Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
@rectifyq
172 subscribers
2 files
2K links
rectifyq.com
Rectifyq Cybersecurity News with approximate relevancy to Malaysia and contextualized using MISP Galaxies.

Relevancy
๐Ÿ”ด- e.g. APT target ๐Ÿ‡ฒ๐Ÿ‡พ.
๐ŸŸก- e.g. APT target Asian country.
๐Ÿ”ต- e.g. Infostealers impact globally.
โšซ- Good to know only.
Download Telegram
About
Blog
Apps
Platform
Join
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
172 subscribers
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: How 23 Browser Extensions Silently Monetize ~758,000 Users' Searches
๐Ÿ“…Date: 2026-06-09
๐Ÿ”—References:
https://malext.io/reports/SearchJack

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข TA-category="Cybercrime"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
mitre-attack-pattern=['T1033', 'T1056.001', 'T1539', 'T1036.005', 'T1204.002', 'T1566.002', 'T1082', 'T1176', 'T1005', 'T1036', 'T1185', 'T1112', 'T1083', 'T1568', 'T1027', 'T1573', 'T1213', 'T1189', 'T1071.001']

MISP event uuid: c2e25435-9441-48e7-a5cc-c2a50ceff102
malext.io
SearchJack: How 23 Browser Extensions Silently Monetize ~758,000 Users' Searches - MalExt Sentry
Threat intelligence report: SearchJack: How 23 Browser Extensions Silently Monetize ~758,000 Users' Searches. Research by MalExt Sentry.
10 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Analysis of APT37 NarwhalRAT Leveraging MS-Themed Phishing and Dead-drop C2
๐Ÿ“…Date: 2026-06-15
๐Ÿ”—References:
https://www.genians.co.kr/en/blog/threat_intelligence/narwhalrat

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: โšซ Not Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="intrusion-analysis"
โ€ข TA-category="APT"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข threat-actor="APT37"
mitre-attack-pattern=['T1053.005', 'T1113', 'T1056.001', 'T1025', 'T1204.002', 'T1497.001', 'T1566.001', 'T1005', 'T1140', 'T1055', 'T1112', 'T1041', 'T1059.001', 'T1547.001', 'T1027', 'T1059.003', 'T1070.004', 'T1071.001', 'T1102.001']

MISP event uuid: 24638e19-caf4-4253-8ead-b7f85dda8137
www.genians.co.kr
Analysis of APT37 NarwhalRAT Leveraging MS-Themed Phishing and Dead-drop C2
Compiled Python-based malware continues to spread. Malicious LNK files execute PowerShell and batch commands, ultimately deploying NarwhalRAT.
14 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Inside OnyxC2: The New Stealer Targeting 210 Apps
๐Ÿ“…Date: 2026-06-11
๐Ÿ”—References:
https://www.blackfog.com/inside-onyxc2-the-new-stealer-targeting-210-apps

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="from-original-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="tool-profile"
โ€ข target="broad-based"
โ€ข TA-category="Cybercrime"
โ€ข samples-found-in="MalwareBazaar"
โ€ข samples-found-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
mitre-attack-pattern=['T1053.005', 'T1113', 'T1056.001', 'T1539', 'T1555.005', 'T1555.003', 'T1027.001', 'T1003.001', 'T1497', 'T1041', 'T1090.003', 'T1027', 'T1564.003', 'T1071.001', 'T1574.002']

MISP event uuid: d9262ac6-5e84-4e20-82d7-6a520239ed85
BlackFog
Inside OnyxC2: The New Stealer Targeting 210 Apps | BlackFog
Discover OnyxC2, the new malware-as-a-service stealer targeting 210 apps, how it evades detection, steals credentials, and enables data theft.
9 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: The Devil, Eight Million Emails, and a Whole Lot of Milk | Phishing Stager Exposed
๐Ÿ“…Date: 2026-06-15
๐Ÿ”—References:
https://www.huntress.com/blog/terminal-server-phishing-stager-exposed

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: โšซ Not Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="intrusion-analysis"
โ€ข target="targeted"
โ€ข no-samples-in="MalwareBazaar"
โ€ข samples-found-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Huntress"
โ€ข target-information="United Kingdom"
โ€ข target-information="Bolivia"
mitre-attack-pattern=['T1133', 'T1114', 'T1566.002', 'T1598.003', 'T1586.002', 'T1036', 'T1185', 'T1071.003', 'T1535', 'T1589.002', 'T1090', 'T1078', 'T1027', 'T1132', 'T1189', 'T1584.004']

MISP event uuid: d5715164-f8a4-40b1-b225-96ea7a71e85e
Huntress
The Devil, Eight Million Emails, and a Whole Lot of Milk | Phishing Stager Exposed | Huntress
A compromised terminal server became a phishing stager. A fake Boots survey aimed at 8.9 million inboxes, with the payload on a hacked Bolivian government site.
6 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Travel Phishing and Cyber Attacks are Surging in 2026, Growing 122% over the last 3 years: How Cybercriminals Are Targeting Travelers in 2026
๐Ÿ“…Date: 2026-06-15
๐Ÿ”—References:
https://blog.checkpoint.com/research/travel-phishing-and-cyber-attacks-are-surging-in-2026-growing-122-over-the-last-3-years-heres-what-cyber-criminals-are-actually-doing/

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ด Highly Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข TA-category="Cybercrime"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Check Point"
โ€ข target-information="Malaysia"
โ€ข target-information="Canada"
mitre-attack-pattern=['T1583', 'T1539', 'T1114', 'T1204.002', 'T1566.002', 'T1598.003', 'T1583.001', 'T1056.003', 'T1204', 'T1566', 'T1585.001', 'T1056', 'T1132', 'T1598', 'T1585', 'T1213']

MISP event uuid: be7ce1a3-06b7-40b8-baae-d4fa3adfba87
Check Point Blog
Travel Phishing and Cyber Attacks are Surging in 2026, Growing 122% over the last 3 years. Here's What Cyber Criminals Are Actuallyโ€ฆ
Every summer, hundreds of millions of people book flights, reserve hotels, and plan vacations online. And every summer, cyber criminals show up to take %Travel cyberattacks have surged 122% since 2023. Discover how hackers use fake Booking.com, Airbnb, andโ€ฆ
8 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: OptinMonster supply chain attack hits 1.2 million sites
๐Ÿ“…Date: 2026-06-13
๐Ÿ”—References:
https://sansec.io/research/optinmonster-supply-chain-attack

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข topic="supply-chain"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
mitre-attack-pattern=['T1033', 'T1132.001', 'T1573.001', 'T1087.001', 'T1082', 'T1140', 'T1218', 'T1070.006', 'T1505.003', 'T1136.001', 'T1090.002', 'T1083', 'T1114.003', 'T1564.002', 'T1562.003', 'T1059.004', 'T1027', 'T1195.002', 'T1071.001', 'T1078.003']

MISP event uuid: f99b496b-ce4c-43ce-87f6-8024f8c36a0f
Sansec
OptinMonster supply chain attack hits 1.2 million sites
Malware adds admin accounts and hidden backdoor to sites using OptinMonster, TrustPulse or PushEngage plugins.
7 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: The Package That Never Shipped: Following a USPS Smishing Kit Through DNS Data
๐Ÿ“…Date: 2026-06-13
๐Ÿ”—References:
https://censys.com/blog/following-a-usps-smishing-kit-through-censys-dns-data/

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: โšซ Not Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข topic="mobile-attack"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="censys"
mitre-attack-pattern=['T1583', 'T1056.001', 'T1036.005', 'T1566.002', 'T1598.003', 'T1071', 'T1586.002', 'T1608.001', 'T1583.001', 'T1036', 'T1185', 'T1586', 'T1608', 'T1583.006', 'T1041', 'T1566', 'T1027', 'T1573', 'T1056', 'T1598', 'T1071.001']

MISP event uuid: 5f1db648-9b34-47fd-aa68-47e63fa3de4b
Censys
The Package That Never Shipped: Following a USPS Smishing Kit Through Censys DNS Data - Censys
Executive Summary It Starts With a Text Message You know the message. Everyone has gotten one. A package could not be delivered, there is an unpaid customs fee or a bad address, and here is a helpful link to fix it. This one pointed at: Believe it or notโ€ฆ
7 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Attackers Weaponize Microsoft Teams Relays to Stay Hidden
๐Ÿ“…Date: 2026-06-16
๐Ÿ”—References:
https://www.security.com/threat-intelligence/dragonforce-msteams-backdoor

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข TA-category="Ransomware"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข samples-found-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Symantec"
โ€ข target-information="United States"
mitre-attack-pattern=['T1003', 'T1087.002', 'T1190', 'T1567', 'T1055', 'T1021', 'T1112', 'T1555.003', 'T1562.006', 'T1562.001', 'T1027', 'T1486', 'T1071.001', 'T1136', 'T1018', 'T1574.002', 'T1569.002', 'T1090.001']

MISP event uuid: afa946fd-9cd9-4c73-93c2-b2147fdefd2e
Security
Hidden in Teams: DragonForce Attackers Weaponize Microsoft Teams Relays to Stay Hidden
Backdoor.Turn, a Go-based RAT, is the first known malware to abuse Microsoft Teams' TURN relay servers to mask command-and-control traffic. The attackers also used a previously unknown vulnerability in a Huawei driver.
11 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Potemkin Loader & RMMProject The Anatomy of a ClickFix Attack
๐Ÿ“…Date: 2026-06-16
๐Ÿ”—References:
https://www.huntress.com/blog/potemkin-loader-rmmproject-clickfix-attack

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข target="broad-based"
โ€ข detection-rules="yara-from-src"
โ€ข samples-found-in="MalwareBazaar"
โ€ข samples-found-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Huntress"
mitre-attack-pattern=['T1053.005', 'T1047', 'T1056.001', 'T1568.002', 'T1036.005', 'T1204.002', 'T1218.007', 'T1140', 'T1055', 'T1021.002', 'T1555.003', 'T1021.006', 'T1218.005', 'T1547.001', 'T1056.002', 'T1562.001', 'T1027', 'T1573', 'T1071.001']

MISP event uuid: ce6915b2-f7f6-4148-96ff-9f03338de345
Huntress
Potemkin Loader & RMMProject The Anatomy of a ClickFix Attack | Huntress
A ClickFix infection drops Potemkin loader and RMMProject RAT, leading to browser theft, hidden remote desktop, and lateral movement across over 11 hosts.
12 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Android Banker with Complete Device Takeover Capabilities
๐Ÿ“…Date: 2026-06-16
๐Ÿ”—References:
https://zimperium.com/blog/rokarolla-android-banker-with-complete-device-takeover-capabilities

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="from-original-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="malware-analysis"
โ€ข topic="mobile-attack"
โ€ข target="broad-based"
โ€ข samples-found-in="MalwareBazaar"
โ€ข samples-found-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Zimperium"
mitre-attack-pattern=['T1517', 'T1429', 'T1624.001', 'T1616', 'T1414', 'T1637', 'T1646', 'T1417.002', 'T1516', 'T1417.001', 'T1655.001', 'T1660', 'T1582', 'T1636.004', 'T1513', 'T1418', 'T1406.002', 'T1426']

MISP event uuid: c4f048d7-9154-4c0a-9313-9f454c1e3bce
Zimperium
Rokarolla : Android Banker with Complete Device Takeover Capabilities
true
15 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Investigation of email-based attack delivering MediaFire ZIP file with execution chain analysis
๐Ÿ“…Date: 2026-06-16
๐Ÿ”—References:
https://x.com/Kostastsale/status/2066545189137629302

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="intrusion-analysis"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
mitre-attack-pattern=['T1053.005', 'T1218.011', 'T1036.005', 'T1204.002', 'T1566.002', 'T1055', 'T1027.001', 'T1059.001', 'T1547.001', 'T1095', 'T1132', 'T1071.001', 'T1574.002', 'T1105']

MISP event uuid: be236a57-ec5e-4964-8305-33827a5a10fc
X (formerly Twitter)
Kostas (@Kostastsale) on X
We investigated a case where an email sent the victim to a MediaFire ZIP. We have not observed this exact chain as part of a broader campaign so far, but there are a lot of things from this that wanted to share which worth a closer look.

๐—˜๐˜…๐—ฒ๐—ฐ๐˜‚๐˜๐—ถ๐—ผ๐—ป ๐—ฐ๐—ต๐—ฎ๐—ถ๐—ปโ€ฆ
19 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ pinned ยซ๐Ÿ“ƒTitle: Travel Phishing and Cyber Attacks are Surging in 2026, Growing 122% over the last 3 years: How Cybercriminals Are Targeting Travelers in 2026 ๐Ÿ“…Date: 2026-06-15 ๐Ÿ”—References: https://blog.checkpoint.com/research/travel-phishing-and-cyber-attacks-areโ€ฆยป
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: [Ransomware] Unconfirmed: mli******** UPD******** DAT* DUM* NEW LIN* 10G*
๐Ÿ“…Date: 2026-06-24
๐Ÿ”—References: https://www.ransomware.live/id/bWxpdC5jb20ubXkgVVBEQVRFLUZVTEwgREFUQSBEVU1QIE5FVyBMSU5LIDEwR0JAc3Rvcm1vdXM=

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ด Highly Relevant
Category: ๐Ÿ’ฅ Data Breach
- TA-category="Ransomware"

๐Ÿ”–MISP Galaxies:
- target-information="Malaysia"
- sector="Public Sector"
- ransomware="stormous"
mitre-attack-pattern=[]

MISP event uuid: 3f90713d-8875-4d1f-96e2-5a4aefbfe476
Ransomware.live
Victim: mlit.com.my UPDATE-FULL DATA DUMP NEW LINK 10GB โ€“ stormous
Ransomware.live discovered on 2026-06-24 that mlit.com.my UPDATE-FULL DATA DUMP NEW LINK 10GB has been claimed by Stormous ransomware group
7 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: How attackers are jailbreaking LLMs with CTF framing and how to catch them
๐Ÿ“…Date: 2026-06-15
๐Ÿ”—References:
https://www.sysdig.com/blog/how-attackers-are-jailbreaking-llms-with-ctf-framing-and-how-to-catch-them

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข topic="ai"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

MISP event uuid: a667f34d-d768-47b3-9f64-ae7a72b86b82
Sysdig
How attackers are jailbreaking LLMs with CTF framing and how to catch them | Sysdig
Sysdig TRT caught threat actors jailbreaking LLMs with CTF framing to generate CVE exploits โ€” and the prompt structure leaks into headers, passwords, and IAM logs.
3 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Public and Private Medical Community Targeted by Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research
๐Ÿ“…Date: 2026-06-16
๐Ÿ”—References:
https://cloud.google.com/blog/topics/threat-intelligence/prc-targets-us-medical-research

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="from-original-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข TA-category="APT"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Mandiant"
โ€ข target-information="United States"
โ€ข target-information="Canada"
mitre-attack-pattern=['T1190', 'T1555', 'T1567', 'T1505.003', 'T1056.003', 'T1114.003', 'T1554', 'T1090.003', 'T1562.001', 'T1027', 'T1213', 'T1071.001', 'T1689']

MISP event uuid: aa407ecb-686f-4bfa-a7cd-42fa26fd2128
Google Cloud Blog
Public and Private Medical Community Targeted by China-Nexus Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, andโ€ฆ
2 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: WebAssembly Malware Found in Trojanized Open VSX Extensions
๐Ÿ“…Date: 2026-06-15
๐Ÿ”—References:
https://socket.dev/blog/glasswasm-malware-open-vsx-extensions

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข topic="supply-chain"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="37ebf9d7-5e9a-466f-a42c-6e60313db868"
mitre-attack-pattern=['T1195.001', 'T1036.005', 'T1204.002', 'T1573.001', 'T1497.001', 'T1140', 'T1497.003', 'T1102', 'T1059.001', 'T1059.004', 'T1562.001', 'T1027', 'T1518.001', 'T1059.003', 'T1071.001', 'T1105', 'T1102.001']

MISP event uuid: 43eb70af-9f4f-4cb9-98c9-15bcea35e6a9
Socket
GlassWASM: WebAssembly Malware Found in Trojanized Open VSX ...
The trojanized extensions use TinyGo-compiled WebAssembly and Solana transaction memos to resolve command-and-control infrastructure.
2 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Gamers beware: malicious wallpapers on Steam found stealing accounts
๐Ÿ“…Date: 2026-06-16
๐Ÿ”—References:
https://securelist.com/dozens-of-malicious-wallpapers-found-on-steam-workshop/120186/

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข samples-found-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Kaspersky"
โ€ข target-information="British Indian Ocean Territory"
โ€ข target-information="Canada"
โ€ข target-information="China"
โ€ข target-information="Germany"
โ€ข target-information="Hong Kong"
โ€ข target-information="India"
โ€ข target-information="Russia"
โ€ข target-information="Singapore"
mitre-attack-pattern=['T1543', 'T1539', 'T1547', 'T1564', 'T1071', 'T1140', 'T1562', 'T1555', 'T1055', 'T1560', 'T1608', 'T1204', 'T1574', 'T1078', 'T1027', 'T1573', 'T1496', 'T1485', 'T1518', 'T1105']

MISP event uuid: 51c79e71-685f-4c88-b907-1579de218020
2 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: New APT-Q-27 sample spotted
๐Ÿ“…Date: 2026-06-17
๐Ÿ”—References:
https://x.com/askardyuss/status/2066859258130665974

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="malware-analysis"
โ€ข TA-category="APT"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
mitre-attack-pattern=['T1204.002', 'T1553.002', 'T1036', 'T1059', 'T1027', 'T1071.001', 'T1574.002', 'T1105']

MISP event uuid: 2af465d9-1888-4e99-abe1-dc82d348aa41
X (formerly Twitter)
Askar (@askardyuss) on X
#ThreatIntel New APT-Q-27 sample spotted! ๐Ÿšจ

The attack leverages a valid digital signature from "ๅนฟๅทžๆ ฉๅ† ็ง‘ๆŠ€ๆœ‰้™ๅ…ฌๅธ" (not revoked yet). The dropper fetches an extension-based module list from C2. Current payloads use DLL Side-Loading via a legitimate Tencent-signedโ€ฆ
2 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: Bluekit Phishing as a Service (PhaaS)
๐Ÿ“…Date: 2026-06-16
๐Ÿ”—References:
https://www.cloudsek.com/blog/bluekit-phishing-as-a-service-phaas

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: ๐Ÿ’‰ Vulnerability
โ€ข mitre-att&ck="none-from-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="tool-profile"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="CloudSEK"
mitre-attack-pattern=[]

MISP event uuid: cab18fbe-dd41-40ba-9768-7b2329c53e94
Cloudsek
Bluekit Phishing as a Service (PhaaS) | CloudSEK
BlueKit is turning phishing into a subscription business, offering 87 ready-made kits, automated account takeover and stealthy peer-to-peer infrastructure. CloudSEKโ€™s investigation reveals how this mature PhaaS platform helps even low-skilled criminals targetโ€ฆ
2 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: FortiBleed: 75,000 Fortinet Firewalls Compromised: Global Enterprises Exposed โ€“ Claim Your Ethical Disclosure
๐Ÿ“…Date: 2026-06-17
๐Ÿ”—References:
https://www.infostealers.com/article/fortibleed-75000-fortinet-firewalls-compromised-global-enterprises-exposed-claim-your-ethical-disclosure/
https://www.linkedin.com/feed/update/urn:li:activity:7471222472193830913/
https://doublepulsar.com/fortibleed-75k-fortinet-firewalls-have-admin-passwords-cracked-60299faa65f8

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ด Highly Relevant
Category: ๐Ÿ’ฅ Data Breach
โ€ข sub-category="report"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

MISP event uuid: 62d63a50-b78f-45df-98a9-da606487a500
InfoStealers
FortiBleed: 75,000 Fortinet Firewalls Compromised: Global Enterprises Exposed โ€“ Claim Your Ethical Disclosure
2 views
Rectifyq Cybersecurity News ๐Ÿ‡ฒ๐Ÿ‡พ
๐Ÿ“ƒTitle: ClickFix Campaign Generated Via AI Delivers SmartRAT
๐Ÿ“…Date: 2026-06-17
๐Ÿ”—References:
https://www.zscaler.com/blogs/security-research/clickfix-campaign-generated-ai-delivers-smartrat

๐Ÿ”–Rectifyq Taxonomies:
Relevancy: ๐Ÿ”ต Potentially Relevant
Category: โš” Threat
โ€ข mitre-att&ck="from-original-src"
โ€ข mitre-att&ck="from-OTX"
โ€ข sub-category="campaign-analysis"
โ€ข topic="ai"
โ€ข target="broad-based"
โ€ข no-samples-in="MalwareBazaar"
โ€ข no-samples-in="Tria.ge"
โ€ข action-taken="VT-comment"

๐Ÿ”–MISP Galaxies:
โ€ข producer="Zscaler"
โ€ข target-information="Brazil"
mitre-attack-pattern=['T1113', 'T1056.001', 'T1543.003', 'T1082', 'T1071', 'T1106', 'T1005', 'T1140', 'T1036', 'T1055', 'T1185', 'T1112', 'T1059', 'T1497', 'T1059.001', 'T1566', 'T1027', 'T1070.004', 'T1518', 'T1569.002']

MISP event uuid: b8e89796-9b5f-440b-aa35-6426dd5ab953
Zscaler
AI Generated ClickFix Attack Delivers SmartRAT | ThreatLabz
ThreatLabz analyzes an AI generated ClickFix campaign that delivers SmartRAT.
2 views