This page collects WhisperX intelligence signals tagged #threat-intelligence. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A threat actor operating under the alias "sinobi" has published an unverified claim alleging a ransomware attack against Neurotrials Research Inc, according to threat intelligence surfaced on dark web monitoring channels. The claim, which appeared on the intelligence platform Yazoul, remains classified as unverified, w...
Security researchers are raising concerns about what appears to be a measurable decline in both the availability of sophisticated Windows malware samples and the volume of technical analysis content documenting such threats. The observation, surfaced within professional blue team communities, suggests that the landscap...
A new ransomware actor identifying as "Lynx" has posted claims against two organizations on its dark web blog, signaling the emergence of a fresh threat in the ransomware landscape. The group's posts target funkychunky.com and csb-battery.com, though the extent of any alleged breach remains unverified at this stage. Se...
Two ransomware operations have published new claimed victims on their dark web leak sites, signaling fresh extortion activity across multiple sectors. The groups, identified as "Pear" and "Lynx," posted three organizations in total, marking an escalation in their respective campaigns and providing fresh indicators for ...
The emerging Lynx ransomware operation has posted claims against four organizations to its dark web blog, signaling an aggressive expansion of targeting across government, commercial, and nonprofit sectors. The alleged victims include jacksoncountyin.com, the official domain for Jackson County, Indiana; bayareaherbs.co...
A new post from the Qilin ransomware group has surfaced referencing the shipping services sector, according to a post on Mastodon. The announcement, which links to a RansomLook group page for Qilin, suggests the threat actors may be preparing to target or have already targeted organizations within the shipping and logi...
Cybersecurity researchers have identified a campaign leveraging AI-generated deepfake impersonations to facilitate the deployment of Python-based backdoors against targeted organizations. The technique marks a notable evolution in social engineering tactics, combining generative AI capabilities with traditional malware...
Google's Threat Intelligence Group claims to have identified the first confirmed case of cybercriminals using artificial intelligence to both discover and weaponize a zero-day vulnerability in a planned mass-exploitation campaign. The company said it worked with the unnamed vendor to quietly patch the flaw—a two-factor...
A sophisticated intrusion chain observed in April 2026 demonstrates the growing sophistication of threat actors leveraging blockchain infrastructure for command-and-control (C2) operations. The attack initiated when threat actors distributed EtherRAT malware through a malicious MSI installer masquerading as a Sysintern...
A critical vulnerability alert tied to OpenClaw has surfaced under the identifier CVE-2026-45004, drawing attention from OSINT and threat intelligence practitioners tracking emerging software weaknesses. The flaw, detailed in circulation across cybersecurity-focused Mastodon communities, has been flagged as a priority ...
Two ransomware-as-a-service operations have published fresh victim listings on their respective dark web blogs, according to threat intelligence monitoring. The Genesis ransomware group posted multiple organizations, while InCRansom added at least one new target to their leak site. Genesis, an established ransomware o...
A notorious malware operation has escalated its threat model by releasing its entire toolkit to the public. Security researchers at Ox confirmed Tuesday that TeamPCP published source code for its Shai-Hulud worm across two GitHub repositories, a move that dramatically lowers the barrier for less-sophisticated threat ac...
A newly documented ransomware and extortion operation known as "The Gentlemen" has rapidly scaled into a high-volume threat actor since emerging publicly in the second half of 2025, according to intelligence indicators. Cybersecurity researchers are closely tracking the group's growth trajectory, which appears to refle...
A newly identified ransomware group operating under the name Incransom has published a blog post claiming an attack against Silergy Corp, a semiconductor company headquartered in China with operations internationally. The post, shared through threat intelligence channels including Mastodon, appeared to list Silergy Cor...
Phishing-as-a-Service operations are adopting increasingly sophisticated obfuscation techniques, with FlowerStorm operators now deploying KrakVM—a JavaScript-based virtual machine—to evade static analysis and bypass multi-factor authentication in credential harvesting campaigns. The development highlights a measurable ...