Threat-Intel
Sophos Finds an AI-Orchestrated Lab That Auto-Builds EDR-Evasion Payloads for an Active Ransomware Crew
Sophos X-Ops recovered a post-exploitation framework where AI agents read public research, mapped it to MITRE ATT&CK, and generated ~80 Rust and Go payloads tested against Sophos, CrowdStrike, and Microsoft EDR.
AI at the Wheel: An LLM Agent Ran a Full Cloud Intrusion in Under an Hour
Sysdig's Threat Research Team documented one of the first in-the-wild intrusions where a large language model agent — not a human — drove the entire post-exploitation chain, pivoting from a marimo RCE to a full PostgreSQL dump in four hops.
GREYVIBE: Russia's AI-Assisted APT Is Vibe-Coding Its Way Through Ukraine
WithSecure attributes a year-long espionage campaign against Ukraine to GREYVIBE, a Russia-nexus group that runs generative AI through nearly every phase of its operation — lure art, obfuscators, full-stack RAT development, and post-compromise commands.
MuddyWater Wears Chaos Ransomware as a Disguise — Teams Screen-Sharing Funnels Iranian Espionage Through Fake Extortion
Rapid7 attributes a Chaos-branded ransomware intrusion to Iran's MuddyWater. No files were ever encrypted — the ransom note was cover for Stagecomp/Darkcomp espionage delivered via Microsoft Teams screen-share.
TrueConf Zero-Day Weaponized by Chinese-Nexus APT to Backdoor Southeast Asian Governments
Operation TrueChaos exploited CVE-2026-3502 in TrueConf's update mechanism to push Havoc C2 payloads across government networks via a compromised on-premises server.