• Group-IB | Operation Olalampo: Inside MuddyWater’s Latest Campaign: https://www.group-ib.com/blog/muddywater-operation-olalampo/
• Point Wild | Remcos Revisited: Inside the RAT’s Evolving Command-and-Control Techniques: https://www.pointwild.com/threat-intelligence/remcos-revisited-inside-the-rats-evolving-command-and-control-techniques/
• Lab 52 | Operation MacroMaze: new APT28 campaign using basic tooling and legit infrastructure: https://lab52.io/blog/operation-macromaze-new-apt28-campaign-using-basic-tooling-and-legit-infrastructure/
• therecord.media | Researchers warn Volt Typhoon still embedded in US utilities and some breaches may never be found: https://therecord.media/researchers-warn-volt-typhoon-still-active-critical-infrastructure?&web_view=true

----------

Stay in Touch!
Twitter: https://twitter.com/Intel471Inc
LinkedIn: https://www.linkedin.com/company/intel-471/
YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
Discord: https://discord.gg/DR4mcW4zBr
Facebook: https://www.facebook.com/Intel471Inc/

• The Hacker News | Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging: https://thehackernews.com/2026/02/microsoft-discloses-dns-based-clickfix.html?m=1
• Straiker | SmartLoader Clones Oura Ring MCP to Deploy Supply Chain Attack: https://www.straiker.ai/blog/smartloader-clones-oura-ring-mcp-to-deploy-supply-chain-attack
• InfoStealers | Hudson Rock Identifies Real-World Infostealer Infection Targeting OpenClaw Configurations: https://www.infostealers.com/article/hudson-rock-identifies-real-world-infostealer-infection-targeting-openclaw-configurations/
• Forcepoint | ScreenConnect Under Attack: SmartScreen Evasion and RMM Abuse: https://www.forcepoint.com/blog/x-labs/screenconnect-attack

----------

Stay in Touch!
Twitter: https://twitter.com/Intel471Inc
LinkedIn: https://www.linkedin.com/company/intel-471/
YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
Discord: https://discord.gg/DR4mcW4zBr
Facebook: https://www.facebook.com/Intel471Inc/

*On-Demand - Threat Hunting Workshop: Hunting for Privilege Escalation - Level 2
Watch Now: https://www.intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-privilege-escalation-level-2

----------

Top Headlines:

• Socket | Malicious dYdX Packages Published to npm and PyPI After Maintainer Compromise: https://socket.dev/blog/malicious-dydx-packages-published-to-npm-and-pypi
• Help Net Security | State-backed phishing attacks targeting military officials and journalists on Signal: https://www.helpnetsecurity.com/2026/02/06/state-linked-phishing-europe-journalists-signal/?web_view=true
• Cisco Talos | Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework: https://blog.talosintelligence.com/knife-cutting
• Huntress | They Got In Through SonicWall. Then They Tried to Kill Every Security Tool: https://www.huntress.com/blog/encase-byovd-edr-killer

----------

Stay in Touch!
Twitter: https://twitter.com/Intel471Inc
LinkedIn: https://www.linkedin.com/company/intel-471/
YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
Discord: https://discord.gg/DR4mcW4zBr
Facebook: https://www.facebook.com/Intel471Inc/

• VulnCheck | Metro4Shell: Exploitation of React Native’s Metro Server in the Wild: https://www.vulncheck.com/blog/metro4shell_eitw
• Notepad | Notepad++ Hijacked by State-Sponsored Hackers: https://notepad-plus-plus.org/news/hijacked-incident-info-update/
• ThreatLabz | Operation Neusploit: APT28 Uses CVE-2026-21509: https://www.zscaler.com/blogs/security-research/apt28-leverages-cve-2026-21509-operation-neusploit
• CERT-UA | "Danger Bulletin": UAC-0001 (APT28) carries out cyberattacks against Ukraine and EU countries using the CVE-2026-21509 exploit (CERT-UA#19542): https://cert.gov.ua/article/6287250

----------

Stay in Touch!
Twitter: https://twitter.com/Intel471Inc
LinkedIn: https://www.linkedin.com/company/intel-471/
YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
Discord: https://discord.gg/DR4mcW4zBr
Facebook: https://www.facebook.com/Intel471Inc/

*Threat Hunting Workshop: Hunting for Privilege Escalation - Level 2
February 11, 2026 | 12:00 - 1:00 PM ET
Sign Up: https://www.intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-privilege-escalation-level-2

----------

Out of the Woods: The Threat Hunting Podcast returned with a live episode focused on the trends threat hunters saw repeatedly throughout 2025 and what those patterns point to next.

This episode serves as a threat hunter’s year in review. The discussion walks through the actors, malware, behaviors, tactics, and techniques that consistently surfaced over the year, ties those findings back to MITRE ATT&CK, and connects themes across recent episodes. The focus is on what stayed consistent, what mattered most during hunts, and what those signals reveal about where attention should remain.

The conversation also looks ahead. Based on what emerged in 2025 and how hunts played out across environments, the panel shares perspectives on what is likely to continue, where focus is expected to remain in 2026, and what threat hunters should keep in mind going forward.

Topics covered include:

• Threat actors, malware, and behaviors that appeared most often in 2025
• Tactics and techniques that consistently surfaced across hunts, mapped to MITRE ATT&CK
• Common hunt themes observed across environments throughout the year
• What 2025 trends suggest about threat hunting focus in 2026
• Behaviors and techniques likely to remain relevant moving forward

Watch the episode here: https://youtu.be/GyYTTMNyjCE?si=WynwmHS1psGN9KqO

----------

Stay in Touch!
Twitter: https://twitter.com/Intel471Inc
LinkedIn: https://www.linkedin.com/company/intel-471/
YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
Discord: https://discord.gg/DR4mcW4zBr
Facebook: https://www.facebook.com/Intel471Inc/

*[LIVE] Out of the Woods: The Threat Hunting Podcast – Threat Hunting Year in Review: 2025 Trends and What’s Next
January 29, 2026 | 12:00 - 1:30 PM ET
Sign Up: https://www.intel471.com/resources/podcasts/threat-hunting-year-in-review-2025-trends-and-whats-next

*Threat Hunting Workshop: Hunting for Privilege Escalation - Level 2
February 11, 2026 | 12:00 - 1:00 PM ET
Sign Up: https://www.intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-privilege-escalation-level-2

Top Headlines:

• Google Cloud Blog | Releasing Rainbow Tables to Accelerate Protocol Deprecation: https://cloud.google.com/blog/topics/threat-intelligence/net-ntlmv1-deprecation-rainbow-tables
• BleepingComputer | Hackers exploit security testing apps to breach Fortune 500 firms: https://www.bleepingcomputer.com/news/security/hackers-exploit-security-testing-apps-to-breach-fortune-500-firms/?&web_view=true
• CyberArk | UNO reverse card: stealing cookies from cookie stealers: https://www.cyberark.com/resources/all-blog-posts/uno-reverse-card-stealing-cookies-from-cookie-stealers
• Malwarebytes | Can you use too many LOLBins to drop some RATs?: https://www.malwarebytes.com/blog/news/2026/01/can-you-use-too-many-lolbins-to-drop-some-rats?web_view=true

----------

Stay in Touch!
Twitter: https://twitter.com/Intel471Inc
LinkedIn: https://www.linkedin.com/company/intel-471/
YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
Discord: https://discord.gg/DR4mcW4zBr
Facebook: https://www.facebook.com/Intel471Inc/

*[LIVE] Out of the Woods: The Threat Hunting Podcast – Threat Hunting Year in Review: 2025 Trends and What’s Next
January 29, 2026 | 12:00 - 1:30 PM ET
Sign Up: https://www.intel471.com/resources/podcasts/threat-hunting-year-in-review-2025-trends-and-whats-next

Top Headlines:

• Securonix | Analyzing PHALT#BLYX: How Fake BSODs and Trusted Build Tools Are Used to Construct a Malware Infection: https://www.securonix.com/blog/analyzing-phaltblyx-how-fake-bsods-and-trusted-build-tools-are-used-to-construct-a-malware-infection/
• https://mp.weixin.qq.com/mp/wappoc_appmsgcaptcha?poc_token=HM4cYGmjT2nsqEAFwWn2Sj9R90gqZmI2tEvjWdak&target_url=https%3A%2F%2Fmp.weixin.qq.com%2Fs%3F__biz%3DMzUyMjk4NzExMA%3D%3D%26mid%3D2247507757%26idx%3D1%26sn%3Dcf6b118e88395af45a000aae80811264
• CYFIRMA | APT36 : Multi-Stage LNK Malware Campaign Targeting Indian Government Entities: https://www.cyfirma.com/research/apt36-multi-stage-lnk-malware-campaign-targeting-indian-government-entities/
• BleepingComputer | VSCode IDE forks expose users to "recommended extension" attacks: https://www.bleepingcomputer.com/news/security/vscode-ide-forks-expose-users-to-recommended-extension-attacks/?&web_view=true

----------

Stay in Touch!
Twitter: https://twitter.com/Intel471Inc
LinkedIn: https://www.linkedin.com/company/intel-471/
YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
Discord: https://discord.gg/DR4mcW4zBr
Facebook: https://www.facebook.com/Intel471Inc/

• welivesecurity.com | LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan: https://www.welivesecurity.com/en/eset-research/longnosedgoblin-tries-sniff-out-governmental-affairs-southeast-asia-japan/
• Resecurity | DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists: https://www.resecurity.com/blog/article/dig-ai-uncensored-darknet-ai-assistant-at-the-service-of-criminals-and-terrorists?&web_view=true
• koi.ai | NPM Package With 56K Downloads Caught Stealing WhatsApp Messages: https://www.koi.ai/blog/npm-package-with-56k-downloads-malware-stealing-whatsapp-messages
• zscaler.com | Zscaler Threat Hunting Catches Evasive SideWinder APT Campaign: https://www.zscaler.com/blogs/security-research/zscaler-threat-hunting-catches-evasive-sidewinder-apt-campaign?&web_view=true