Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
@rectifyq
172 subscribers
2 files
1.99K links
rectifyq.com
Rectifyq Cybersecurity News with approximate relevancy to Malaysia and contextualized using MISP Galaxies.

Relevancy
๐Ÿ”ด- e.g. APT target ๐Ÿ‡ฒ๐Ÿ‡พ.
๐ŸŸก- e.g. APT target Asian country.
๐Ÿ”ต- e.g. Infostealers impact globally.
โšซ- Good to know only.
Download Telegram
About
Blog
Apps
Platform
Join
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
172 subscribers
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ pinned ยซ๐Ÿ“ƒTitle: Cyber-Enabled Maritime Sanctions Evasion ๐Ÿ“…Date: 2026-06-11 ๐Ÿ”—References: https://www.recordedfuture.com/research/media_12cb79eec13b6af7520af3c1ae6768c0f4b25e945.gif?width=1200&format=pjpg&optimize=medium https://www.recordedfuture.com/research/cyberโ€ฆยป
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Affidavit in Support of Application for Criminal Complaint
๐Ÿ“…Date: 2026-06-09
๐Ÿ”—References:
https://cyberscoop.com/wp-content/uploads/sites/3/2026/06/11-1.pdf

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="TA-profile"
โ€ข sub-category="report"
โ€ข target="broad-based"
โ€ข topic="geopolitical"
โ€ข TA-category="APT"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข target-information="United States"
โ€ข threat-actor="Void Blizzard"
mitre-attack-pattern=['T1133', 'T1114', 'T1071', 'T1562', 'T1567', 'T1589', 'T1185', 'T1090', 'T1020', 'T1588.001', 'T1070', 'T1586', 'T1590', 'T1048', 'T1588.002', 'T1566', 'T1078', 'T1573', 'T1598', 'T1213']

MISP event uuid: 48a8d13e-0e7e-4d6f-8807-d4d9761dc8b5
11 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Defending the Digital Pitch: World Cup 2026 Cyber Threats
๐Ÿ“…Date: 2026-06-11
๐Ÿ”—References:
https://www.cyberproof.com/blog/defending-the-digital-pitch-world-cup-2026-cyber-threats/

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
mitre-attack-pattern=['T1557', 'T1583', 'T1539', 'T1566.002', 'T1190', 'T1583.001', 'T1589', 'T1185', 'T1588.001', 'T1586', 'T1528', 'T1204', 'T1199', 'T1566', 'T1110', 'T1078', 'T1499', 'T1598', 'T1189', 'T1498']

MISP event uuid: 1708688e-6ab1-4949-83be-1fe8e61d59e3
CyberProof
Defending the Digital Pitch: World Cup 2026 Cyber Threats
Contributors: Amit Gini, Tom Saar, Liora Ziv Introduction Kicking off today, the 2026 FIFA World Cup is expected to be one of the largest and most
10 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: World Cup 2026 Mobile Targeted Phishing: The Global Social Engineering Threat
๐Ÿ“…Date: 2026-06-11
๐Ÿ”—References:
https://zimperium.com/blog/world-cup-2026-mobile-targeted-phishing-the-global-social-engineering-threat?hs_amp=true

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข topic="mobile-attack"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Zimperium"
mitre-attack-pattern=['T1539', 'T1114', 'T1566.002', 'T1598.003', 'T1566.001', 'T1586.002', 'T1608.001', 'T1583.001', 'T1589', 'T1185', 'T1056.003', 'T1589.002', 'T1608.005', 'T1528', 'T1566', 'T1056', 'T1589.001', 'T1598', 'T1204.001']

MISP event uuid: 2d22208a-0035-4f4c-8dfd-a7b056feab82
Zimperium
World Cup 2026 Mobile Targeted Phishing: The Global Social Engineering Threat
true
10 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Targets Education Sector with Oracle PeopleSoft Exploit
๐Ÿ“…Date: 2026-06-11
๐Ÿ”—References:
https://cloud.google.com/blog/topics/threat-intelligence/shinyhunters-targets-education-sector-oracle-exploit

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข TA-category="Cybercrime"
โ€ข target="broad-based"
โ€ข mitre-att&ck="none-from-src"
โ€ข no-samples-in="MalwareBazaar"
โ€ข samples-found-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Mandiant"
โ€ข target-information="United States"
โ€ข sector="Education"
โ€ข threat-actor="ShinyHunters"
mitre-attack-pattern=['T1560.001', 'T1110.001', 'T1133', 'T1069', 'T1114', 'T1036.005', 'T1021.004', 'T1190', 'T1491', 'T1505.003', 'T1083', 'T1552.001', 'T1041', 'T1059.004', 'T1078', 'T1027', 'T1486', 'T1573.002', 'T1071.001', 'T1018']

MISP event uuid: 612a10dd-f897-4556-ab31-f50a1b128318
Google Cloud Blog
ShinyHunters Targets Education Sector with Oracle PeopleSoft Exploit | Google Cloud Blog
An active compromise and extortion campaign attributed to ShinyHunters targeting Oracle PeopleSoft with a zero-day exploit.
9 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: UNC1151/Ghostwriter phishing campaign targeting Gmail accounts
๐Ÿ“…Date: 2026-06-12
๐Ÿ”—References:
https://cert.pl/en/posts/2026/06/UNC1151-gmail-campaign/

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข TA-category="APT"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข target-information="Poland"
โ€ข threat-actor="Ghostwriter"
mitre-attack-pattern=['T1566']

MISP event uuid: 5c1e7285-f735-49d8-9fcf-ef31d47b10ae
cert.pl
UNC1151/Ghostwriter phishing campaign targeting Gmail accounts
Recently, we have been observing attacks by the UNC1151/Ghostwriter group targeting Gmail accounts. This group has been regularly attacking the mailboxes of Polish citizens for several years, although in the past these attacks focused on other email providers.โ€ฆ
9 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: How to defend ARM64 cloud infrastructure
๐Ÿ“…Date: 2026-06-11
๐Ÿ”—References:
https://www.reversinglabs.com/blog/defend-cloud-infrastructure-itscape

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: ๐Ÿ’‰ Vulnerability
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข sub-category="critical-vuln"
โ€ข target="broad-based"
โ€ข topic="cloud"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
mitre-attack-pattern=['T1592', 'T1082', 'T1005', 'T1611', 'T1610', 'T1548', 'T1059', 'T1609', 'T1204', 'T1068']

MISP event uuid: b91d23b7-24fc-4cac-87d6-d5dc6b6bfd67
ReversingLabs
How to defend ARM64 cloud infrastructure from ITScape | RL Blog
RL has documented CVE-2026-46316, and developed two YARA rules to help detect exploits of the multi-tenant cloud vulnerability.
9 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Akira, LimeWire, and the Sour Taste of Data Exfiltration
๐Ÿ“…Date: 2026-06-12
๐Ÿ”—References:
https://www.huntress.com/blog/akira-ransomware-limewire-data-exfiltration

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="intrusion-analysis"
โ€ข TA-category="Ransomware"
โ€ข target="targeted"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Huntress"
โ€ข ransomware="Akira"
mitre-attack-pattern=['T1560.001', 'T1069', 'T1074.001', 'T1087.002', 'T1082', 'T1005', 'T1140', 'T1083', 'T1497', 'T1041', 'T1562.001', 'T1078', 'T1486', 'T1567.002', 'T1018', 'T1105', 'T1021.001', 'T1490']

MISP event uuid: bb394d28-549f-4209-a897-d318fd04266f
Huntress
Akira, LimeWire, and the Sour Taste of Data Exfiltration | Huntress
A recent investigation uncovered an Akira affiliate abusing a website owned by file-sharing app LimeWire for data exfiltration. Here's how the attack unfolded.
8 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Interlock and Rhysida within the Ransomware Ecosystem
๐Ÿ“…Date: 2026-06-12
๐Ÿ”—References:
https://www.ibm.com/think/x-force/interlock-and-rhysida-within-the-ransonware-ecosystem

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="TA-profile"
โ€ข TA-category="Ransomware"
โ€ข target="broad-based"
โ€ข samples-found-in="MalwareBazaar"
โ€ข samples-found-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="IBM X-Force"
โ€ข target-information="United States"
โ€ข ransomware="interlock"
โ€ข ransomware="rhysida"
mitre-attack-pattern=['T1053.005', 'T1218.011', 'T1003', 'T1087.002', 'T1140', 'T1190', 'T1055', 'T1482', 'T1083', 'T1204', 'T1059.001', 'T1547.001', 'T1566', 'T1486', 'T1203', 'T1059.003', 'T1189', 'T1027.002', 'T1018', 'T1105', 'T1021.001', 'T1490']

MISP event uuid: 4f2a0ee4-d11b-46a6-ba6d-1f9be509076d
Ibm
Interlock and Rhysida within the Ransomware Ecosystem | IBM
IBM X-Force uncovers deep links between Interlock and Rhysida ransomware actors, detailing shared malware, crypters, and infrastructure across the ecosystem, with insights into infection chains, initial access brokers, and evolving tools over two years ofโ€ฆ
10 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: How 23 Browser Extensions Silently Monetize ~758,000 Users' Searches
๐Ÿ“…Date: 2026-06-09
๐Ÿ”—References:
https://malext.io/reports/SearchJack

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข TA-category="Cybercrime"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
mitre-attack-pattern=['T1033', 'T1056.001', 'T1539', 'T1036.005', 'T1204.002', 'T1566.002', 'T1082', 'T1176', 'T1005', 'T1036', 'T1185', 'T1112', 'T1083', 'T1568', 'T1027', 'T1573', 'T1213', 'T1189', 'T1071.001']

MISP event uuid: c2e25435-9441-48e7-a5cc-c2a50ceff102
malext.io
SearchJack: How 23 Browser Extensions Silently Monetize ~758,000 Users' Searches - MalExt Sentry
Threat intelligence report: SearchJack: How 23 Browser Extensions Silently Monetize ~758,000 Users' Searches. Research by MalExt Sentry.
10 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Analysis of APT37 NarwhalRAT Leveraging MS-Themed Phishing and Dead-drop C2
๐Ÿ“…Date: 2026-06-15
๐Ÿ”—References:
https://www.genians.co.kr/en/blog/threat_intelligence/narwhalrat

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: โšซ Not Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="intrusion-analysis"
โ€ข TA-category="APT"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข threat-actor="APT37"
mitre-attack-pattern=['T1053.005', 'T1113', 'T1056.001', 'T1025', 'T1204.002', 'T1497.001', 'T1566.001', 'T1005', 'T1140', 'T1055', 'T1112', 'T1041', 'T1059.001', 'T1547.001', 'T1027', 'T1059.003', 'T1070.004', 'T1071.001', 'T1102.001']

MISP event uuid: 24638e19-caf4-4253-8ead-b7f85dda8137
www.genians.co.kr
Analysis of APT37 NarwhalRAT Leveraging MS-Themed Phishing and Dead-drop C2
Compiled Python-based malware continues to spread. Malicious LNK files execute PowerShell and batch commands, ultimately deploying NarwhalRAT.
14 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Inside OnyxC2: The New Stealer Targeting 210 Apps
๐Ÿ“…Date: 2026-06-11
๐Ÿ”—References:
https://www.blackfog.com/inside-onyxc2-the-new-stealer-targeting-210-apps

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="from-original-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="tool-profile"
โ€ข target="broad-based"
โ€ข TA-category="Cybercrime"
โ€ข samples-found-in="MalwareBazaar"
โ€ข samples-found-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
mitre-attack-pattern=['T1053.005', 'T1113', 'T1056.001', 'T1539', 'T1555.005', 'T1555.003', 'T1027.001', 'T1003.001', 'T1497', 'T1041', 'T1090.003', 'T1027', 'T1564.003', 'T1071.001', 'T1574.002']

MISP event uuid: d9262ac6-5e84-4e20-82d7-6a520239ed85
BlackFog
Inside OnyxC2: The New Stealer Targeting 210 Apps | BlackFog
Discover OnyxC2, the new malware-as-a-service stealer targeting 210 apps, how it evades detection, steals credentials, and enables data theft.
9 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: The Devil, Eight Million Emails, and a Whole Lot of Milk | Phishing Stager Exposed
๐Ÿ“…Date: 2026-06-15
๐Ÿ”—References:
https://www.huntress.com/blog/terminal-server-phishing-stager-exposed

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: โšซ Not Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="intrusion-analysis"
โ€ข target="targeted"
โ€ข no-samples-in="MalwareBazaar"
โ€ข samples-found-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Huntress"
โ€ข target-information="United Kingdom"
โ€ข target-information="Bolivia"
mitre-attack-pattern=['T1133', 'T1114', 'T1566.002', 'T1598.003', 'T1586.002', 'T1036', 'T1185', 'T1071.003', 'T1535', 'T1589.002', 'T1090', 'T1078', 'T1027', 'T1132', 'T1189', 'T1584.004']

MISP event uuid: d5715164-f8a4-40b1-b225-96ea7a71e85e
Huntress
The Devil, Eight Million Emails, and a Whole Lot of Milk | Phishing Stager Exposed | Huntress
A compromised terminal server became a phishing stager. A fake Boots survey aimed at 8.9 million inboxes, with the payload on a hacked Bolivian government site.
6 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Travel Phishing and Cyber Attacks are Surging in 2026, Growing 122% over the last 3 years: How Cybercriminals Are Targeting Travelers in 2026
๐Ÿ“…Date: 2026-06-15
๐Ÿ”—References:
https://blog.checkpoint.com/research/travel-phishing-and-cyber-attacks-are-surging-in-2026-growing-122-over-the-last-3-years-heres-what-cyber-criminals-are-actually-doing/

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ด Highly Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข TA-category="Cybercrime"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Check Point"
โ€ข target-information="Malaysia"
โ€ข target-information="Canada"
mitre-attack-pattern=['T1583', 'T1539', 'T1114', 'T1204.002', 'T1566.002', 'T1598.003', 'T1583.001', 'T1056.003', 'T1204', 'T1566', 'T1585.001', 'T1056', 'T1132', 'T1598', 'T1585', 'T1213']

MISP event uuid: be7ce1a3-06b7-40b8-baae-d4fa3adfba87
Check Point Blog
Travel Phishing and Cyber Attacks are Surging in 2026, Growing 122% over the last 3 years. Here's What Cyber Criminals Are Actuallyโ€ฆ
Every summer, hundreds of millions of people book flights, reserve hotels, and plan vacations online. And every summer, cyber criminals show up to take %Travel cyberattacks have surged 122% since 2023. Discover how hackers use fake Booking.com, Airbnb, andโ€ฆ
8 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: OptinMonster supply chain attack hits 1.2 million sites
๐Ÿ“…Date: 2026-06-13
๐Ÿ”—References:
https://sansec.io/research/optinmonster-supply-chain-attack

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข topic="supply-chain"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
mitre-attack-pattern=['T1033', 'T1132.001', 'T1573.001', 'T1087.001', 'T1082', 'T1140', 'T1218', 'T1070.006', 'T1505.003', 'T1136.001', 'T1090.002', 'T1083', 'T1114.003', 'T1564.002', 'T1562.003', 'T1059.004', 'T1027', 'T1195.002', 'T1071.001', 'T1078.003']

MISP event uuid: f99b496b-ce4c-43ce-87f6-8024f8c36a0f
Sansec
OptinMonster supply chain attack hits 1.2 million sites
Malware adds admin accounts and hidden backdoor to sites using OptinMonster, TrustPulse or PushEngage plugins.
7 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: The Package That Never Shipped: Following a USPS Smishing Kit Through DNS Data
๐Ÿ“…Date: 2026-06-13
๐Ÿ”—References:
https://censys.com/blog/following-a-usps-smishing-kit-through-censys-dns-data/

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: โšซ Not Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข topic="mobile-attack"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="censys"
mitre-attack-pattern=['T1583', 'T1056.001', 'T1036.005', 'T1566.002', 'T1598.003', 'T1071', 'T1586.002', 'T1608.001', 'T1583.001', 'T1036', 'T1185', 'T1586', 'T1608', 'T1583.006', 'T1041', 'T1566', 'T1027', 'T1573', 'T1056', 'T1598', 'T1071.001']

MISP event uuid: 5f1db648-9b34-47fd-aa68-47e63fa3de4b
Censys
The Package That Never Shipped: Following a USPS Smishing Kit Through Censys DNS Data - Censys
Executive Summary It Starts With a Text Message You know the message. Everyone has gotten one. A package could not be delivered, there is an unpaid customs fee or a bad address, and here is a helpful link to fix it. This one pointed at: Believe it or notโ€ฆ
7 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Attackers Weaponize Microsoft Teams Relays to Stay Hidden
๐Ÿ“…Date: 2026-06-16
๐Ÿ”—References:
https://www.security.com/threat-intelligence/dragonforce-msteams-backdoor

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข TA-category="Ransomware"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข samples-found-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Symantec"
โ€ข target-information="United States"
mitre-attack-pattern=['T1003', 'T1087.002', 'T1190', 'T1567', 'T1055', 'T1021', 'T1112', 'T1555.003', 'T1562.006', 'T1562.001', 'T1027', 'T1486', 'T1071.001', 'T1136', 'T1018', 'T1574.002', 'T1569.002', 'T1090.001']

MISP event uuid: afa946fd-9cd9-4c73-93c2-b2147fdefd2e
Security
Hidden in Teams: DragonForce Attackers Weaponize Microsoft Teams Relays to Stay Hidden
Backdoor.Turn, a Go-based RAT, is the first known malware to abuse Microsoft Teams' TURN relay servers to mask command-and-control traffic. The attackers also used a previously unknown vulnerability in a Huawei driver.
11 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Potemkin Loader & RMMProject The Anatomy of a ClickFix Attack
๐Ÿ“…Date: 2026-06-16
๐Ÿ”—References:
https://www.huntress.com/blog/potemkin-loader-rmmproject-clickfix-attack

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข target="broad-based"
โ€ข detection-rules="yara-from-src"
โ€ข samples-found-in="MalwareBazaar"
โ€ข samples-found-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Huntress"
mitre-attack-pattern=['T1053.005', 'T1047', 'T1056.001', 'T1568.002', 'T1036.005', 'T1204.002', 'T1218.007', 'T1140', 'T1055', 'T1021.002', 'T1555.003', 'T1021.006', 'T1218.005', 'T1547.001', 'T1056.002', 'T1562.001', 'T1027', 'T1573', 'T1071.001']

MISP event uuid: ce6915b2-f7f6-4148-96ff-9f03338de345
Huntress
Potemkin Loader & RMMProject The Anatomy of a ClickFix Attack | Huntress
A ClickFix infection drops Potemkin loader and RMMProject RAT, leading to browser theft, hidden remote desktop, and lateral movement across over 11 hosts.
12 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Android Banker with Complete Device Takeover Capabilities
๐Ÿ“…Date: 2026-06-16
๐Ÿ”—References:
https://zimperium.com/blog/rokarolla-android-banker-with-complete-device-takeover-capabilities

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="from-original-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="malware-analysis"
โ€ข topic="mobile-attack"
โ€ข target="broad-based"
โ€ข samples-found-in="MalwareBazaar"
โ€ข samples-found-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Zimperium"
mitre-attack-pattern=['T1517', 'T1429', 'T1624.001', 'T1616', 'T1414', 'T1637', 'T1646', 'T1417.002', 'T1516', 'T1417.001', 'T1655.001', 'T1660', 'T1582', 'T1636.004', 'T1513', 'T1418', 'T1406.002', 'T1426']

MISP event uuid: c4f048d7-9154-4c0a-9313-9f454c1e3bce
Zimperium
Rokarolla : Android Banker with Complete Device Takeover Capabilities
true
15 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Investigation of email-based attack delivering MediaFire ZIP file with execution chain analysis
๐Ÿ“…Date: 2026-06-16
๐Ÿ”—References:
https://x.com/Kostastsale/status/2066545189137629302

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="intrusion-analysis"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
mitre-attack-pattern=['T1053.005', 'T1218.011', 'T1036.005', 'T1204.002', 'T1566.002', 'T1055', 'T1027.001', 'T1059.001', 'T1547.001', 'T1095', 'T1132', 'T1071.001', 'T1574.002', 'T1105']

MISP event uuid: be236a57-ec5e-4964-8305-33827a5a10fc
X (formerly Twitter)
Kostas (@Kostastsale) on X
We investigated a case where an email sent the victim to a MediaFire ZIP. We have not observed this exact chain as part of a broader campaign so far, but there are a lot of things from this that wanted to share which worth a closer look.

๐—˜๐˜…๐—ฒ๐—ฐ๐˜‚๐˜๐—ถ๐—ผ๐—ป ๐—ฐ๐—ต๐—ฎ๐—ถ๐—ปโ€ฆ
19 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ pinned ยซ๐Ÿ“ƒTitle: Travel Phishing and Cyber Attacks are Surging in 2026, Growing 122% over the last 3 years: How Cybercriminals Are Targeting Travelers in 2026 ๐Ÿ“…Date: 2026-06-15 ๐Ÿ”—References: https://blog.checkpoint.com/research/travel-phishing-and-cyber-attacks-areโ€ฆยป