Rectifyq Cybersecurity News 🇲🇾

Rectifyq Cybersecurity News 🇲🇾 pinned «📃Title: Travel Phishing and Cyber Attacks are Surging in 2026, Growing 122% over the last 3 years: How Cybercriminals Are Targeting Travelers in 2026 📅Date: 2026-06-15 🔗References: https://blog.checkpoint.com/research/travel-phishing-and-cyber-attacks-are…»

03:38

📃Title: [Ransomware] Unconfirmed: mli******** UPD******** DAT* DUM* NEW LIN* 10G*
📅Date: 2026-06-24
🔗References: https://www.ransomware.live/id/bWxpdC5jb20ubXkgVVBEQVRFLUZVTEwgREFUQSBEVU1QIE5FVyBMSU5LIDEwR0JAc3Rvcm1vdXM=

🔖Rectifyq Taxonomies:
Relevancy: 🔴 Highly Relevant
Category: 💥 Data Breach
- TA-category="Ransomware"

🔖MISP Galaxies:
- target-information="Malaysia"
- sector="Public Sector"
- ransomware="stormous"
mitre-attack-pattern=[]

MISP event uuid: 3f90713d-8875-4d1f-96e2-5a4aefbfe476

Ransomware.live

Victim: mlit.com.my UPDATE-FULL DATA DUMP NEW LINK 10GB – stormous

Ransomware.live discovered on 2026-06-24 that mlit.com.my UPDATE-FULL DATA DUMP NEW LINK 10GB has been claimed by Stormous ransomware group

11 views22:00

Rectifyq Cybersecurity News 🇲🇾

📃Title: How attackers are jailbreaking LLMs with CTF framing and how to catch them
📅Date: 2026-06-15
🔗References:
https://www.sysdig.com/blog/how-attackers-are-jailbreaking-llms-with-ctf-framing-and-how-to-catch-them

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="ai"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

MISP event uuid: a667f34d-d768-47b3-9f64-ae7a72b86b82

Sysdig

How attackers are jailbreaking LLMs with CTF framing and how to catch them | Sysdig

Sysdig TRT caught threat actors jailbreaking LLMs with CTF framing to generate CVE exploits — and the prompt structure leaks into headers, passwords, and IAM logs.

7 views01:56

Rectifyq Cybersecurity News 🇲🇾

📃Title: Public and Private Medical Community Targeted by Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research
📅Date: 2026-06-16
🔗References:
https://cloud.google.com/blog/topics/threat-intelligence/prc-targets-us-medical-research

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="from-original-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• TA-category="APT"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Mandiant"
• target-information="United States"
• target-information="Canada"
mitre-attack-pattern=['T1190', 'T1555', 'T1567', 'T1505.003', 'T1056.003', 'T1114.003', 'T1554', 'T1090.003', 'T1562.001', 'T1027', 'T1213', 'T1071.001', 'T1689']

MISP event uuid: aa407ecb-686f-4bfa-a7cd-42fa26fd2128

Google Cloud Blog

Public and Private Medical Community Targeted by China-Nexus Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and…

5 views01:56

Rectifyq Cybersecurity News 🇲🇾

📃Title: WebAssembly Malware Found in Trojanized Open VSX Extensions
📅Date: 2026-06-15
🔗References:
https://socket.dev/blog/glasswasm-malware-open-vsx-extensions

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="supply-chain"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="37ebf9d7-5e9a-466f-a42c-6e60313db868"
mitre-attack-pattern=['T1195.001', 'T1036.005', 'T1204.002', 'T1573.001', 'T1497.001', 'T1140', 'T1497.003', 'T1102', 'T1059.001', 'T1059.004', 'T1562.001', 'T1027', 'T1518.001', 'T1059.003', 'T1071.001', 'T1105', 'T1102.001']

MISP event uuid: 43eb70af-9f4f-4cb9-98c9-15bcea35e6a9

Socket

GlassWASM: WebAssembly Malware Found in Trojanized Open VSX ...

The trojanized extensions use TinyGo-compiled WebAssembly and Solana transaction memos to resolve command-and-control infrastructure.

4 views01:57

Rectifyq Cybersecurity News 🇲🇾

📃Title: Gamers beware: malicious wallpapers on Steam found stealing accounts
📅Date: 2026-06-16
🔗References:
https://securelist.com/dozens-of-malicious-wallpapers-found-on-steam-workshop/120186/

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Kaspersky"
• target-information="British Indian Ocean Territory"
• target-information="Canada"
• target-information="China"
• target-information="Germany"
• target-information="Hong Kong"
• target-information="India"
• target-information="Russia"
• target-information="Singapore"
mitre-attack-pattern=['T1543', 'T1539', 'T1547', 'T1564', 'T1071', 'T1140', 'T1562', 'T1555', 'T1055', 'T1560', 'T1608', 'T1204', 'T1574', 'T1078', 'T1027', 'T1573', 'T1496', 'T1485', 'T1518', 'T1105']

MISP event uuid: 51c79e71-685f-4c88-b907-1579de218020

4 views01:57

Rectifyq Cybersecurity News 🇲🇾

📃Title: New APT-Q-27 sample spotted
📅Date: 2026-06-17
🔗References:
https://x.com/askardyuss/status/2066859258130665974

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="malware-analysis"
• TA-category="APT"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
mitre-attack-pattern=['T1204.002', 'T1553.002', 'T1036', 'T1059', 'T1027', 'T1071.001', 'T1574.002', 'T1105']

MISP event uuid: 2af465d9-1888-4e99-abe1-dc82d348aa41

X (formerly Twitter)

Askar (@askardyuss) on X

#ThreatIntel New APT-Q-27 sample spotted! 🚨

The attack leverages a valid digital signature from "广州栩冠科技有限公司" (not revoked yet). The dropper fetches an extension-based module list from C2. Current payloads use DLL Side-Loading via a legitimate Tencent-signed…

5 views01:57

Rectifyq Cybersecurity News 🇲🇾

📃Title: Bluekit Phishing as a Service (PhaaS)
📅Date: 2026-06-16
🔗References:
https://www.cloudsek.com/blog/bluekit-phishing-as-a-service-phaas

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: 💉 Vulnerability
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="tool-profile"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="CloudSEK"
mitre-attack-pattern=[]

MISP event uuid: cab18fbe-dd41-40ba-9768-7b2329c53e94

Cloudsek

Bluekit Phishing as a Service (PhaaS) | CloudSEK

BlueKit is turning phishing into a subscription business, offering 87 ready-made kits, automated account takeover and stealthy peer-to-peer infrastructure. CloudSEK’s investigation reveals how this mature PhaaS platform helps even low-skilled criminals target…

5 views01:57

Rectifyq Cybersecurity News 🇲🇾

📃Title: FortiBleed: 75,000 Fortinet Firewalls Compromised: Global Enterprises Exposed – Claim Your Ethical Disclosure
📅Date: 2026-06-17
🔗References:
https://www.infostealers.com/article/fortibleed-75000-fortinet-firewalls-compromised-global-enterprises-exposed-claim-your-ethical-disclosure/
https://www.linkedin.com/feed/update/urn:li:activity:7471222472193830913/
https://doublepulsar.com/fortibleed-75k-fortinet-firewalls-have-admin-passwords-cracked-60299faa65f8

🔖Rectifyq Taxonomies:
Relevancy: 🔴 Highly Relevant
Category: 💥 Data Breach
• sub-category="report"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

MISP event uuid: 62d63a50-b78f-45df-98a9-da606487a500

InfoStealers

FortiBleed: 75,000 Fortinet Firewalls Compromised: Global Enterprises Exposed – Claim Your Ethical Disclosure

5 views01:57

Rectifyq Cybersecurity News 🇲🇾

📃Title: ClickFix Campaign Generated Via AI Delivers SmartRAT
📅Date: 2026-06-17
🔗References:
https://www.zscaler.com/blogs/security-research/clickfix-campaign-generated-ai-delivers-smartrat

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="from-original-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="ai"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Zscaler"
• target-information="Brazil"
mitre-attack-pattern=['T1113', 'T1056.001', 'T1543.003', 'T1082', 'T1071', 'T1106', 'T1005', 'T1140', 'T1036', 'T1055', 'T1185', 'T1112', 'T1059', 'T1497', 'T1059.001', 'T1566', 'T1027', 'T1070.004', 'T1518', 'T1569.002']

MISP event uuid: b8e89796-9b5f-440b-aa35-6426dd5ab953

Zscaler

AI Generated ClickFix Attack Delivers SmartRAT | ThreatLabz

ThreatLabz analyzes an AI generated ClickFix campaign that delivers SmartRAT.

5 views01:57

Rectifyq Cybersecurity News 🇲🇾

📃Title: More Than 4,000 Legacy Routers Compromised by AryStinger, Turned into Global Attack Proxies for Hackers
📅Date: 2026-06-17
🔗References:
https://blog.xlab.qianxin.com/arystinger-botnet-hijacks-legacy-routers-for-global-attacks-en/

🔖Rectifyq Taxonomies:
Relevancy: 🔴 Highly Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• target-information="China"
• target-information="Malaysia"
• target-information="Singapore"
• target-information="South Korea"
• target-information="Sweden"
mitre-attack-pattern=['T1543', 'T1082', 'T1071', 'T1190', 'T1021', 'T1016', 'T1087', 'T1090', 'T1059', 'T1083', 'T1049', 'T1057', 'T1027', 'T1573', 'T1095', 'T1505', 'T1071.001', 'T1136', 'T1018', 'T1046']

MISP event uuid: 65db42c9-e25b-479e-95cf-d21fd34c73ae

奇安信 X 实验室

More Than 4,000 Legacy Routers Compromised by AryStinger, Turned into Global Attack Proxies for Hackers

Background

On May 20, 2026, the Ministry of State Security's WeChat official account published an article "Your internet is slow, and the culprit turns out to be this!", highlighting that outdated routers are becoming a key entry point for threat actors…

5 views01:57

Rectifyq Cybersecurity News 🇲🇾

📃Title: From emerging threat to top-tier ransomware-as-a-service: The evolution of INC ransomware
📅Date: 2026-06-17
🔗References:
https://www.acronis.com/en/tru/posts/from-emerging-threat-to-top-tier-ransomware-as-a-service-the-evolution-of-inc-ransomware/

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="TA-profile"
• TA-category="Ransomware"
• target="broad-based"
• samples-found-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="8545fbf3-a246-4938-96a9-85a24651ebde"
• ransomware="inc ransom"
mitre-attack-pattern=['T1557', 'T1003', 'T1489', 'T1071', 'T1190', 'T1567', 'T1219', 'T1021.002', 'T1112', 'T1083', 'T1566', 'T1562.001', 'T1078', 'T1486', 'T1027.002', 'T1018', 'T1021.001', 'T1569.002', 'T1490']

MISP event uuid: 3b84c17c-e7c9-4b2f-89aa-2a39620d3f4c

Acronis

From emerging threat to top-tier ransomware-as-a-service: The evolution of INC ransomware

INC has evolved from an emerging ransomware-as-a-service (RaaS) operation into one of the most active ransomware groups in 2026, claiming more than 800 victims since 2023.

6 views01:57

Rectifyq Cybersecurity News 🇲🇾

📃Title: 140+ npm Packages Compromised in Coordinated Supply Chain Attack
📅Date: 2026-06-17
🔗References:
https://socket.dev/blog/mastra-npm-packages-compromised

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="supply-chain"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="37ebf9d7-5e9a-466f-a42c-6e60313db868"
mitre-attack-pattern=['T1132.001', 'T1059.007', 'T1543.003', 'T1497.001', 'T1082', 'T1005', 'T1140', 'T1185', 'T1555.003', 'T1083', 'T1057', 'T1041', 'T1547.001', 'T1027', 'T1195.002', 'T1543.001', 'T1070.004', 'T1071.001', 'T1543.002', 'T1547.013']

MISP event uuid: 79140557-e79d-42f1-ac42-9cfda99c9709

Socket

140+ Mastra npm Packages Compromised in Coordinated Supply C...

More than 140 Mastra npm packages were compromised in a supply chain attack that used a typosquatted dependency to deliver a cross-platform infosteale...

3 views05:11

Rectifyq Cybersecurity News 🇲🇾

📃Title: Okendo Reviews Supply Chain Attack
📅Date: 2026-06-18
🔗References:
https://www.zscaler.com/blogs/security-research/smartapesg-launches-okendo-reviews-supply-chain-attack

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="supply-chain"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Zscaler"
mitre-attack-pattern=['T1053.005', 'T1047', 'T1204.002', 'T1566.002', 'T1082', 'T1140', 'T1059', 'T1218.005', 'T1059.001', 'T1547.001', 'T1027', 'T1573', 'T1195.002', 'T1203', 'T1071.001', 'T1059.005', 'T1105', 'T1204.001']

MISP event uuid: 2bed1cd7-b7d1-4eb0-b03f-9499f23ccc05

Zscaler

SmartApeSG Supply Chain Attack Targets Okendo | ThreatLabz

ThreatLabz identified a SmartApeSG-linked supply chain attack that targeted the Okendo Reviews widget impacting thousands of e-commerce sites.

3 views05:11

Rectifyq Cybersecurity News 🇲🇾

📃Title: Operation Endgame vs. SocGholish Fake Updates
📅Date: 2026-06-18
🔗References:
https://www.infoblox.com/blog/threat-intelligence/hot-take-operation-endgame-vs-socgholish/

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• sub-category="report"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Infoblox"
• malpedia="FAKEUPDATES"
• threat-actor="GOLD PRELUDE"
mitre-attack-pattern=['T1053.005', 'T1033', 'T1132.001', 'T1059.007', 'T1069', 'T1204.002', 'T1082', 'T1036', 'T1087', 'T1583.003', 'T1083', 'T1547.001', 'T1027', 'T1567.002', 'T1518.001', 'T1189', 'T1071.001', 'T1584.001']

MISP event uuid: 0cb847d3-4247-4df8-990c-25e60867a1ce

Infoblox Blog

Operation Endgame vs. SocGholish Fake Updates

Nearly 55% of enterprises were exposed to SocGholish through compromised websites before Operation Endgame disrupted the malware actor connected to EvilCorp.

3 views05:11

Rectifyq Cybersecurity News 🇲🇾

📃Title: Sayonara, SocGholish: Operation Endgame Disrupts Major Cybercrime Operation
📅Date: 2026-06-18
🔗References:
https://www.proofpoint.com/us/blog/threat-insight/sayonara-socgholish-operation-endgame-disrupts-major-cybercrime-operation

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• sub-category="report"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Proofpoint"
• target-information="United States"
• target-information="Australia"
• target-information="Canada"
• target-information="Germany"
• target-information="Netherlands"
• target-information="United Kingdom"
• malpedia="FAKEUPDATES"
• threat-actor="GOLD PRELUDE"
mitre-attack-pattern=['T1059.007', 'T1547', 'T1204.002', 'T1566.002', 'T1140', 'T1190', 'T1219', 'T1036', 'T1090.002', 'T1041', 'T1059.001', 'T1562.001', 'T1078', 'T1027', 'T1486', 'T1203', 'T1189', 'T1071.001', 'T1105', 'T1564.001']

MISP event uuid: cbbb0cbd-c005-4ce4-b14e-402de47bd176

Proofpoint

Sayonara, SocGholish: Operation Endgame Disrupts Major Cybercrime Operation | Proofpoint US

Key Findings Global law enforcement and private sector partners worked to disrupt activity related to TA569, as part of Operation Endgame. TA569 is one of the most prominent

5 views05:11

Rectifyq Cybersecurity News 🇲🇾

📃Title: May 2026 Infostealer Trend Report
📅Date: 2026-06-17
🔗References:
https://asec.ahnlab.com/en/94172/

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• sub-category="report"
• target="broad-based"
• samples-found-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="AhnLab"
• malpedia="Lumma Stealer"
• malpedia="Remus"
mitre-attack-pattern=['T1113', 'T1056.001', 'T1539', 'T1082', 'T1005', 'T1140', 'T1555', 'T1036', 'T1083', 'T1204', 'T1057', 'T1041', 'T1071.002', 'T1547.001', 'T1566', 'T1059.004', 'T1027', 'T1203', 'T1071.001', 'T1574.002']

MISP event uuid: 5c39093d-4670-4614-8a23-63442c98e015

ASEC

May 2026 Infostealer Trend Report - ASEC

May 2026 Infostealer Trend Report ASEC

7 views05:11

Rectifyq Cybersecurity News 🇲🇾

📃Title: Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign
📅Date: 2026-06-17
🔗References:
https://www.trendmicro.com/en_us/research/26/f/claudeai-shared-chat-abused-in-malvertising.html

🔖Rectifyq Taxonomies:
Relevancy: 🔴 Highly Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="infra-profile"
• topic="ai"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Trend Micro"
• target-information="British Indian Ocean Territory"
• target-information="France"
• target-information="Hong Kong"
• target-information="India"
• target-information="Italy"
• target-information="Japan"
• target-information="Malaysia"
• target-information="Singapore"
• target-information="Taiwan"
mitre-attack-pattern=['T1033', 'T1539', 'T1036.005', 'T1497.001', 'T1566.002', 'T1082', 'T1005', 'T1140', 'T1555', 'T1555.003', 'T1083', 'T1552.001', 'T1583.006', 'T1041', 'T1059.004', 'T1204.003', 'T1189', 'T1105', 'T1102.001']

MISP event uuid: f66d7792-44c8-4b5a-8f0e-7357bd8352cb

Trend Micro

Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign

Cybercriminals hijacked Google Ads searches for popular AI developer tools to funnel over 2,000 victims toward malicious download pages before quietly moving their operation onto claude.ai's own platform, turning the trusted domain into a delivery mechanism…

6 views05:11

Rectifyq Cybersecurity News 🇲🇾

📃Title: GitBait: Phishing targeting the Mexican financial sector
📅Date: 2026-06-18
🔗References:
https://www.group-ib.com/blog/gitbait-phishing-mexico-banking-finance-es/

🔖Rectifyq Taxonomies:
Relevancy: ⚫ Not Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Group-IB"
• target-information="Mexico"
• sector="Bank"
mitre-attack-pattern=[]

MISP event uuid: 10458e7b-10eb-4cde-8201-cf2cab6aef88

Group-IB

GitBait: Phishing dirigido al sector financiero mexicano

5 views05:11

Rectifyq Cybersecurity News 🇲🇾

📃Title: Twitter Feed - nextronresearch - 17-06-2026
📅Date: 2026-06-18
🔗References:
https://x.com/nextronresearch/status/2067230614424600844

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="malware-analysis"
• target="broad-based"
• TA-category="APT"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• target-information="India"
• threat-actor="SideCopy"
• threat-actor="Operation C-Major"
mitre-attack-pattern=['T1547', 'T1204.002', 'T1566.001', 'T1082', 'T1140', 'T1036', 'T1112', 'T1059.001', 'T1547.001', 'T1027', 'T1027.002', 'T1071.001', 'T1105', 'T1204.001']

MISP event uuid: d76f1307-3376-49af-bc2c-bc11d8e6c5df

X (formerly Twitter)

Nextron Research ⚡️ (@nextronresearch) on X

Same actor, new lure. This SideCopy (APT36) chain swaps the military briefing for a fake "Minutes Of Meeting" Word doc

Identical playbook: a double-extension Minutes Of Meeting.docx.lnk fires a PowerShell stager (pdfdocs.bat) from a nested pdfdocs\ folder…

11 views05:11

Rectifyq Cybersecurity News 🇲🇾

📃Title: Klue Integration Abused in Salesforce Data Theft | Threat Spotlight
📅Date: 2026-06-17
🔗References:
https://reliaquest.com/blog/threat-spotlight-integration-abused-in-crm-data-theft

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="supply-chain"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="ReliaQuest"
mitre-attack-pattern=['T1213.002', 'T1119', 'T1530', 'T1106', 'T1567', 'T1087', 'T1102', 'T1528', 'T1041', 'T1078', 'T1567.002', 'T1059.006', 'T1213', 'T1071.001', 'T1550.001']

MISP event uuid: eb6c5ce1-e012-43a3-abcd-737099a4de83

ReliaQuest

Klue Integration Abused in Salesforce Data Theft | ReliaQuest Threat Spotlight

Attackers had 24 hours of bulk CRM extraction through a compromised Klue integration—learn what steps you need to take to revoke, hunt, and lock down access immediately

10 views05:11

About

Blog

Apps

Platform