Talion Threat Set Radio Talion Threat Intelligence Team

New zero day “similar to proxylogon” used in exchange attacks.
Brute Ratel has been cracked, and will likely replace Cobalt Strike imminently.
A new dropper unloads a dozen infections, some of which are droppers themselves.

Lockbit 3.0 toolkit leaked online by one or more angry developers.
15 year old unpatched Python flaw present in over 350,000 projects.
Emotet post Conti, now distributes Quantum and BlackCat.

Iranian group leverages bitlocker to perform encryption.
Intermittent encryption gains popularity among ransomware operators.
Bumblebee gains new post exploitation and stealth capabilities.

Twilio breach allowed attackers access to Okta single use sign on codes.
Raspberry Robin USB malware linked to EvilCorp via Dridex similarities.
Ransomware written in more obscure languages trend continues with Golang based “Agenda”

LastPass suffers breach, unknown amount of source code stolen.
APT29 and others leveraging dormant accounts to bypass MFA.
Lockbit victim Entrust appears to DDoS the ransomware operation in retaliation.

Electron, the backbone of Teams and Discord, has a one click RCE vulnerability uncovered.
POC for a 9.8 vulnerability targeting Realtek routers released online.
Callback phishing as an attack vector sees an alarming 625% spike from last quarter.