Skip to content
feed: live
>_ 0dayNews
Vendor

Threat Intel & Field Notes

Coverage that doesn't reduce to a single vendor advisory: infostealer and RAT write-ups, threat-actor campaigns and infrastructure takedowns, tooling roundups, and industry analysis on where security practice is falling behind.

Articles
~/articles/2026-07-08-scattered-spider-windows-device-id-court-filing-stokes
Windows Device ID trail led FBI to Scattered Spider suspect
Analysis
threat intel

Windows Device ID trail led FBI to Scattered Spider suspect

A newly unsealed federal complaint says a Microsoft-recorded device ID tied the account behind a Scattered Spider intrusion to 19-year-old Peter Stokes.

read →
~/articles/2026-07-07-accenture-confirms-breach-source-code-claim
Accenture Confirms Breach; Attacker Claims 35 GB Stolen
● Breaking
threat intel

Accenture Confirms Breach; Attacker Claims 35 GB Stolen

Accenture confirmed a security incident. A threat actor is advertising 35 GB of alleged source code for sale. The volume claim is unverified — treat accordingly.

read →
~/articles/2026-07-06-operation-dragonreturn-china-nexus-dcrat-india-tax
DragonReturn Drops DcRAT on Indian Taxpayers
● Breaking
threat intel

DragonReturn Drops DcRAT on Indian Taxpayers

Seqrite Labs attributes an ongoing spear-phishing campaign against Indian tax filers to a suspected China-nexus actor with infrastructure and tactical overlap to Silver Fox. First observed May 18.

read →
~/articles/2026-07-06-quimarat-java-cross-platform-maas-levelblue
QuimaRAT: A $150 Cross-Platform Java RAT MaaS
threat intel

QuimaRAT: A $150 Cross-Platform Java RAT MaaS

LevelBlue profiled a new cross-platform Java RAT sold as MaaS. No confirmed campaigns yet — but the price is low, the payload runs everywhere, and the loader is built to walk past SmartScreen. Assume it lands somewhere soon.

read →
~/articles/2026-07-05-flipper-zero-firmware-maintenance-only-community-driven
Flipper Zero Firmware Goes Maintenance-Only
threat intel

Flipper Zero Firmware Goes Maintenance-Only

Flipper Devices says the Flipper Zero firmware is stable at 1.0 and full-time feature work is over. Community PRs run the future, filtered through GitHub Discussions voting and stricter review. Here's what changes.

read →
~/articles/2026-07-04-metasploit-weekly-smb-meterpreter-peyara-detection
Metasploit's July 3 Drop: SMB-to-Meterpreter, Peyara
threat intel

Metasploit's July 3 Drop: SMB-to-Meterpreter, Peyara

Rapid7 shipped an SMB-to-Meterpreter session upgrade and a Peyara Remote Mouse RCE module this week. Neither is novel research. Both change what your alerts will look like. Here's the tune.

read →
~/articles/2026-07-04-orchid-iga-ai-agents-lifecycle-gaps
IGA Was Built Around Employment Records, Not Agents
Analysis
threat intel

IGA Was Built Around Employment Records, Not Agents

A contributed piece to The Hacker News from Orchid Security lays out where the joiner-mover-leaver model quietly fails for AI agents. Vendor-adjacent, but the gap analysis holds.

read →
~/articles/2026-07-04-talos-catan-and-mouse-curiosity-defensive-skill
Talos on Curiosity: A Skill That Doesn't Scale
Analysis
threat intel

Talos on Curiosity: A Skill That Doesn't Scale

William Largent's Threat Source column this week reads as an essay on board games and pattern recognition. It's really an argument about the load-bearing skill that keeps a defender from becoming a checklist.

read →
~/articles/2026-07-03-pamstealer-macos-maccy-impersonation-jamf
PamStealer: A Fake Maccy Site Steals macOS Creds
threat intel

PamStealer: A Fake Maccy Site Steals macOS Creds

Jamf Threat Labs disclosed a new macOS credential stealer today that impersonates the Maccy clipboard app, validates the victim's login password against PAM in real time, and exfiltrates keychain and browser data. Apple Silicon only. Here's what defenders should do.

read →
~/articles/2026-07-03-fbi-netnut-popa-botnet-takedown
FBI Seizes NetNut Proxy, Google Degrades Popa Botnet
threat intel

FBI Seizes NetNut Proxy, Google Degrades Popa Botnet

The FBI seized hundreds of NetNut proxy domains on July 2; Google's Threat Intelligence Group, working with FBI and Lumen, cut the linked Popa botnet's usable device pool by millions the same day.

read →