soc

The Quarry: Inside the PhaaS Operation Behind Hundreds of IRS and SSA Phishing Campaigns What looks like a wave of disconnected phishing incidents – some impersonating the IRS, others mimicking the Social Security Administration or DocuSign – can trace back to a single developer selling a Phishing-as-a-Service (PhaaS) toolkit to nearly 200 operators. SOCRadar’s Threat […]

Dark Web Profile: Fox Kitten Fox Kitten stands out among Iranian Advanced Persistent Threat (APT) groups for operating on two tracks simultaneously: collecting intelligence for the Iranian regime while brokering network access to ransomware affiliates for profit. That dual mission, combined with a persistent focus on exploiting internet-facing VPN and firewall devices, makes Fox Kitten […]

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-20262 Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability CVE-2026-54420 LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant […]

Iran Hajj Organization Data Claim, Crypto Leads Sale, APT43 Tooling Claim, Sweden User Data, and Chrysler Breach Claim SOCRadar’s Dark Web Team identified several new underground posts, including an alleged 168 million-record database sale tied to Iran’s Hajj and Pilgrimage Organization and a separate listing offering large volumes of U.S. crypto-related leads. Other posts claimed […]