Threat-intelligenceArticles

Expert cybersecurity insights and analysis in threat-intelligence from the MINE2 team.

26 Articles

Category: Threat-intelligence

THREAT INTELLIGENCEAPR 10, 2026• 11 min read

One Token, Dozens of Victims: How the Anodot SaaS Integration Breach Rewrites the Third-Party Risk Playbook

ShinyHunters breached Anodot — a single SaaS analytics integration provider — and used stolen OAuth authentication...

mine2 team

→

THREAT INTELLIGENCEAPR 9, 2026• 14 min read

13 Million Tickets, One Request: How the Adobe BPO Breach Exposes the Third-Party Credential Blind Spot

A threat actor known as Mr. Raccoon allegedly walked into Adobe's support ticketing system through an Indian BPO...

mine2 team

→

THREAT INTELLIGENCEAPR 8, 2026• 11 min read

18,000 Routers, 120 Countries: How APT28's DNS Hijacking Campaign Renders Your M365 Credentials Worthless

Russia's GRU-backed APT28 (Forest Blizzard) compromised 18,000 SOHO routers across 120 countries to silently intercept...

mine2 team

→

THREAT INTELLIGENCEAPR 7, 2026• 12 min read

100 Million Downloads, One Poisoned Package: How the Axios npm Attack Proves Developer Credentials Are the New Crown Jewels

In a three-hour window on March 31, 2026, North Korean threat actor UNC1069 poisoned the Axios npm package — present in...

mine2 team

→

THREAT INTELLIGENCEAPR 6, 2026• 13 min read

Cisco IMC CVSS 9.8 Authentication Bypass: When Attackers Own Your Hardware and EDR Sees Nothing

CVE-2026-20093 allows unauthenticated attackers to seize full hardware-level control of Cisco UCS servers — bypassing...

mine2 team

→

THREAT INTELLIGENCEAPR 6, 2026• 12 min read

React2Shell CVE-2025-55182: 766 Next.js Hosts Breached in Automated Credential-Theft Wave

A CVSS 10.0 pre-auth RCE vulnerability in React Server Components has enabled an automated campaign to compromise 766...

mine2 team

→

THREAT INTELLIGENCEAPR 5, 2026• 14 min read

Device Code Phishing Hits 340+ Microsoft 365 Orgs: Why Cloud Mines Are Your Last Line of Defense

A sophisticated OAuth device code phishing campaign has compromised 340+ Microsoft 365 organisations across five...

mine2 team

→

THREAT INTELLIGENCEAPR 3, 2026• 12 min read

Kerberoasting in April 2026: Why CVE-2026-20833 Enforcement Is Not Enough Without AD Mines

Microsoft's April 2026 RC4 enforcement for CVE-2026-20833 eliminates the weakest Kerberoasting cipher — but 78% of...

mine2 team

→

THREAT INTELLIGENCEAPR 2, 2026• 12 min read

The Service Account Blind Spot: How FortiGate Intrusions Expose the Lateral Movement Crisis

SentinelOne's analysis of March 2026 FortiGate intrusions reveals a brutal playbook: attackers decrypt service account...

mine2 team

→

THREAT INTELLIGENCEMAR 31, 2026• 13 min read

FortiClient EMS Under Fire: CVE-2026-21643 Turns Endpoint Management Into an Attacker's Credential Goldmine

A single unauthenticated HTTP request is all it takes — CVE-2026-21643 lets attackers inject SQL into FortiClient EMS...

mine2 team

→

THREAT INTELLIGENCEMAR 30, 2026• 12 min read

Langflow Under Siege: AI Pipeline RCE Exploited in 20 Hours Exposes the Hidden Credential Crisis in ML Infrastructure

CVE-2026-33017 turned every unpatched Langflow instance into an open door — unauthenticated RCE with a single HTTP...

mine2 team

→

THREAT INTELLIGENCEMAR 29, 2026• 14 min read

The Infostealer Epidemic: 642 Million Stolen Credentials Are Already Inside Your Enterprise

SpyCloud's 2026 Identity Exposure Report reveals 642.4 million exposed credentials harvested from 13.2 million...

mine2 team

→

THREAT INTELLIGENCEMAR 27, 2026• 14 min read

When Defenders' Tools Become Attack Vectors: The Management Platform Exploitation Crisis

CVE-2026-22719 in VMware Aria Operations hit CISA's KEV catalog in March 2026 — one entry in a growing catalog of...

mine2 team

→

THREAT INTELLIGENCEMAR 26, 2026• 14 min read

The AI Agent Credential Heist: How TeamPCP Weaponized LiteLLM to Loot Cloud Environments

In 72 hours, TeamPCP compromised Trivy, Checkmarx, and LiteLLM — a package downloaded 3.4 million times daily —...

mine2 team

→

THREAT INTELLIGENCEMAR 18, 2026• 10 min read

Your EDR Is Dead — Now What? Why Deception Is the Detection Layer That Survives EDR Killers

Ransomware groups now embed BYOVD drivers that kill EDR in seconds. When your endpoint security goes blind, honeytokens...

mine2 team

→

THREAT INTELLIGENCEMAR 13, 2026• 12 min read

DPDP Act 2025 Is Live — And Most Indian Organizations Can't Detect the Breaches It Requires Them to Report

India's DPDP Rules mandate breach notification and reasonable security safeguards. With ₹250 crore penalties and...

mine2 team

→

THREAT INTELLIGENCEMAR 11, 2026• 10 min read

Ransomware's Invisible Kill Chain: Why Lateral Movement Is the Phase Your EDR Can't See

82% of detections are malware-free. Ransomware operators use your own tools against you. Deception technology catches...

mine2 team

→

THREAT INTELLIGENCEMAR 10, 2026• 8 min read

AI Is Supercharging Credential Theft — Here's Why Honeytokens Are Your Best Early Warning

Credential theft surged 160% in 2025 with 1.8B logins stolen. AI-powered infostealers move faster than EDR can react....

mine2 team

→

THREAT INTELLIGENCEMAR 9, 2026• 6 min read

The Rise of the Digital Parasite: Why 82% of Cyberattacks Are Now Malware-Free

CrowdStrike's 2026 Global Threat Report reveals 82% of detections are malware-free. Attackers use stolen credentials...

mine2 team

→

THREAT INTELLIGENCEAUG 18, 2025• 4 min read

LeakNet Ransomware Group Claims Data Breach at SWAN General Limited

LeakNet ransomware group claims responsibility for a data breach at SWAN General Limited, Mauritius. Attackers allege...

mine2 team

→

THREAT INTELLIGENCEAUG 18, 2025• 3 min read

Unverified PayPal Credential Leak Warning: 15.8M Logins for Sale on Hacker Forum

A cybercriminal known as Chucky_BF is selling a dataset of 15.8 million alleged PayPal logins for $750 on a hacker...

mine2 team

→

THREAT INTELLIGENCEAUG 13, 2025• 3 min read

Fortinet SSL VPN and FortiManager Under Coordinated Brute-Force Campaign: August 2025 Threat Analysis

GreyNoise reports a record-breaking spike in brute-force attempts against Fortinet SSL VPN and FortiManager, raising...

mine2 team

→

THREAT INTELLIGENCEAUG 13, 2025• 4 min read

Urgent: CVE-2025-53786 – A Critical Hybrid Exchange Vulnerability That Could Lead to Total Domain Compromise

Microsoft disclosed a critical vulnerability affecting Hybrid Exchange Server environments with CVSS 8.0. This flaw...

mine2 team

→

THREAT INTELLIGENCEAUG 11, 2025• 4 min read

BitUnlocker: A New Threat to BitLocker Security via Windows Recovery Environment

Microsoft's MORSE team revealed BitUnlocker vulnerabilities in Windows Recovery Environment that allow attackers with...

mine2 team

→

THREAT INTELLIGENCEAUG 11, 2025• 5 min read

WinRAR Zero-Day Vulnerability CVE-2025-8088 Exploited by RomCom to Deliver Backdoor Malware

ESET disclosed a critical zero-day in WinRAR (CVE-2025-8088) actively exploited by Russia-aligned RomCom group. The...

mine2 team

→

THREAT INTELLIGENCEAUG 8, 2025• 6 min read

HeartCrypt-Packed EDR Killer (AVKiller): The New Weapon in Ransomware Campaigns

Sophos X-Ops uncovered HeartCrypt, a sophisticated packer-as-a-service used by 8+ ransomware groups to disable EDR and...

mine2 team

→

Ready to Secure Your Network?

Transform your cybersecurity posture with MINE2's advanced cyber deception platform. Detect threats before they become breaches.

Get Live Demo Contact Sales