AlphaHunt
LightNews LightNews
banner
alphahunt.io
AlphaHunt
@alphahunt.io
91 followers 100 following 880 posts
Your CTI Flight Crew — Anticipate, Don’t Chase.

alphahunt.io
by csirtgadgets.com

#AskYourTIP #AlphaHunt #ThreatIntel

@csirtgadgets.bsky.social
linkedin.com/company/csirtg
https://www.linkedin.com/in/wesyoung/
x.com/alphahunt_io
x.com/csirtgadgets
Posts Replies Media Videos
alphahunt.io
29% that RedNovember uses a real 0-day in 2026. PoC-first N-days stay the mode, but Ivanti/Cisco edge drama says “don’t sleep.”

Read the forecast ↓ 🔥🛰️
blog.alphahunt.io/will-rednove...

#AlphaHunt #ZeroDay #ThreatIntel #China
November 6, 2025 at 2:09 PM
alphahunt.io
SIGNALS WEEKLY:

A Windows .LNK just became an actual door key. #UNC6384 → PlugX at EU diplomats. CISA drops 2 new KEV vulns (CentreStack/Triofox & CWP) + 5 ICS advisories. Patch what you can, isolate what you can’t. 🗝️🚨

Read → blog.alphahunt.io/signals-week...

#AlphaHunt #Infosec #BlueTeam
November 5, 2025 at 3:01 PM
alphahunt.io
UNC5221’s Q4 playbook: live on the edge, ship a zero-day, let attribution lag do the rest. We’ve got it at 32% before 12/31. Betting line or blind spot? 🧮🔎

Read → blog.alphahunt.io/will-unc5221...

#AlphaHunt #ZeroDay #UNC5221
November 4, 2025 at 2:17 PM
alphahunt.io
SIGNALS WEEKLY: WSUS RCE is live—patch OOB now + watch 8530/8531. Payments fell to 23% in Q3 as crews pivot to insider bribes; Qilin doubles down on ESXi + EDR tamper. 🔧🛡️

Full rundown👇

blog.alphahunt.io/signals-week...

#AlphaHunt #CyberSecurity #Ransomware
October 29, 2025 at 2:45 PM
alphahunt.io
🛰️ Space IoT is under siege: jamming, GPS spoofing, and default creds. 🔥 Quick wins: object-lock, ops-MFA, segment/egress—before space ransomware lands.

Subscribe for the full checklist—beat the jammers.

blog.alphahunt.io/space-iot-un...

#AlphaHunt #CyberSecurity #SpaceTech
October 29, 2025 at 1:57 PM
alphahunt.io
#Cl0p forecast: 20% chance their leak sites go dark by Apr 22, 2026—only if there’s a seizure banner or ≥14 days down w/ LE attribution. Cronos shows it’s doable; Hydra-style mirrors are the boss fight.

🔍🚨🧩 Read: blog.alphahunt.io/cl0ps-leak-s...

#AlphaHunt #Ransomware #ThreatIntel
October 28, 2025 at 1:17 PM
alphahunt.io
#COLDRIVER went from #LOSTKEYS to a full “ROBOT” chain and #ClickFix tricks—then started poking linked-device flows. We put 75% on a truly new family or access vector within 12 months.

Read the forecast 👇
blog.alphahunt.io/coldrivers-n...

#AlphaHunt #ThreatIntel
October 23, 2025 at 1:09 PM
alphahunt.io
SIGNALS WEEKLY (new!):

SNMP rootkits on Cisco (CVE-2025-20352) 🎛️, F5 source-code heist + CISA ED 26-01 🚨, and 175 MS CVEs 📅.

Pick your poison: harden SNMP or inventory+patch BIG-IP today.
blog.alphahunt.io/signals-week...

#AlphaHunt #Cybersecurity #ThreatIntel
October 22, 2025 at 2:31 PM
alphahunt.io
Storm-2657: Workday was the first stop, not the destination.

We’re at 62% odds it hits another payroll stack by 2026-04-17. Harden all the paydoors, not just the pretty one. 🏴☠️🔐

Read → blog.alphahunt.io/storm-2657-w...

#AlphaHunt #BEC #CyberSecurity
October 21, 2025 at 1:17 PM
alphahunt.io
Oracle EBS got in-memory Java loaders, not lockerware. Patch CVE-2025-61882, lock egress, hunt TemplatePreviewPG with TMP|DEF + XSL-TEXT|XML. Extortion rides in via “pubstorm.” 🔒⚙️

Read → blog.alphahunt.io/cl0p-fin11-g...

#AlphaHunt #OracleEBS #CL0P
October 16, 2025 at 1:09 PM
alphahunt.io
Signals Weekly: Oracle zero-days, payroll pirates, Velociraptor persistence & a $15B scam prince getting sanctioned—just another week where “unexpected” means “we ignored the patterns.”
Full breakdown → blog.alphahunt.io/signals-week...

#AlphaHunt #ThreatIntel #CyberSecurity #Infosec #CTI
October 15, 2025 at 2:45 PM
alphahunt.io
TA558 isn’t “innovating,” it’s compounding. JS/VBS→PS + commodity RATs = steady LATAM lift. Odds flip if we see ≥2 NA/EU attributions or a new dominant delivery/payload family.

Beat the headline—read the H1’26 forecast. 🛎️🧳 blog.alphahunt.io/ta558-2026-t...

#AlphaHunt #ThreatIntel #TA558
October 14, 2025 at 1:17 PM
alphahunt.io
Trad-threat-intel is still writing yesterday’s report — we're already placed bets on tomorrow’s breach.

Check out the future of cyber- blog.alphahunt.io/tag/forecasts/

#AlphaHunt #ThreatIntelligence #CyberSecurity #Forecasting
October 13, 2025 at 5:04 PM
alphahunt.io
Oracle EBS zero-day (CVE-2025-61882): OOB patch, KEV-listed, exec extortion emails flying. We’re at 76% that a primary source names it as initial access by 12/31. Raise or fade? 🧨🧭

Read → blog.alphahunt.io/by-dec-31-20...

#AlphaHunt #CVE202561882 #OracleEBS
October 9, 2025 at 1:09 PM
alphahunt.io
Edge stays grimy. We’re at 30% that RedNovember burns a 0-day in ’26. Base rate 25%, pattern still PoC-first. Watch pre-advisory activity + novel C2 + multi-vendor confirm. What’s your earliest tell? 🔥🕵️

Read: blog.alphahunt.io/will-rednove...

#AlphaHunt #ThreatIntel #0day
October 7, 2025 at 1:17 PM
alphahunt.io
Edge boxes ≠ EDR. UNC5221 thrives in that gap. We’re at 55% odds of a non-Ivanti edge 0-day by year-end. BRICKSTORM hid ~393 days on appliances & loves vCenter pivots. Hunting the boxes no one owns yet? 🧱🕵️🔌

Read the card ⤵️
blog.alphahunt.io/by-dec-31-20...

#AlphaHunt #ZeroDay #ThreatIntel
October 2, 2025 at 1:09 PM
alphahunt.io
VoidProxy is turning OTP MFA into wall art—AitM steals your session, not just your creds. Passkeys/FastPass held up in observed attacks. Are you still betting on SMS? 🔐🎭

Read: blog.alphahunt.io/voidproxy-ai...

#AlphaHunt #VoidProxy #AitM
September 30, 2025 at 1:17 PM
alphahunt.io
Modular C2 isn’t a tool—it’s an operating model: snap-in bricks hiding in Graph/SharePoint while legacy alerts nap. ☁️🧩

Our short brief on catching it → blog.alphahunt.io/modular-c2-f...

#AlphaHunt #C2 #DFIR
September 25, 2025 at 1:09 PM
alphahunt.io
Finance cyber’s plot twist: geopolitics. DORA is live, NYDFS deadlines loom, SEC wants 4-day disclosures. Automate triage, drill crisis comms, fix supplier risk—now.

Read → blog.alphahunt.io/blended-geop... 🔧🧭
September 23, 2025 at 1:17 PM
alphahunt.io
SteganoAmor: TA558 hides malware in images, then rides compromised infra to C2. Oil/gas & maritime in scope. Block server egress SMTP/FTP + add steganalysis to mail—now. 🛢️🚢🖼️

Read: blog.alphahunt.io/steganoamor-...

#AlphaHunt #CyberSecurity #OTSecurity #Malware
September 18, 2025 at 1:09 PM
alphahunt.io
PoisonSeed: pass DKIM, steal wallets. AitM proxies beat your OTP, NiceNIC domains beat your filters, and list-export spikes tell on you. Read the playbook, then ship keys (FIDO2) to the people who matter.

#AlphaHunt #CyberSecurity #Phishing #ThreatIntel
September 16, 2025 at 1:17 PM
alphahunt.io
“Space hacks” are mostly ground problems. 🛰️🔓
Think VPN spray + legacy keys + VSAT weirdness → big exfil.

Get the quick wins (object-lock, ops-MFA, segment/egress) here:
blog.alphahunt.io/space-iot-un...

Read, then subscribe for full playbook.

#AlphaHunt #CyberSecurity #SpaceSecurity
September 11, 2025 at 1:09 PM
alphahunt.io
Cozy Bear moved from “.rdp phish” to “fake device-code popups.” The clouds finally played defense together. Check device-code grants + app consents—then kill legacy auth. 🔐🧹
👇 blog.alphahunt.io/russian-apts...

Read & subscribe for detections. #AlphaHunt #CyberSecurity #APT29
September 9, 2025 at 1:17 PM
alphahunt.io
OAuth tokens > firewalls. #UNC6395 loots #CRM via hijacked tokens; #UNC3944 vishes help desks then jumps to hypervisors. Audit scopes. Lock resets with phishing-resistant MFA. Read👇
blog.alphahunt.io/saas-data-th...

#AlphaHunt #CyberSecurity #SaaS #OAuth
September 4, 2025 at 1:09 PM
alphahunt.io
SHAMOS is tricking Mac users via fake “Apple help” ads to paste a one-liner that neuters Gatekeeper—300+ attempts. BYOD is snackable.

Read: blog.alphahunt.io/shamos-macos... 🍪🕷️🍎

#AlphaHunt #CyberSecurity #macOS #Infostealer
September 2, 2025 at 1:17 PM