage campaign codenamed Operation Dragon Weave has been identified targeting government, research, academic, technology, and financial sectors in the Czech Republic and Taiwan. The campaign, attributed... enigma-global.com/og/report/oper…

One Packet to Rule Them All: CVE-2026-41089 and the Netlogon Crisis read now on: enigma-global.com/og/blog/cve-20…

The Key Taped to the Door: How CVE-2026-8732 Hands WordPress Sites to Attackers read now on: enigma-global.com/og/blog/wp-map…

The Cookie Forger: How a Cryptographic Shortcut Opened Palo Alto VPNs That single log line was the first confirmed signal of active exploitation of CVE-2026-0257, a bypass vulnerability in PAN-OS that PaloAlto had disclosed just five days earlier. enigma-global.com/blog/palo-alto…

The Pipeline Is the Target: How Trusted Dev Tools Became Weapons A modern CI/CD pipeline is a trust engine. Code enters at one end; tested, deployable artifacts emerge at the other. Every tool referenced along that path inherits the pipeline's trust. enigma-global.com/og/blog/truste…

GREYVIBE: The AI-Powered Espionage Crew That Kept Tripping Over Its Own Code. read now: enigma-global.com/blog/greyvibe-…

Seventeen Million Ghosts: Inside the Dutch Takedown of a Nameless Botnet. read now: enigma-global.com/blog/dutch-tak…

In March 2026, multiple state-sponsored threat actors—primarily Chinese and Iranian—have been observed exploiting the ongoing US-Israeli military conflict with Iran to conduct cyber espionage campaigns against critical... enigma-global.com/og/report/chin…

On or around April 1, 2026, the ShinyHunters extortion group successfully breached Charter Communications, the operator of the Spectrum brand and one of the largest telecommunications providers in the United States. The... enigma-global.com/og/report/char…

The North Korean state-sponsored threat group Kimsuky (also tracked as APT43, Velvet Chollima, Black Banshee, THALLIUM, and Emerald Sleet) has expanded its offensive capabilities with new malware tools including HTTPSpy and... enigma-global.com/og/report/kims…

A critical remote code execution (RCE) vulnerability in Samba's printing subsystem, tracked as CVE-2026-4480, has been reported affecting widely deployed infrastructure across enterprise and operational technology (OT)... enigma-global.com/og/report/crit…

GreyVibe is a previously undocumented Russia-nexus threat actor discovered by WithSecure in January 2026, active since at least August 2025. The group extensively leverages generative AI tools including ChatGPT, Google Gemini,... enigma-global.com/og/report/grey…