Threat Intelligence · 71 articles

Threat Intelligence

Recent CVEs, active exploitation campaigns, threat actor TTPs, IOC analysis.

Threat Intelligence

Python Pickle Deserialization: The 20-Year-Old Footgun

Pickle on untrusted input is RCE by design. Where it hides — cache layers, session storage, Celery task arguments, ML models, cookie…

Apr 25, 2026 · 3 min read
Red Teaming

ProxyShell: The Exchange Vulnerability That Fueled Ransomware

ProxyShell (CVE-2021-34473/34523/31207) chain — pre-auth RCE on Exchange. Why it became ransomware fuel, IoCs (webshells in Exchange directories, anomalous PowerShell remoting), patching…

Apr 25, 2026 · 2 min read
Red Teaming

CVE-2024-1086 (nf_tables): Linux Kernel LPE Pattern

nf_tables use-after-free in Linux 5.14-6.6 — LPE plus container escape via user namespace. Public exploit, affected kernels, detection, and the broader kernel-CVE…

Apr 25, 2026 · 3 min read
Blue Team

Recent Ransomware Groups Targeting Indian SaaS in 2026

Active ransomware groups hitting Indian organisations — RansomHub, Akira, Play / 8base / BlackSuit. Common kill chain (initial access via VPN/RDP, Cobalt…

Apr 25, 2026 · 3 min read
Red Teaming

DirtyPipe (CVE-2022-0847): Why This 3-Year-Old Linux Kernel CVE Still Hits Indian Production

DirtyPipe was disclosed in March 2022. The fix has been available for three years. Yet 1 in 5 Indian Linux pentests still…

Apr 25, 2026 · 6 min read
Red Teaming

PrintNightmare in 2026: The Bug Class Microsoft Couldn’t Quite Kill

PrintNightmare (CVE-2021-1675/34527) was supposed to die in 2021. Print Spooler bugs continue producing new CVEs every year. The bug, the variants since…

Apr 25, 2026 · 5 min read
Threat Intelligence

Log4Shell 4 Years Later: Why It’s Still in 15% of Indian Enterprise Audits

Log4Shell (CVE-2021-44228) was disclosed in December 2021. Four years on, 15-20% of Indian enterprise audits still find vulnerable Log4j. The bug, modern…

Apr 25, 2026 · 6 min read
DPDP Compliance

Incident Response Runbook: Data Exfiltration Under DPDP (India)

Data exfiltration incidents were difficult enough before the DPDP Act 2023. Now they carry statutory teeth: notification obligations to the Data Protection…

Apr 20, 2026 · 7 min read
Security Guides

Incident Response Runbook: Credential Compromise & Session Hijack

Credential compromise rarely announces itself. Ransomware comes with a note; credential theft comes with a successful login from an unexpected IP, an…

Apr 20, 2026 · 7 min read
Security Guides

Incident Response Runbook: Ransomware (Enterprise)

A ransomware incident does not give you time to plan. The first hour sets the trajectory of the next ninety days. Organizations…

Apr 20, 2026 · 6 min read
1 5 6 7 8