ThreadLinqs

Introducing TLQL — Threadlinqs Query Language. With the recent explosive growth of the platform, finding what matters to you needed a better answer than "scroll forever." Threadlinqs is currently indexing: - 500+ threats [129 vulnerabilities, 82 supply chain, 104 malware, 99 ransomware, 89 infostealers, 7 Data breaches, 72 apt groups, 409 nation state, 24 phishing] - 5,500+ IOCs [ 873 unique ips, 1250 domains, 1283 hashes, 525 urls, 334 IoCs shared across threats] - 4900+ detections [1714 SPL, 1479 KQL, 1791 Sigma] - 465 MITRE Techniques TLQL lets you write plain, structured queries like: |search Category = "VULNERABILITY" AND CVSS >= 8 AND Threat.Title CONTAINS "Apache" or |search Threat.Severity = "CRITICAL" AND Category IN ("MALWARE", "SUPPLY_CHAIN") AND Threat.Detection.Count > 0 AND NOT Threat.MITRE = T1566 Save them as my_feeds, get drill-downs into detections, IOCs, and affected products — all in one view. TLQL Reference: 🔗 threadlinqs.com/blog/tlql/ The platform got bigger. Now searching it got easier. 🔗 intel.threadlinqs.com

NEW THREAT INTEL: BTMOB Android RAT - SpySolr MaaS evolution, abuses Accessibility Services. 9 detections, 57 IOCs. intel.threadlinqs.com/threat/TL-2026… #ThreatIntel #Android #MaaS

NEW THREAT INTEL: BIND 9 Six-CVE Drop -- DoH heap UAF (RCE potential), 4 DoS bugs, glue amplification. intel.threadlinqs.com/threat/TL-2026… #ThreatIntel #DNS #BIND #CVE

NEW THREAT INTEL: OverlayPhantom Android trojan overlay-phishes 180+ bank/crypto apps in 10 countries. 9 detections. intel.threadlinqs.com/threat/TL-2026… #ThreatIntel #Android #Banking

NEW THREAT INTEL: Cryptojackers poison SEO + AI chatbots to push trojanised GPU tools, hollow miners into .NET. intel.threadlinqs.com/threat/TL-2026… #ThreatIntel #Cryptojacking

NEW THREAT INTEL: EOL F5 + Confluence chained to NTLM relay via CVE-2025-33073 for full AD takeover. 9 detections, 31 IOCs. intel.threadlinqs.com/threat/TL-2026… #ThreatIntel #NTLMRelay

NEW THREAT INTEL: Angular VS Code Ext RCE - zero-click via tsdk on repo open. 9.5M installs, CVSS 8.7, patch v21.2.4. intel.threadlinqs.com/threat/TL-2026… #ThreatIntel #VSCode #Angular

NEW THREAT INTEL: ABB zenon RTS unauth remote-reboot (CVE-2025-8754) hits HMI/SCADA across 8 critical sectors. intel.threadlinqs.com/threat/TL-2026… #ThreatIntel #ICS #OTSecurity

NEW THREAT INTEL: ABB B&R AR SDM (CVE-2025-3450) - unauth DoS halts PLCs, CVSS 10.0, 8 ICS sectors. 9 detections, 12 IOCs. intel.threadlinqs.com/threat/TL-2026… #ThreatIntel #ICS

NEW THREAT INTEL: ClearFake EtherHiding on BNB - smart contract C2 delivers SectopRAT + ACRStealer via ClickFix. intel.threadlinqs.com/threat/TL-2026… #ClickFix #EtherHiding #ThreatIntel

NEW THREAT INTEL: PureLogs JS variant hollows MsBuild.exe via PO phishing RAR. Fileless C2 on :8443. 9 detections, 30 IOCs. intel.threadlinqs.com/threat/TL-2026… #ThreatIntel #PureLogs

NEW THREAT INTEL: DinDoor Deno RAT - fake ChatGPT/Claude installers via GitHub + YouTube hit 50+ wallets. 9 detections, 62 IOCs. intel.threadlinqs.com/threat/TL-2026… #MuddyWater #Malware

NEW THREAT INTEL: SharePoint Authd RCE (CVE-2026-45659) - .NET deserialization, code exec as w3wp. 9 detections. intel.threadlinqs.com/threat/TL-2026… #ThreatIntel #SharePoint #CVE

NEW THREAT INTEL: ConnectWise Automate CVE-2026-9089 - Unsigned plugin/update RCE (CVSS 8.8). Patch to 2026.5. intel.threadlinqs.com/threat/TL-2026… #ThreatIntel #RMM #CVE

NEW THREAT INTEL: Payload Ransomware -- Babuk variant encrypts Windows/ESXi via ChaCha20. 50+ victims, 2.6TB stolen. intel.threadlinqs.com/threat/TL-2026… #ThreatIntel #Ransomware #DFIR

NEW THREAT INTEL: 7-Zip NTFS Heap Overflow (CVE-2026-48095) - crafted archive yields vtable hijack RCE. CVSS 8.8, PoC public. intel.threadlinqs.com/threat/TL-2026… #ThreatIntel #CVE

NEW THREAT INTEL: Kimsuky LNK phish hits S.Korea - 5 chains abuse PubNub C2 & GitHub HTA to drop XenoRAT. intel.threadlinqs.com/threat/TL-2026… #ThreatIntel #Kimsuky #APT

NEW THREAT INTEL: ACR Stealer via fake Claude download page (fairpoint29). PowerShell + JPEG stego. 21 IOCs, 9 detections. intel.threadlinqs.com/threat/TL-2026… #ThreatIntel #InfoStealer

NEW THREAT INTEL: Cloud Atlas APT patches termsrv.dll for multi-RDP, adds RevSocks + Tor tunnels at RU/BY govt. 9 detections. intel.threadlinqs.com/threat/TL-2026… #ThreatIntel #APT

NEW THREAT INTEL: bandcampro - Russian solo actor jailbreaks Gemini CLI, cracks WP admins, drains Stellar via RAT. 9 detections, 20 IOCs. intel.threadlinqs.com/threat/TL-2026… #APT

NEW THREAT INTEL: Iran APT UNC1549 SEO-poisons SQL Developer, drops MiniFast via .NET AppDomain hijack. 9 detections, 64 IOCs. intel.threadlinqs.com/threat/TL-2026… #ThreatIntel #APT