AlphaHunt
@alphahunt.io
Your CTI Flight Crew — Anticipate, Don’t Chase.
alphahunt.io
by csirtgadgets.com
#AskYourTIP #AlphaHunt #ThreatIntel
@csirtgadgets.bsky.social
linkedin.com/company/csirtg
https://www.linkedin.com/in/wesyoung/
x.com/alphahunt_io
x.com/csirtgadgets
alphahunt.io
by csirtgadgets.com
#AskYourTIP #AlphaHunt #ThreatIntel
@csirtgadgets.bsky.social
linkedin.com/company/csirtg
https://www.linkedin.com/in/wesyoung/
x.com/alphahunt_io
x.com/csirtgadgets
Get ahead of the breach—subscribe for the full forecast. -> blog.alphahunt.io/coldrivers-n...
COLDRIVER’s Next Move
COLDRIVER went from LOSTKEYS to a full “ROBOT” chain and ClickFix tricks—then started poking linked-device flows. We put 75% on a truly new family or access vector within 12 months.
blog.alphahunt.io
November 9, 2025 at 8:46 PM
Get ahead of the breach—subscribe for the full forecast. -> blog.alphahunt.io/coldrivers-n...
Get the odds, not the vibes—read more -> blog.alphahunt.io/storm-2657-w...
Storm-2657 Watch: Does Workday mark the start — or just the first stop?
Workday was the first stop, not the destination. We’re at 62% odds it hits another payroll stack by 2026-04-17. Harden all the paydoors, not just the pretty one.
blog.alphahunt.io
November 9, 2025 at 4:28 PM
Get the odds, not the vibes—read more -> blog.alphahunt.io/storm-2657-w...
Subscribe for the full playbook—don’t let attackers live rent‑free. 🧨
blog.alphahunt.io/cl0p-fin11-g...
blog.alphahunt.io/cl0p-fin11-g...
CL0P/FIN11 Go In-Memory on Oracle EBS — The Extortion Comes Later
Oracle EBS got in-memory Java loaders, not lockerware. Patch CVE-2025-61882, lock egress, hunt TemplatePreviewPG with TMP|DEF + XSL-TEXT|XML. Extortion rides in via “pubstorm.”
blog.alphahunt.io
November 8, 2025 at 8:51 PM
Subscribe for the full playbook—don’t let attackers live rent‑free. 🧨
blog.alphahunt.io/cl0p-fin11-g...
blog.alphahunt.io/cl0p-fin11-g...