Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
@rectifyq
172 subscribers
2 files
2K links
rectifyq.com
Rectifyq Cybersecurity News with approximate relevancy to Malaysia and contextualized using MISP Galaxies.

Relevancy
๐Ÿ”ด- e.g. APT target ๐Ÿ‡ฒ๐Ÿ‡พ.
๐ŸŸก- e.g. APT target Asian country.
๐Ÿ”ต- e.g. Infostealers impact globally.
โšซ- Good to know only.
Download Telegram
About
Blog
Apps
Platform
Join
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
172 subscribers
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Interlock and Rhysida within the Ransomware Ecosystem
๐Ÿ“…Date: 2026-06-12
๐Ÿ”—References:
https://www.ibm.com/think/x-force/interlock-and-rhysida-within-the-ransonware-ecosystem

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="TA-profile"
โ€ข TA-category="Ransomware"
โ€ข target="broad-based"
โ€ข samples-found-in="MalwareBazaar"
โ€ข samples-found-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="IBM X-Force"
โ€ข target-information="United States"
โ€ข ransomware="interlock"
โ€ข ransomware="rhysida"
mitre-attack-pattern=['T1053.005', 'T1218.011', 'T1003', 'T1087.002', 'T1140', 'T1190', 'T1055', 'T1482', 'T1083', 'T1204', 'T1059.001', 'T1547.001', 'T1566', 'T1486', 'T1203', 'T1059.003', 'T1189', 'T1027.002', 'T1018', 'T1105', 'T1021.001', 'T1490']

MISP event uuid: 4f2a0ee4-d11b-46a6-ba6d-1f9be509076d
Ibm
Interlock and Rhysida within the Ransomware Ecosystem | IBM
IBM X-Force uncovers deep links between Interlock and Rhysida ransomware actors, detailing shared malware, crypters, and infrastructure across the ecosystem, with insights into infection chains, initial access brokers, and evolving tools over two years ofโ€ฆ
10 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: How 23 Browser Extensions Silently Monetize ~758,000 Users' Searches
๐Ÿ“…Date: 2026-06-09
๐Ÿ”—References:
https://malext.io/reports/SearchJack

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข TA-category="Cybercrime"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
mitre-attack-pattern=['T1033', 'T1056.001', 'T1539', 'T1036.005', 'T1204.002', 'T1566.002', 'T1082', 'T1176', 'T1005', 'T1036', 'T1185', 'T1112', 'T1083', 'T1568', 'T1027', 'T1573', 'T1213', 'T1189', 'T1071.001']

MISP event uuid: c2e25435-9441-48e7-a5cc-c2a50ceff102
malext.io
SearchJack: How 23 Browser Extensions Silently Monetize ~758,000 Users' Searches - MalExt Sentry
Threat intelligence report: SearchJack: How 23 Browser Extensions Silently Monetize ~758,000 Users' Searches. Research by MalExt Sentry.
10 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Analysis of APT37 NarwhalRAT Leveraging MS-Themed Phishing and Dead-drop C2
๐Ÿ“…Date: 2026-06-15
๐Ÿ”—References:
https://www.genians.co.kr/en/blog/threat_intelligence/narwhalrat

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: โšซ Not Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="intrusion-analysis"
โ€ข TA-category="APT"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข threat-actor="APT37"
mitre-attack-pattern=['T1053.005', 'T1113', 'T1056.001', 'T1025', 'T1204.002', 'T1497.001', 'T1566.001', 'T1005', 'T1140', 'T1055', 'T1112', 'T1041', 'T1059.001', 'T1547.001', 'T1027', 'T1059.003', 'T1070.004', 'T1071.001', 'T1102.001']

MISP event uuid: 24638e19-caf4-4253-8ead-b7f85dda8137
www.genians.co.kr
Analysis of APT37 NarwhalRAT Leveraging MS-Themed Phishing and Dead-drop C2
Compiled Python-based malware continues to spread. Malicious LNK files execute PowerShell and batch commands, ultimately deploying NarwhalRAT.
14 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Inside OnyxC2: The New Stealer Targeting 210 Apps
๐Ÿ“…Date: 2026-06-11
๐Ÿ”—References:
https://www.blackfog.com/inside-onyxc2-the-new-stealer-targeting-210-apps

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="from-original-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="tool-profile"
โ€ข target="broad-based"
โ€ข TA-category="Cybercrime"
โ€ข samples-found-in="MalwareBazaar"
โ€ข samples-found-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
mitre-attack-pattern=['T1053.005', 'T1113', 'T1056.001', 'T1539', 'T1555.005', 'T1555.003', 'T1027.001', 'T1003.001', 'T1497', 'T1041', 'T1090.003', 'T1027', 'T1564.003', 'T1071.001', 'T1574.002']

MISP event uuid: d9262ac6-5e84-4e20-82d7-6a520239ed85
BlackFog
Inside OnyxC2: The New Stealer Targeting 210 Apps | BlackFog
Discover OnyxC2, the new malware-as-a-service stealer targeting 210 apps, how it evades detection, steals credentials, and enables data theft.
9 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: The Devil, Eight Million Emails, and a Whole Lot of Milk | Phishing Stager Exposed
๐Ÿ“…Date: 2026-06-15
๐Ÿ”—References:
https://www.huntress.com/blog/terminal-server-phishing-stager-exposed

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: โšซ Not Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="intrusion-analysis"
โ€ข target="targeted"
โ€ข no-samples-in="MalwareBazaar"
โ€ข samples-found-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Huntress"
โ€ข target-information="United Kingdom"
โ€ข target-information="Bolivia"
mitre-attack-pattern=['T1133', 'T1114', 'T1566.002', 'T1598.003', 'T1586.002', 'T1036', 'T1185', 'T1071.003', 'T1535', 'T1589.002', 'T1090', 'T1078', 'T1027', 'T1132', 'T1189', 'T1584.004']

MISP event uuid: d5715164-f8a4-40b1-b225-96ea7a71e85e
Huntress
The Devil, Eight Million Emails, and a Whole Lot of Milk | Phishing Stager Exposed | Huntress
A compromised terminal server became a phishing stager. A fake Boots survey aimed at 8.9 million inboxes, with the payload on a hacked Bolivian government site.
6 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Travel Phishing and Cyber Attacks are Surging in 2026, Growing 122% over the last 3 years: How Cybercriminals Are Targeting Travelers in 2026
๐Ÿ“…Date: 2026-06-15
๐Ÿ”—References:
https://blog.checkpoint.com/research/travel-phishing-and-cyber-attacks-are-surging-in-2026-growing-122-over-the-last-3-years-heres-what-cyber-criminals-are-actually-doing/

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ด Highly Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข TA-category="Cybercrime"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Check Point"
โ€ข target-information="Malaysia"
โ€ข target-information="Canada"
mitre-attack-pattern=['T1583', 'T1539', 'T1114', 'T1204.002', 'T1566.002', 'T1598.003', 'T1583.001', 'T1056.003', 'T1204', 'T1566', 'T1585.001', 'T1056', 'T1132', 'T1598', 'T1585', 'T1213']

MISP event uuid: be7ce1a3-06b7-40b8-baae-d4fa3adfba87
Check Point Blog
Travel Phishing and Cyber Attacks are Surging in 2026, Growing 122% over the last 3 years. Here's What Cyber Criminals Are Actuallyโ€ฆ
Every summer, hundreds of millions of people book flights, reserve hotels, and plan vacations online. And every summer, cyber criminals show up to take %Travel cyberattacks have surged 122% since 2023. Discover how hackers use fake Booking.com, Airbnb, andโ€ฆ
8 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: OptinMonster supply chain attack hits 1.2 million sites
๐Ÿ“…Date: 2026-06-13
๐Ÿ”—References:
https://sansec.io/research/optinmonster-supply-chain-attack

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข topic="supply-chain"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
mitre-attack-pattern=['T1033', 'T1132.001', 'T1573.001', 'T1087.001', 'T1082', 'T1140', 'T1218', 'T1070.006', 'T1505.003', 'T1136.001', 'T1090.002', 'T1083', 'T1114.003', 'T1564.002', 'T1562.003', 'T1059.004', 'T1027', 'T1195.002', 'T1071.001', 'T1078.003']

MISP event uuid: f99b496b-ce4c-43ce-87f6-8024f8c36a0f
Sansec
OptinMonster supply chain attack hits 1.2 million sites
Malware adds admin accounts and hidden backdoor to sites using OptinMonster, TrustPulse or PushEngage plugins.
7 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: The Package That Never Shipped: Following a USPS Smishing Kit Through DNS Data
๐Ÿ“…Date: 2026-06-13
๐Ÿ”—References:
https://censys.com/blog/following-a-usps-smishing-kit-through-censys-dns-data/

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: โšซ Not Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข topic="mobile-attack"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="censys"
mitre-attack-pattern=['T1583', 'T1056.001', 'T1036.005', 'T1566.002', 'T1598.003', 'T1071', 'T1586.002', 'T1608.001', 'T1583.001', 'T1036', 'T1185', 'T1586', 'T1608', 'T1583.006', 'T1041', 'T1566', 'T1027', 'T1573', 'T1056', 'T1598', 'T1071.001']

MISP event uuid: 5f1db648-9b34-47fd-aa68-47e63fa3de4b
Censys
The Package That Never Shipped: Following a USPS Smishing Kit Through Censys DNS Data - Censys
Executive Summary It Starts With a Text Message You know the message. Everyone has gotten one. A package could not be delivered, there is an unpaid customs fee or a bad address, and here is a helpful link to fix it. This one pointed at: Believe it or notโ€ฆ
7 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Attackers Weaponize Microsoft Teams Relays to Stay Hidden
๐Ÿ“…Date: 2026-06-16
๐Ÿ”—References:
https://www.security.com/threat-intelligence/dragonforce-msteams-backdoor

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข TA-category="Ransomware"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข samples-found-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Symantec"
โ€ข target-information="United States"
mitre-attack-pattern=['T1003', 'T1087.002', 'T1190', 'T1567', 'T1055', 'T1021', 'T1112', 'T1555.003', 'T1562.006', 'T1562.001', 'T1027', 'T1486', 'T1071.001', 'T1136', 'T1018', 'T1574.002', 'T1569.002', 'T1090.001']

MISP event uuid: afa946fd-9cd9-4c73-93c2-b2147fdefd2e
Security
Hidden in Teams: DragonForce Attackers Weaponize Microsoft Teams Relays to Stay Hidden
Backdoor.Turn, a Go-based RAT, is the first known malware to abuse Microsoft Teams' TURN relay servers to mask command-and-control traffic. The attackers also used a previously unknown vulnerability in a Huawei driver.
11 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Potemkin Loader & RMMProject The Anatomy of a ClickFix Attack
๐Ÿ“…Date: 2026-06-16
๐Ÿ”—References:
https://www.huntress.com/blog/potemkin-loader-rmmproject-clickfix-attack

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข target="broad-based"
โ€ข detection-rules="yara-from-src"
โ€ข samples-found-in="MalwareBazaar"
โ€ข samples-found-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Huntress"
mitre-attack-pattern=['T1053.005', 'T1047', 'T1056.001', 'T1568.002', 'T1036.005', 'T1204.002', 'T1218.007', 'T1140', 'T1055', 'T1021.002', 'T1555.003', 'T1021.006', 'T1218.005', 'T1547.001', 'T1056.002', 'T1562.001', 'T1027', 'T1573', 'T1071.001']

MISP event uuid: ce6915b2-f7f6-4148-96ff-9f03338de345
Huntress
Potemkin Loader & RMMProject The Anatomy of a ClickFix Attack | Huntress
A ClickFix infection drops Potemkin loader and RMMProject RAT, leading to browser theft, hidden remote desktop, and lateral movement across over 11 hosts.
12 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Android Banker with Complete Device Takeover Capabilities
๐Ÿ“…Date: 2026-06-16
๐Ÿ”—References:
https://zimperium.com/blog/rokarolla-android-banker-with-complete-device-takeover-capabilities

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="from-original-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="malware-analysis"
โ€ข topic="mobile-attack"
โ€ข target="broad-based"
โ€ข samples-found-in="MalwareBazaar"
โ€ข samples-found-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Zimperium"
mitre-attack-pattern=['T1517', 'T1429', 'T1624.001', 'T1616', 'T1414', 'T1637', 'T1646', 'T1417.002', 'T1516', 'T1417.001', 'T1655.001', 'T1660', 'T1582', 'T1636.004', 'T1513', 'T1418', 'T1406.002', 'T1426']

MISP event uuid: c4f048d7-9154-4c0a-9313-9f454c1e3bce
Zimperium
Rokarolla : Android Banker with Complete Device Takeover Capabilities
true
15 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Investigation of email-based attack delivering MediaFire ZIP file with execution chain analysis
๐Ÿ“…Date: 2026-06-16
๐Ÿ”—References:
https://x.com/Kostastsale/status/2066545189137629302

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="intrusion-analysis"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
mitre-attack-pattern=['T1053.005', 'T1218.011', 'T1036.005', 'T1204.002', 'T1566.002', 'T1055', 'T1027.001', 'T1059.001', 'T1547.001', 'T1095', 'T1132', 'T1071.001', 'T1574.002', 'T1105']

MISP event uuid: be236a57-ec5e-4964-8305-33827a5a10fc
X (formerly Twitter)
Kostas (@Kostastsale) on X
We investigated a case where an email sent the victim to a MediaFire ZIP. We have not observed this exact chain as part of a broader campaign so far, but there are a lot of things from this that wanted to share which worth a closer look.

๐—˜๐˜…๐—ฒ๐—ฐ๐˜‚๐˜๐—ถ๐—ผ๐—ป ๐—ฐ๐—ต๐—ฎ๐—ถ๐—ปโ€ฆ
19 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ pinned ยซ๐Ÿ“ƒTitle: Travel Phishing and Cyber Attacks are Surging in 2026, Growing 122% over the last 3 years: How Cybercriminals Are Targeting Travelers in 2026 ๐Ÿ“…Date: 2026-06-15 ๐Ÿ”—References: https://blog.checkpoint.com/research/travel-phishing-and-cyber-attacks-areโ€ฆยป
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: [Ransomware] Unconfirmed: mli******** UPD******** DAT* DUM* NEW LIN* 10G*
๐Ÿ“…Date: 2026-06-24
๐Ÿ”—References: https://www.ransomware.live/id/bWxpdC5jb20ubXkgVVBEQVRFLUZVTEwgREFUQSBEVU1QIE5FVyBMSU5LIDEwR0JAc3Rvcm1vdXM=

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ด Highly Relevant
Category: ๐Ÿ’ฅ Data Breach
- TA-category="Ransomware"

๐Ÿ”–MISP Galaxies:
- target-information="Malaysia"
- sector="Public Sector"
- ransomware="stormous"
mitre-attack-pattern=[]

MISP event uuid: 3f90713d-8875-4d1f-96e2-5a4aefbfe476
Ransomware.live
Victim: mlit.com.my UPDATE-FULL DATA DUMP NEW LINK 10GB โ€“ stormous
Ransomware.live discovered on 2026-06-24 that mlit.com.my UPDATE-FULL DATA DUMP NEW LINK 10GB has been claimed by Stormous ransomware group
7 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: How attackers are jailbreaking LLMs with CTF framing and how to catch them
๐Ÿ“…Date: 2026-06-15
๐Ÿ”—References:
https://www.sysdig.com/blog/how-attackers-are-jailbreaking-llms-with-ctf-framing-and-how-to-catch-them

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข topic="ai"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

MISP event uuid: a667f34d-d768-47b3-9f64-ae7a72b86b82
Sysdig
How attackers are jailbreaking LLMs with CTF framing and how to catch them | Sysdig
Sysdig TRT caught threat actors jailbreaking LLMs with CTF framing to generate CVE exploits โ€” and the prompt structure leaks into headers, passwords, and IAM logs.
3 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Public and Private Medical Community Targeted by Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research
๐Ÿ“…Date: 2026-06-16
๐Ÿ”—References:
https://cloud.google.com/blog/topics/threat-intelligence/prc-targets-us-medical-research

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="from-original-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข TA-category="APT"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Mandiant"
โ€ข target-information="United States"
โ€ข target-information="Canada"
mitre-attack-pattern=['T1190', 'T1555', 'T1567', 'T1505.003', 'T1056.003', 'T1114.003', 'T1554', 'T1090.003', 'T1562.001', 'T1027', 'T1213', 'T1071.001', 'T1689']

MISP event uuid: aa407ecb-686f-4bfa-a7cd-42fa26fd2128
Google Cloud Blog
Public and Private Medical Community Targeted by China-Nexus Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, andโ€ฆ
2 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: WebAssembly Malware Found in Trojanized Open VSX Extensions
๐Ÿ“…Date: 2026-06-15
๐Ÿ”—References:
https://socket.dev/blog/glasswasm-malware-open-vsx-extensions

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข topic="supply-chain"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="37ebf9d7-5e9a-466f-a42c-6e60313db868"
mitre-attack-pattern=['T1195.001', 'T1036.005', 'T1204.002', 'T1573.001', 'T1497.001', 'T1140', 'T1497.003', 'T1102', 'T1059.001', 'T1059.004', 'T1562.001', 'T1027', 'T1518.001', 'T1059.003', 'T1071.001', 'T1105', 'T1102.001']

MISP event uuid: 43eb70af-9f4f-4cb9-98c9-15bcea35e6a9
Socket
GlassWASM: WebAssembly Malware Found in Trojanized Open VSX ...
The trojanized extensions use TinyGo-compiled WebAssembly and Solana transaction memos to resolve command-and-control infrastructure.
2 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Gamers beware: malicious wallpapers on Steam found stealing accounts
๐Ÿ“…Date: 2026-06-16
๐Ÿ”—References:
https://securelist.com/dozens-of-malicious-wallpapers-found-on-steam-workshop/120186/

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข samples-found-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Kaspersky"
โ€ข target-information="British Indian Ocean Territory"
โ€ข target-information="Canada"
โ€ข target-information="China"
โ€ข target-information="Germany"
โ€ข target-information="Hong Kong"
โ€ข target-information="India"
โ€ข target-information="Russia"
โ€ข target-information="Singapore"
mitre-attack-pattern=['T1543', 'T1539', 'T1547', 'T1564', 'T1071', 'T1140', 'T1562', 'T1555', 'T1055', 'T1560', 'T1608', 'T1204', 'T1574', 'T1078', 'T1027', 'T1573', 'T1496', 'T1485', 'T1518', 'T1105']

MISP event uuid: 51c79e71-685f-4c88-b907-1579de218020
2 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: New APT-Q-27 sample spotted
๐Ÿ“…Date: 2026-06-17
๐Ÿ”—References:
https://x.com/askardyuss/status/2066859258130665974

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="malware-analysis"
โ€ข TA-category="APT"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
mitre-attack-pattern=['T1204.002', 'T1553.002', 'T1036', 'T1059', 'T1027', 'T1071.001', 'T1574.002', 'T1105']

MISP event uuid: 2af465d9-1888-4e99-abe1-dc82d348aa41
X (formerly Twitter)
Askar (@askardyuss) on X
#ThreatIntel New APT-Q-27 sample spotted! ๐Ÿšจ

The attack leverages a valid digital signature from "ๅนฟๅทžๆ ฉๅ† ็ง‘ๆŠ€ๆœ‰้™ๅ…ฌๅธ" (not revoked yet). The dropper fetches an extension-based module list from C2. Current payloads use DLL Side-Loading via a legitimate Tencent-signedโ€ฆ
2 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Bluekit Phishing as a Service (PhaaS)
๐Ÿ“…Date: 2026-06-16
๐Ÿ”—References:
https://www.cloudsek.com/blog/bluekit-phishing-as-a-service-phaas

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: ๐Ÿ’‰ Vulnerability
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="tool-profile"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="CloudSEK"
mitre-attack-pattern=[]

MISP event uuid: cab18fbe-dd41-40ba-9768-7b2329c53e94
Cloudsek
Bluekit Phishing as a Service (PhaaS) | CloudSEK
BlueKit is turning phishing into a subscription business, offering 87 ready-made kits, automated account takeover and stealthy peer-to-peer infrastructure. CloudSEKโ€™s investigation reveals how this mature PhaaS platform helps even low-skilled criminals targetโ€ฆ
2 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: FortiBleed: 75,000 Fortinet Firewalls Compromised: Global Enterprises Exposed โ€“ Claim Your Ethical Disclosure
๐Ÿ“…Date: 2026-06-17
๐Ÿ”—References:
https://www.infostealers.com/article/fortibleed-75000-fortinet-firewalls-compromised-global-enterprises-exposed-claim-your-ethical-disclosure/
https://www.linkedin.com/feed/update/urn:li:activity:7471222472193830913/
https://doublepulsar.com/fortibleed-75k-fortinet-firewalls-have-admin-passwords-cracked-60299faa65f8

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ด Highly Relevant
Category: ๐Ÿ’ฅ Data Breach
โ€ข sub-category="report"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

MISP event uuid: 62d63a50-b78f-45df-98a9-da606487a500
InfoStealers
FortiBleed: 75,000 Fortinet Firewalls Compromised: Global Enterprises Exposed โ€“ Claim Your Ethical Disclosure
2 views