Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Talos Finds Swift Response Key to Blocking Ransomware Deployment
Cisco Talos Incident Response’s analysis of pre-ransomware cases (2023–2025) shows rapid incident handling and tight privilege restrictions as the most effective defenses against ransomware. Common precursors included RDP, PsExec, AnyDesk, and LSASS dumping. Talos recommends MFA, Sysmon, offline backups, and segmentation to prevent full deployment.
Popular npm Libraries Compromised in Phishing Attack on Maintainer
A phishing campaign using a spoofed npmjs[.]help domain let attackers seize a maintainer’s account and corrupt popular npm packages—chalk, debug, and others—with obfuscated browser-side code that hijacked cryptocurrency transactions. The two-hour compromise affected billions of weekly downloads, prompting broad cleanup and ongoing registry monitoring.
Social Engineering via Microsoft Teams Expands With Remote Access and PowerShell Payloads
Permiso identifies a global social engineering campaign exploiting Microsoft Teams to impersonate IT support and deploy PowerShell payloads. Attackers leverage AnyDesk and QuickAssist for remote access, credential theft prompts, and persistence through scheduled tasks or registry keys—showing evolving tactics linked to ransomware and threat clusters like Scattered Spider.
The Gentlemen Ransomware Group Emerges with Custom Tools and Global Impact
Trend Micro attributes a sophisticated new ransomware group, “The Gentlemen,” to attacks on 27 victims in 17 countries. Operators adapt tooling to bypass defenses, abuse privileged credentials and FortiGate accounts, stage encrypted exfiltration via WinSCP, and deploy ransomware domain-wide via NETLOGON—followed by cleanup routines to frustrate recovery and forensics.
HexStrike-AI Abuse Marks Turning Point in Cyber Offense
Check Point reports that HexStrike-AI, initially designed for red teaming, has been weaponized by attackers to exploit Citrix NetScaler CVEs within minutes. Using over 150 coordinated AI agents, the framework automates scanning, exploitation, and persistence, shrinking defensive response time and signaling a major shift toward AI-driven cyber offense.
Namespace Recycling Leaves Thousands of AI Projects Vulnerable
Unit 42 uncovered a systemic AI supply-chain flaw where deleted or transferred model namespaces can be reclaimed by attackers. By recreating trusted Author/ModelName paths, adversaries can insert malicious models into production pipelines. The report urges pinning immutable IDs, internal mirroring, and monitoring namespace changes to prevent silent hijacks.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
