📃Title: World Cup 2026 Mobile Targeted Phishing: The Global Social Engineering Threat
📅Date: 2026-06-11
🔗References:
https://zimperium.com/blog/world-cup-2026-mobile-targeted-phishing-the-global-social-engineering-threat?hs_amp=true

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="mobile-attack"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Zimperium"
mitre-attack-pattern=['T1539', 'T1114', 'T1566.002', 'T1598.003', 'T1566.001', 'T1586.002', 'T1608.001', 'T1583.001', 'T1589', 'T1185', 'T1056.003', 'T1589.002', 'T1608.005', 'T1528', 'T1566', 'T1056', 'T1589.001', 'T1598', 'T1204.001']

MISP event uuid: 2d22208a-0035-4f4c-8dfd-a7b056feab82

📃Title: Targets Education Sector with Oracle PeopleSoft Exploit
📅Date: 2026-06-11
🔗References:
https://cloud.google.com/blog/topics/threat-intelligence/shinyhunters-targets-education-sector-oracle-exploit

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• TA-category="Cybercrime"
• target="broad-based"
• mitre-att&ck="none-from-src"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Mandiant"
• target-information="United States"
• sector="Education"
• threat-actor="ShinyHunters"
mitre-attack-pattern=['T1560.001', 'T1110.001', 'T1133', 'T1069', 'T1114', 'T1036.005', 'T1021.004', 'T1190', 'T1491', 'T1505.003', 'T1083', 'T1552.001', 'T1041', 'T1059.004', 'T1078', 'T1027', 'T1486', 'T1573.002', 'T1071.001', 'T1018']

MISP event uuid: 612a10dd-f897-4556-ab31-f50a1b128318

📃Title: UNC1151/Ghostwriter phishing campaign targeting Gmail accounts
📅Date: 2026-06-12
🔗References:
https://cert.pl/en/posts/2026/06/UNC1151-gmail-campaign/

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• TA-category="APT"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• target-information="Poland"
• threat-actor="Ghostwriter"
mitre-attack-pattern=['T1566']

MISP event uuid: 5c1e7285-f735-49d8-9fcf-ef31d47b10ae

📃Title: How to defend ARM64 cloud infrastructure
📅Date: 2026-06-11
🔗References:
https://www.reversinglabs.com/blog/defend-cloud-infrastructure-itscape

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: 💉 Vulnerability
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• sub-category="critical-vuln"
• target="broad-based"
• topic="cloud"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
mitre-attack-pattern=['T1592', 'T1082', 'T1005', 'T1611', 'T1610', 'T1548', 'T1059', 'T1609', 'T1204', 'T1068']

MISP event uuid: b91d23b7-24fc-4cac-87d6-d5dc6b6bfd67

📃Title: Akira, LimeWire, and the Sour Taste of Data Exfiltration
📅Date: 2026-06-12
🔗References:
https://www.huntress.com/blog/akira-ransomware-limewire-data-exfiltration

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="intrusion-analysis"
• TA-category="Ransomware"
• target="targeted"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Huntress"
• ransomware="Akira"
mitre-attack-pattern=['T1560.001', 'T1069', 'T1074.001', 'T1087.002', 'T1082', 'T1005', 'T1140', 'T1083', 'T1497', 'T1041', 'T1562.001', 'T1078', 'T1486', 'T1567.002', 'T1018', 'T1105', 'T1021.001', 'T1490']

MISP event uuid: bb394d28-549f-4209-a897-d318fd04266f

📃Title: Interlock and Rhysida within the Ransomware Ecosystem
📅Date: 2026-06-12
🔗References:
https://www.ibm.com/think/x-force/interlock-and-rhysida-within-the-ransonware-ecosystem

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="TA-profile"
• TA-category="Ransomware"
• target="broad-based"
• samples-found-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="IBM X-Force"
• target-information="United States"
• ransomware="interlock"
• ransomware="rhysida"
mitre-attack-pattern=['T1053.005', 'T1218.011', 'T1003', 'T1087.002', 'T1140', 'T1190', 'T1055', 'T1482', 'T1083', 'T1204', 'T1059.001', 'T1547.001', 'T1566', 'T1486', 'T1203', 'T1059.003', 'T1189', 'T1027.002', 'T1018', 'T1105', 'T1021.001', 'T1490']

MISP event uuid: 4f2a0ee4-d11b-46a6-ba6d-1f9be509076d

📃Title: How 23 Browser Extensions Silently Monetize ~758,000 Users' Searches
📅Date: 2026-06-09
🔗References:
https://malext.io/reports/SearchJack

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• TA-category="Cybercrime"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
mitre-attack-pattern=['T1033', 'T1056.001', 'T1539', 'T1036.005', 'T1204.002', 'T1566.002', 'T1082', 'T1176', 'T1005', 'T1036', 'T1185', 'T1112', 'T1083', 'T1568', 'T1027', 'T1573', 'T1213', 'T1189', 'T1071.001']

MISP event uuid: c2e25435-9441-48e7-a5cc-c2a50ceff102

📃Title: Analysis of APT37 NarwhalRAT Leveraging MS-Themed Phishing and Dead-drop C2
📅Date: 2026-06-15
🔗References:
https://www.genians.co.kr/en/blog/threat_intelligence/narwhalrat

🔖Rectifyq Taxonomies:
Relevancy: ⚫ Not Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="intrusion-analysis"
• TA-category="APT"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• threat-actor="APT37"
mitre-attack-pattern=['T1053.005', 'T1113', 'T1056.001', 'T1025', 'T1204.002', 'T1497.001', 'T1566.001', 'T1005', 'T1140', 'T1055', 'T1112', 'T1041', 'T1059.001', 'T1547.001', 'T1027', 'T1059.003', 'T1070.004', 'T1071.001', 'T1102.001']

MISP event uuid: 24638e19-caf4-4253-8ead-b7f85dda8137

📃Title: Inside OnyxC2: The New Stealer Targeting 210 Apps
📅Date: 2026-06-11
🔗References:
https://www.blackfog.com/inside-onyxc2-the-new-stealer-targeting-210-apps

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="from-original-src"
• mitre-att&ck="from-OTX"
• sub-category="tool-profile"
• target="broad-based"
• TA-category="Cybercrime"
• samples-found-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
mitre-attack-pattern=['T1053.005', 'T1113', 'T1056.001', 'T1539', 'T1555.005', 'T1555.003', 'T1027.001', 'T1003.001', 'T1497', 'T1041', 'T1090.003', 'T1027', 'T1564.003', 'T1071.001', 'T1574.002']

MISP event uuid: d9262ac6-5e84-4e20-82d7-6a520239ed85

📃Title: The Devil, Eight Million Emails, and a Whole Lot of Milk | Phishing Stager Exposed
📅Date: 2026-06-15
🔗References:
https://www.huntress.com/blog/terminal-server-phishing-stager-exposed

🔖Rectifyq Taxonomies:
Relevancy: ⚫ Not Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="intrusion-analysis"
• target="targeted"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Huntress"
• target-information="United Kingdom"
• target-information="Bolivia"
mitre-attack-pattern=['T1133', 'T1114', 'T1566.002', 'T1598.003', 'T1586.002', 'T1036', 'T1185', 'T1071.003', 'T1535', 'T1589.002', 'T1090', 'T1078', 'T1027', 'T1132', 'T1189', 'T1584.004']

MISP event uuid: d5715164-f8a4-40b1-b225-96ea7a71e85e

📃Title: Travel Phishing and Cyber Attacks are Surging in 2026, Growing 122% over the last 3 years: How Cybercriminals Are Targeting Travelers in 2026
📅Date: 2026-06-15
🔗References:
https://blog.checkpoint.com/research/travel-phishing-and-cyber-attacks-are-surging-in-2026-growing-122-over-the-last-3-years-heres-what-cyber-criminals-are-actually-doing/

🔖Rectifyq Taxonomies:
Relevancy: 🔴 Highly Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• TA-category="Cybercrime"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Check Point"
• target-information="Malaysia"
• target-information="Canada"
mitre-attack-pattern=['T1583', 'T1539', 'T1114', 'T1204.002', 'T1566.002', 'T1598.003', 'T1583.001', 'T1056.003', 'T1204', 'T1566', 'T1585.001', 'T1056', 'T1132', 'T1598', 'T1585', 'T1213']

MISP event uuid: be7ce1a3-06b7-40b8-baae-d4fa3adfba87

📃Title: OptinMonster supply chain attack hits 1.2 million sites
📅Date: 2026-06-13
🔗References:
https://sansec.io/research/optinmonster-supply-chain-attack

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="supply-chain"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
mitre-attack-pattern=['T1033', 'T1132.001', 'T1573.001', 'T1087.001', 'T1082', 'T1140', 'T1218', 'T1070.006', 'T1505.003', 'T1136.001', 'T1090.002', 'T1083', 'T1114.003', 'T1564.002', 'T1562.003', 'T1059.004', 'T1027', 'T1195.002', 'T1071.001', 'T1078.003']

MISP event uuid: f99b496b-ce4c-43ce-87f6-8024f8c36a0f

📃Title: The Package That Never Shipped: Following a USPS Smishing Kit Through DNS Data
📅Date: 2026-06-13
🔗References:
https://censys.com/blog/following-a-usps-smishing-kit-through-censys-dns-data/

🔖Rectifyq Taxonomies:
Relevancy: ⚫ Not Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="mobile-attack"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="censys"
mitre-attack-pattern=['T1583', 'T1056.001', 'T1036.005', 'T1566.002', 'T1598.003', 'T1071', 'T1586.002', 'T1608.001', 'T1583.001', 'T1036', 'T1185', 'T1586', 'T1608', 'T1583.006', 'T1041', 'T1566', 'T1027', 'T1573', 'T1056', 'T1598', 'T1071.001']

MISP event uuid: 5f1db648-9b34-47fd-aa68-47e63fa3de4b

📃Title: Attackers Weaponize Microsoft Teams Relays to Stay Hidden
📅Date: 2026-06-16
🔗References:
https://www.security.com/threat-intelligence/dragonforce-msteams-backdoor

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• TA-category="Ransomware"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Symantec"
• target-information="United States"
mitre-attack-pattern=['T1003', 'T1087.002', 'T1190', 'T1567', 'T1055', 'T1021', 'T1112', 'T1555.003', 'T1562.006', 'T1562.001', 'T1027', 'T1486', 'T1071.001', 'T1136', 'T1018', 'T1574.002', 'T1569.002', 'T1090.001']

MISP event uuid: afa946fd-9cd9-4c73-93c2-b2147fdefd2e

📃Title: Potemkin Loader & RMMProject The Anatomy of a ClickFix Attack
📅Date: 2026-06-16
🔗References:
https://www.huntress.com/blog/potemkin-loader-rmmproject-clickfix-attack

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• target="broad-based"
• detection-rules="yara-from-src"
• samples-found-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Huntress"
mitre-attack-pattern=['T1053.005', 'T1047', 'T1056.001', 'T1568.002', 'T1036.005', 'T1204.002', 'T1218.007', 'T1140', 'T1055', 'T1021.002', 'T1555.003', 'T1021.006', 'T1218.005', 'T1547.001', 'T1056.002', 'T1562.001', 'T1027', 'T1573', 'T1071.001']

MISP event uuid: ce6915b2-f7f6-4148-96ff-9f03338de345

📃Title: Android Banker with Complete Device Takeover Capabilities
📅Date: 2026-06-16
🔗References:
https://zimperium.com/blog/rokarolla-android-banker-with-complete-device-takeover-capabilities

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="from-original-src"
• mitre-att&ck="from-OTX"
• sub-category="malware-analysis"
• topic="mobile-attack"
• target="broad-based"
• samples-found-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Zimperium"
mitre-attack-pattern=['T1517', 'T1429', 'T1624.001', 'T1616', 'T1414', 'T1637', 'T1646', 'T1417.002', 'T1516', 'T1417.001', 'T1655.001', 'T1660', 'T1582', 'T1636.004', 'T1513', 'T1418', 'T1406.002', 'T1426']

MISP event uuid: c4f048d7-9154-4c0a-9313-9f454c1e3bce

📃Title: Investigation of email-based attack delivering MediaFire ZIP file with execution chain analysis
📅Date: 2026-06-16
🔗References:
https://x.com/Kostastsale/status/2066545189137629302

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="intrusion-analysis"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
mitre-attack-pattern=['T1053.005', 'T1218.011', 'T1036.005', 'T1204.002', 'T1566.002', 'T1055', 'T1027.001', 'T1059.001', 'T1547.001', 'T1095', 'T1132', 'T1071.001', 'T1574.002', 'T1105']

MISP event uuid: be236a57-ec5e-4964-8305-33827a5a10fc

📃Title: [Ransomware] Unconfirmed: mli******** UPD******** DAT* DUM* NEW LIN* 10G*
📅Date: 2026-06-24
🔗References: https://www.ransomware.live/id/bWxpdC5jb20ubXkgVVBEQVRFLUZVTEwgREFUQSBEVU1QIE5FVyBMSU5LIDEwR0JAc3Rvcm1vdXM=

🔖Rectifyq Taxonomies:
Relevancy: 🔴 Highly Relevant
Category: 💥 Data Breach
- TA-category="Ransomware"

🔖MISP Galaxies:
- target-information="Malaysia"
- sector="Public Sector"
- ransomware="stormous"
mitre-attack-pattern=[]

MISP event uuid: 3f90713d-8875-4d1f-96e2-5a4aefbfe476

📃Title: How attackers are jailbreaking LLMs with CTF framing and how to catch them
📅Date: 2026-06-15
🔗References:
https://www.sysdig.com/blog/how-attackers-are-jailbreaking-llms-with-ctf-framing-and-how-to-catch-them

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="ai"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

MISP event uuid: a667f34d-d768-47b3-9f64-ae7a72b86b82

📃Title: Public and Private Medical Community Targeted by Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research
📅Date: 2026-06-16
🔗References:
https://cloud.google.com/blog/topics/threat-intelligence/prc-targets-us-medical-research

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="from-original-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• TA-category="APT"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Mandiant"
• target-information="United States"
• target-information="Canada"
mitre-attack-pattern=['T1190', 'T1555', 'T1567', 'T1505.003', 'T1056.003', 'T1114.003', 'T1554', 'T1090.003', 'T1562.001', 'T1027', 'T1213', 'T1071.001', 'T1689']

MISP event uuid: aa407ecb-686f-4bfa-a7cd-42fa26fd2128