Daily Digest

Iranian APTs Evolve with Telegram C2, Ransomware Industrializes, and Critical Flaws Threaten Global Servers to Kick Off 2026

Iranian APTs Evolve with Telegram C2, Ransomware Industrializes, and Critical Flaws Threaten Global Servers to Kick Off 2026

January 1, 2026
3 articles (2 new, 1 updated)
10 min read

Summary

This cybersecurity brief for January 1, 2026, covers a significant escalation in threat actor sophistication and critical infrastructure risks. Key developments include the Iranian APT 'Prince of Persia' adopting Telegram for command-and-control, the industrialization of Ransomware-as-a-Service (RaaS) into cartel-like operations, and the active exploitation of critical vulnerabilities like 'MongoBleed' (CVE-2025-14847) in MongoDB and 'React2Shell' (CVE-2025-55182) in Next.js servers. State-sponsored groups from China (Mustang Panda) and South America (BlindEagle) have also deployed advanced stealth techniques, while major data breaches at organizations like the University of Phoenix highlight the severe impact of these evolving threats.

Filter by Category

New Articles (2)

Year-End Report: Ransomware Industrializes into Cartels, Edge Devices Become Top Target

INFORMATIONAL

2025 Cybersecurity Review: The Industrialization of Ransomware and the Crisis in Edge Device Security

A year-end analysis of the 2025 threat landscape highlights two dominant and transformative trends for enterprises. First, Ransomware-as-a-Service (RaaS) has 'industrialized,' with threat groups operating like sophisticated cartels and employing 'Extortion 2.0' tactics that involve both data encryption and theft. Second, network edge devices such as VPNs, firewalls, and routers have become the primary target for state-sponsored actors seeking initial access. Experts recommend 'industrial defenses,' including immutable backups and aggressive patch management, and a strategic shift towards Secure Access Service Edge (SASE) architecture to counter these evolving threats.

January 1, 2026
5 min read
RansomwareRaaSEdge SecurityVPNFirewall +5 more
Year-End Report: Ransomware Industrializes into Cartels, Edge Devices Become Top Target
Threat Intelligence
Ransomware
Security Operations

Report: AI-Powered Social Engineering and Identity Attacks Dominated 2025

INFORMATIONAL

Tidal Cyber's 2025 Report: AI-Powered Social Engineering and Identity-Driven Attacks Reshape Threat Landscape

The 2025 Threat-Led Defense Report from Tidal Cyber reveals a significant shift in the threat landscape, where attackers are adapting faster than security defenses. Key trends from 2025 include the widespread adoption of AI to automate and scale highly convincing social engineering campaigns, and a strategic pivot towards identity-driven attacks. Adversaries are increasingly targeting SaaS platforms, cloud administration accounts, and single sign-on (SSO) services to gain broad access without deploying traditional malware. The report also notes that zero-day exploits are now being leveraged by a wider range of criminal and hybrid actors, not just elite state-sponsored groups.

January 1, 2026
6 min read
Threat LandscapeAISocial EngineeringIdentity AttackSaaS +4 more
Report: AI-Powered Social Engineering and Identity Attacks Dominated 2025
Threat Intelligence
Policy and Compliance
Cloud Security

Updated Articles (1)

Hackers Use Animated Lures and Fake Legal Warnings to Spread Malware

HIGH

HP Report: Cybercriminals Evolve Social Engineering with Animated Lures and Abuse of Trusted Platforms like Discord

Update:

The previously reported trend of sophisticated social engineering and legal threat impersonation against Colombian entities has been concretely attributed to the BlindEagle APT (APT-C-36). This update details their successful breach of a Colombian government agency (MCIT) via a compromised internal email account. The attack used an SVG attachment disguised as a legal notice, leading to a multi-stage, file-less infection chain involving obfuscated PowerShell executed via WMI. Payloads were retrieved from legitimate services like Internet Archive and Discord, culminating in the injection of the DCRAT RAT into MSBuild.exe using Process Hollowing. This provides specific TTPs and attribution for the general threats discussed.

December 11, 2025
Updated: January 1, 2026
4 min read
Social EngineeringPhishingPureRATPhantom StealerInfoStealer +2 more
Hackers Use Animated Lures and Fake Legal Warnings to Spread Malware
Phishing
Malware
Threat Intelligence

📢 Share This Publication

Help others stay informed about cybersecurity threats