All Issues
A weekly briefing on digital forensics news, threat intelligence, historic case studies, and the tools shaping modern investigations. Missed an issue? Read it online or download the PDF below.
Find this useful? Give the project a star on GitHub 👇
Star on GitHubRecent Issues
The Takedown: Operation Endgame Guts the Stealer-Loader Backbone & DOJ Seizes a Crypto-Laundering Hub
- Operation Endgame — 326 servers & 142 domains down; SocGholish, Amadey & StealC disrupted, 27M credentials recovered
- DOJ seizes Huione's cloud infrastructure as Treasury targets a Southeast Asian laundering hub
- CVE-2026-20230 Cisco Unified CM SSRF-to-root (KEV) & CVE-2026-12569 PTC Windchill RCE (CVSS 9.3)
- CryptoBandits — stealer-backdoor hides C2 behind Tor and local proxies to drain crypto wallets
Blinding the Watchdogs: A RaaS-Built EDR Killer Hits 400+ Tools While macOS Quietly Logs Every Click
- Gentlemen RaaS ships "GentleKiller" — 8 BYOVD variants disable 400+ security processes across ~48 products
- New macOS Tahoe Biome App.MenuItem stream timestamps every menu click, reconstructing deliberate user actions
- CVE-2026-48907 Joomla JCE (CVSS 10.0, KEV) & CVE-2026-42530 NGINX HTTP/3 RCE
- Rokarolla — Android banker with 137 commands hits 217 banking & crypto apps
Built by Machines: 400+ Poisoned Arch Packages, an AI-Assembled Ransomware Toolkit & a PeopleSoft Zero-Day Spree
- Arch AUR — 400+ packages spiked with an eBPF rootkit and credential stealer via maintainer spoofing
- Sophos finds an 80-module attack toolkit built with AI coding agents (Cursor & Claude Opus)
- CVE-2026-35273 PeopleSoft 0-day (CVSS 9.8, ShinyHunters) & CVE-2026-20253 Splunk RCE
- Backdoor.Turn — DragonForce hides C2 inside Microsoft Teams TURN relay servers
Attackers Hide in Trusted Ground: Steam-Profile C2, an npm Key-Harvesting Worm & a Check Point VPN Zero-Day
- WordPress → Steam — ~2,000 hacked sites pull C2 from Steam profile comments via invisible Unicode dead drops
- IronWorm npm worm — 36 packages harvest Anthropic/OpenAI/AWS keys, SSH keys, and crypto wallets
- CVE-2026-50751 Check Point VPN (CVSS 9.3, Qilin) & CVE-2026-42271 LiteLLM RCE
- Magecart — Google Tag Manager & Stripe API skimming slips past CSP and blocklists
Previous Issues
Issue 18
June 2, 2026
SonicWall VPNs Breached as Akira Bypasses MFA & Turla Rebuilds Kazuar Into a Stealth P2P Botnet
Issue 17
May 26, 2026
GitHub Breached via Malicious VS Code Extension & Microsoft Dismantles the "Fox Tempest" Malware-Signing Service
Issue 16
May 19, 2026
Grafana's GitHub Token Heist & an 18-Year-Old NGINX Heap Overflow Hits Active Exploitation
Issue 15
May 12, 2026
RansomHouse Breaches Trellix & "Copy Fail" Creates a Forensic Blind Spot on Linux
Issue 14
May 5, 2026
ShinyHunters Hits 275M Canvas Users & cPanel Zero-Day Wipes 40,000 Servers
Issue 13
April 28, 2026
Scattered Spider Guilty Plea & UNC6692 Turns FTK Imager Against Defenders