ThreatCluster

BREAKING: Maersk halts operations at Port of Salalah in Oman for 48 hours after drone-linked explosions damage terminal crane and trigger full port evacuation, all crew reported safe. threatcluster.io/cluster/securi…

BREAKING: CISA adds actively exploited F5 BIG-IP APM RCE bug CVE-2025-53521 (CVSS 9.8) to KEV catalog after nation-state breach, unauthenticated attackers can run arbitrary code. threatcluster.io/cluster/active…

BREAKING: Two drones strike Oman's Port of Salalah, injuring 1 expatriate worker and causing limited crane damage while port operations continue. threatcluster.io/cluster/drone-…

BREAKING: Critical Telegram zero-day ZDI-CAN-30207 with CVSS 9.8 allows remote account hijacking with no user interaction, patch expected within 120 days. threatcluster.io/cluster/critic…

BREAKING: US and Israeli airstrikes hit Iran's Khondab Heavy Water Complex near Arak and Ardakan uranium plant, no casualties or radiation leaks reported. threatcluster.io/cluster/us-isr…

BREAKING: Critical htslib flaw CVE-2026-31962 in Fedora 42 enables code execution via crafted CRAM files, impacting samtools and bcftools users until updated to 1.23.1. threatcluster.io/cluster/critic…

BREAKING: Iran-linked underwater drones hit 2 oil tankers in the Gulf since March 1, 2026, as Tehran effectively closes the Strait of Hormuz to commercial shipping. threatcluster.io/cluster/iran-c…

BREAKING: Ransomware attack forces 4-day closure at St Anne's Catholic School in Southampton, NCSC and ICO called in, no evidence of data compromise so far. threatcluster.io/cluster/ransom…

BREAKING: Anthropic leak exposes Claude Mythos AI model details and nearly 3,000 internal assets after CMS misconfiguration, revealing advanced cybersecurity capabilities beyond Claude Opus 4.6. threatcluster.io/cluster/anthro…

BREAKING: Iran-linked Handala claims cyberattack on Stryker crippled internal Microsoft systems, disrupting global manufacturing, shipping and ordering operations. threatcluster.io/cluster/stryke…

BREAKING: New AiTM phishing wave hijacks TikTok for Business accounts via Google SSO, stealing session cookies from Cloudflare-hosted pages registered 24 March with Nicenic International Group. threatcluster.io/cluster/new-ai…

BREAKING: DOJ confirms Iran-linked Handala Hack Team breached former US official Kash Patel's personal email, leaking 2010-2019 messages and documents online. threatcluster.io/cluster/doj-co…

BREAKING: European Commission probes Amazon cloud breach after threat actor claims 350GB+ of employee and internal data stolen via compromised management account. threatcluster.io/cluster/europe…

BREAKING: Chainalysis links over $3B in crypto to Iran's Revolutionary Guards last year as another $10M exits local exchanges amid Israeli-US airstrikes. threatcluster.io/cluster/irans-…

BREAKING: Custom BRUSHWORM backdoor and BRUSHLOGGER keylogger deployed via paint.exe and fake libcurl.dll in cyberattack on South Asian financial institution. threatcluster.io/cluster/cybera…

BREAKING: Telnyx Python SDK PyPI package with 742,000 downloads compromised, versions 4.87.1 and 4.87.2 deliver TeamPCP's ContainerWorm for secret exfiltration and persistence. threatcluster.io/cluster/telnyx…

BREAKING: Surge in PXA Stealer phishing ZIP campaigns hits global financial institutions in Q1 2026, filling gap left by Lumma, Rhadamanthys, RedLine takedowns. threatcluster.io/cluster/pxa-st…

BREAKING: USBFect (HIUPAN) USB malware deploys PUBLOAD backdoor in coordinated cyberespionage campaign against a Southeast Asian government, with 3 concurrent activity clusters. threatcluster.io/cluster/usb-ma…

BREAKING: Red Hat warns CVE-2024-3094 malware in xz compression utility enables remote unauthenticated access to Linux systems in sophisticated supply chain attack. threatcluster.io/cluster/red-ha…

BREAKING: Critical DTLS cookie callback bug CVE-2026-27459 in pyOpenSSL patched in v26.0.0 with python-cryptography 46.0.5, Fedora 43 and CentOS 8 users urged to update via dnf. threatcluster.io/cluster/critic…