Threat-Intel
MuddyWater Wears Chaos Ransomware as a Disguise — Teams Screen-Sharing Funnels Iranian Espionage Through Fake Extortion
Rapid7 attributes a Chaos-branded ransomware intrusion to Iran's MuddyWater. No files were ever encrypted — the ransom note was cover for Stagecomp/Darkcomp espionage delivered via Microsoft Teams screen-share.
TrueConf Zero-Day Weaponized by Chinese-Nexus APT to Backdoor Southeast Asian Governments
Operation TrueChaos exploited CVE-2026-3502 in TrueConf's update mechanism to push Havoc C2 payloads across government networks via a compromised on-premises server.