Blog

Articles on IP threat intelligence, cybersecurity research, honeypot findings and platform updates.

All Apple (1) Buffer Overflow (1) Carderbee (1) Cisco FMC (1) Cobra DocGuard (1) CVE-2025-14174 (1) CVE-2025-43529 (1) CVE-2026-20131 (1) CVE-2026-20700 (1) CVE-2026-32746 (1) Cyber Espionage (2) DarkSword (1) Data Exfiltration (1) Defence-in-Depth (1) EsafeNet (1) Exploit Kit (1) GHOSTBLADE (1) GNU InetUtils (1) Industrial Espionage (1) Interlock Ransomware (1) iOS (1) Java Deserialization (1) Malware (1) Mobile Security (1) Network Security (2) Ransomware (1) RCE (1) Runningcrab (1) Speagle (1) Spyware (1) Supply Chain Attack (1) Telnet (1) Threat Intelligence (3) UNC6353 (1) Vulnerability (2) Watering Hole (1) Zero-Day (3)

Windows Defender Is Crying Wolf: The Nemucod False Positive Hitting Microsoft Teams Users Today

24 Mar 2026 Peter Bassill

Multiple Defender alerts for Trojan:JS/Nemucod are firing across Windows environments today — but the file being flagged is a legitimate Microsoft Teams update. Here is everything you need to know.

Threat Intelligence

Speagle Malware Hijacks Cobra DocGuard to Exfiltrate Data via Compromised Legitimate Servers

20 Mar 2026 Peter Bassill

Symantec and Carbon Black researchers have uncovered Speagle, a novel parasitic malware that abuses the Cobra DocGuard document security platform to harvest sensitive data and exfiltrate it through the software's own compromised server infrastructure — masking malicious traffic as legitimate client-server communications. The campaign, tracked as Runningcrab, appears to specifically target organisations with Cobra DocGuard installed.

Carderbee Cobra DocGuard Cyber Espionage Data Exfiltration EsafeNet Industrial Espionage Malware Runningcrab Speagle Supply Chain Attack Threat Intelligence

DarkSword iOS Exploit Kit: Six Vulnerabilities, Three Zero-Days, and Full Device Takeover

20 Mar 2026 Peter Bassill

Researchers at Google, iVerify, and Lookout have exposed DarkSword, a full-chain iOS exploit kit targeting iPhones running iOS 18.4–18.7. Leveraging six vulnerabilities including three zero-days, the kit has been used by multiple threat actors — including a suspected Russian espionage group — to silently exfiltrate credentials, crypto wallets, messages, and more within seconds of a single page visit.

Apple CVE-2025-14174 CVE-2025-43529 CVE-2026-20700 Cyber Espionage DarkSword Exploit Kit GHOSTBLADE iOS Mobile Security Spyware UNC6353 Watering Hole Zero-Day

Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Unauthenticated Root Access

20 Mar 2026 Peter Bassill

Interlock ransomware exploited Cisco Secure Firewall Management Center zero-day CVE-2026-20131 (CVSS 10.0) as early as January 2026 — over a month before public disclosure. We examine the full attack chain, the tooling exposed by the threat actor's own opsec failure, and the mitigations every defender should apply immediately.

Cisco FMC CVE-2026-20131 Defence-in-Depth Interlock Ransomware Java Deserialization Network Security Ransomware Threat Intelligence Vulnerability Zero-Day

CVE-2026-32746 Enables Unauthenticated Root RCE

18 Mar 2026 Peter Bassill

A critical, as-yet-unpatched buffer overflow in GNU InetUtils telnetd allows any unauthenticated attacker to achieve remote code execution as root via a single connection to TCP port 23 — no credentials, no user interaction required. A fix is expected by 1 April 2026. Organisations should disable Telnet immediately if it is not strictly necessary.

Buffer Overflow CVE-2026-32746 GNU InetUtils Network Security RCE Telnet Vulnerability Zero-Day