Threat Overview

Cybersecurity Hub

Actors, campaigns and threat signal summaries

This is a cybersecurity hub view of threat activity. For the full Threat Intelligence product area — including actor databases, campaign tracking, IOC feeds and monitoring tools — visit Threat Intelligence.

Active threat signals

ransomware_activityTLP:AMBERCritical

VoidLock Collective claims new healthcare victims

The ransomware group posted redacted claims against two mock healthcare organizations. Defensive teams should review VPN exposure and phishing controls.

dark_web_monitoring_mock26 days ago

infrastructure_changeTLP:AMBERHigh

Phantom Crane infrastructure shift detected

Analysts observed Phantom Crane moving C2 infrastructure to new cloud regions. The shift correlates with expanded targeting of telecom providers.

vendor_report27 days ago

malware_activityTLP:GREENHigh

NeonStealer campaign targeting e-commerce payment flows

Phishing kits deploying NeonStealer have increased in volume. The stealer harvests browser credentials and payment data from e-commerce sessions.

open_source27 days ago

dark_web_signalTLP:REDCritical

SilkGate Broker advertising VPN access to healthcare networks

Mock initial access broker listing claims VPN access to three healthcare organizations. All details are redacted and fictional.