Telegram Intel Intelligence
Live threat intelligence collected from criminal Telegram channels — real-time threat actor communications, malware distribution campaigns, and first-look intelligence before it hits mainstream reporting.
Telegram Intel — Archive & Latest
KarstoRAT, LofyStealer & Malicious AI Extensions: OTX Pulse Analysis — Credential Theft & Supply Chain Threats
Emerging threats: KarstoRAT, ClickFix, LofyStealer, and malicious AI extensions target credentials via gaming lures, supply chain, and browser extensions. Urgency: High.
FULCRUMSEC Campaign: Exchange & SmarterMail Exploits Drive Surge in US Tech & Healthcare Sector Attacks
FULCRUMSEC exploits Exchange & SmarterMail flaws to target US Tech/Healthcare. Immediate patching of CVE-2023-21529 & CVE-2025-52691 critical.
Rebex Telegram RAT, GachiLoader & TeamPCP CanisterWorm: OTX Pulse Analysis
Urgent: Active Telegram RAT targeting Vietnam, AI-themed GachiLoader, and TeamPCP supply chain wiper detected. Immediate action required.
TeamPCP PyPI Supply Chain Attack, LofyStealer, and GhostSocks Proxy Botnet: OTX Pulse Analysis — Enterprise Detection Pack
OTX detects TeamPCP PyPI attack, LofyStealer targeting gamers, and GhostSocks MaaS proxy botnet. Immediate credential theft risk.
OTX Pulse Analysis: TeamPCP Supply Chain Attack, LofyStealer, & Lumma Campaigns
Active credential theft via PyPI compromise, ClickFix phishing, and mobile trojans targeting banking/gaming.
FULCRUMSEC Gang: Aggressive US Healthcare & Tech Campaign — SmarterMail & Exchange Exploitation Analysis
FULCRUMSEC posts 15+ new victims targeting US Tech/Healthcare via SmarterMail and Exchange exploits. Immediate detection rules included.
TeamPCP Supply Chain & Lumma Stealer Surge: Multi-Vector Credential Theft Campaign — OTX Analysis
OTX pulses reveal active TeamPCP and Lumma Stealer campaigns utilizing PyPI supply chain attacks, ClickFix phishing, and Android malware. Urgency: High.
FULCRUMSEC Ransomware: Critical Campaign Targeting US Tech & Healthcare Sectors
FULCRUMSEC claims 15 new victims in 48 hours, heavily targeting US Technology and Healthcare sectors via Exchange and SmarterMail vulnerabilities.
Rebex Telegram RAT, GachiLoader & TeamPCP CanisterWorm: OTX Pulse Analysis — Enterprise Detection Pack
Active campaigns involving Telegram RATs, AI-themed infostealers, and supply chain attacks on security tools identified.
Supply Chain Attack: TeamPCP Telnyx SDK, LofyStealer & GhostSocks — OTX Pulse Analysis
Active PyPI supply chain compromise (TeamPCP), LofyStealer infostealer, and GhostSocks proxy MaaS detected. Critical credential theft risk.
Supply Chain & Stealer Surge: TeamPCP, Lumma, and KYCShadow — OTX Pulse Analysis
Active credential theft campaigns via PyPI supply chain (TeamPCP), ClickFix phishing (Lumma), and Android banking trojan (KYCShadow).
FULCRUMSEC Campaign Alert: High-Volume Attacks on US Tech & Healthcare Leveraging Edge Vulnerabilities
FULCRUMSEC posts 15+ US victims, exploiting Exchange & Cisco flaws. Immediate patching of CVE-2023-21529 required.
TeamPCP Supply Chain, Rebex Telegram RAT, & GachiLoader: OTX Pulse Analysis
Active campaigns detected: TeamPCP supply chain attack (CanisterWorm), Rebex RAT targeting Vietnam, and GachiLoader dropping Rhadamanthys via AI lures. Urgency: High.
TeamPCP Supply Chain Attack, LofyStealer & GhostSocks Proxy: OTX Pulse Analysis — Enterprise Detection Pack
Critical OTX alerts reveal TeamPCP PyPI supply chain attack, LofyStealer targeting gamers, and GhostSocks MaaS infecting education.
Lumma Stealer Resurgence & Supply Chain Attacks: OTX Pulse Analysis — Enterprise Detection Pack
Active campaigns using Lumma, LofyStealer, and TeamPCP via supply chain and phishing. Urgent credential theft risk.
FULCRUMSEC Campaign Alert: Mass Exploitation of Mail & Firewall Flaws; 15 New US Victims
FULCRUMSEC targets US Tech & Healthcare with SmarterMail/Exchange exploits. 15 new victims posted May 1. Immediate detection guidance inside.
OTX Pulse Analysis: Lumma, LofyStealer, and Supply Chain Attacks — Credential Theft Surge
OTX detects active credential theft campaigns via PyPI supply chain (TeamPCP), ClickFix phishing (Lumma), and Android trojans (KYCShadow). High urgency.
FULCRUMSEC: Aggressive 2026 Campaign Targets US Tech & Healthcare via Exchange & React Exploits
FULCRUMSEC posts 15+ victims in 24 hours; active exploitation of CVE-2023-21529 (Exchange) and React RCEs signals high risk for US Tech/Healthcare sectors.
TeamPCP Supply Chain Attack & GachiLoader AI Lures: OTX Pulse Analysis — Enterprise Detection Pack
OTX pulses reveal TeamPCP exploiting security tools via CVE-2025-55182, GachiLoader using AI lures, and a Rebex Telegram RAT targeting Vietnam. High urgency.
TeamPCP PyPI Supply Chain, LofyStealer, & GhostSocks Botnet: OTX Pulse Analysis — Enterprise Detection Pack
Supply chain attack on Telnyx SDK, LofyStealer targeting gamers, and GhostSocks proxy malware detected. Urgent credential theft risks.
TeamPCP & Lumma Stealer Campaigns: OTX Pulse Analysis — Enterprise Credential Theft Detection Pack
Active infostealer campaigns via PyPI supply chain, ClickFix phishing, and Android malware targeting finance & gaming sectors. High urgency.
FULCRUMSEC Gang: Critical Vulnerabilities Exploited in Surge Against US Tech & Healthcare
FULCRUMSEC leverages SmarterMail/Exchange CVEs to target US Tech/Healthcare. Immediate patching and detection rules required.
TeamPCP PyPI Supply Chain Attack & LofyStealer/GhostSocks Campaigns: OTX Pulse Analysis
Supply chain compromise of Telnyx SDK, LofyStealer targeting gamers, and GhostSocks proxy malware. Critical update.
Supply Chain & Gaming Infostealer Surge: TeamPCP, LofyStealer & Lumma Campaigns — OTX Pulse Analysis
OTX pulses reveal active credential theft targeting developers (PyPI), gamers (Minecraft), and finance (Android). Block TeamPCP and LofyGang IOCs now.
FULCRUMSEC Ransomware: High-Volume Campaign Targets US Healthcare & Tech — Exploitation of Exchange & Firewall CVEs
FULCRUMSEC claims 21 victims, heavily targeting US Healthcare & Tech. Active exploitation of Exchange and Firewall CVEs observed.
Infostealer Surge: TeamPCP Supply Chain, LofyStealer & KYCShadow Analysis
Active infostealer campaigns via PyPI supply chain, ClickFix phishing, and fake KYC apps targeting finance/gaming sectors.
FULCRUMSEC Ransomware: 2026-05 Campaign Targets US Healthcare & Tech via Mail Exploits
FULCRUMSEC posted 15+ victims focusing on US Tech/Healthcare. Active exploitation of Exchange and SmarterMail CVEs observed.
Rebex Telegram RAT, GachiLoader & TeamPCP Supply Chain: OTX Pulse Analysis — Enterprise Detection Pack
Active campaigns include a Telegram RAT targeting Vietnam, AI-themed GachiLoader, and TeamPCP supply chain attacks on security infrastructure. High urgency.
TeamPCP Supply Chain & Multi-Stage Infostealers: OTX Pulse Analysis — Lumma, LofyStealer, KYCShadow
Critical analysis of 5 active campaigns including TeamPCP's PyPI attack and Lumma Stealer variants. High urgency credential theft via supply chain and phishing.
TeamPCP, LofyStealer & GhostSocks: OTX Threat Analysis — Enterprise Detection Pack
Urgent IOCs and detection logic for TeamPCP supply chain attack, LofyStealer infostealer, and GhostSocks proxy malware.
TeamPCP PyPI Attack & Multi-Vector Infostealer Campaigns: OTX Pulse Analysis — Enterprise Detection Pack
OTX pulses expose TeamPCP's Python SDK attack, LofyStealer/Lumma campaigns, and KYCShadow Android trojan. High urgency credential theft.
APT73 Ransomware: Critical Campaign Targets Agriculture & Finance — CVE Exploitation & Detection Rules
APT73 aggressively exploits Exchange and SmarterMail flaws. Immediate patching required for Finance, Ag, and Business Services sectors.
Telegram RAT, Rhadamanthys & ValleyRAT: OTX Pulse Analysis — Enterprise Detection Pack
Telegram RAT, GachiLoader, and Silver Fox targeting Vietnam, Japan, and AI users. High urgency detection pack provided.
TeamPCP Supply Chain, LofyStealer & GhostSocks: OTX Pulse Analysis — Enterprise Detection Pack
OTX pulses reveal TeamPCP PyPI attack, LofyStealer targeting gamers, and GhostSocks proxy botnet. Urgent supply chain & infostealer detection required.
Lumma Stealer, TeamPCP, and KYCShadow: Multi-Vector Credential Theft Ecosystem Analysis
High-volume credential theft campaigns targeting gamers, devs, and finance sectors via supply chain, mobile, and proxy vectors.
APT73 Ransomware Gang: Mass Extortion Campaign Exploiting Exchange & SmarterMail Flaws
APT73 posts 15+ victims targeting Finance and Business Services. Active exploitation of CVE-2023-21529 and SmarterMail flaws observed.
LofyStealer, Lumma & KYCShadow: Multi-Vector Credential Theft Surge — OTX Pulse Analysis
OTX pulses reveal credential theft surge via LofyStealer, Lumma, and KYCShadow using game mods, ClickFix, and PyPI supply chain attacks. Urgency: High.
APT73 Ransomware: 48 New Victims Posted — Critical Infrastructure & Finance Sector Targeting
APT73 claims 48 victims, heavily targeting Finance and Agriculture. Exploiting Exchange and Cisco CVEs. Actionable detection rules included.
PRISMEX, ValleyRAT, and AMOS Stealer: OTX Pulse Analysis — APT Espionage, Targeted Tax Fraud, and AI-Agent Exploitation
Active campaigns: APT28's PRISMEX suite, Silver Fox's ValleyRAT in Japan, and AMOS Stealer via Cursor AI. Urgent detection updates.
GlassWorm, EtherRAT & Rebex Telegram RAT: Blockchain & Messaging C2 Convergence
Active campaigns exploiting Solana/Ethereum blockchains & Telegram for C2. Targets developers, retail & Vietnam via supply chain & CHM lures.
GlassWorm, Lumma Stealer, and Xinference Compromise: Multi-Front Infostealer Assessment
Active campaigns target developers & finance via GlassWorm, Lumma, and KYCShadow. Urgent credential theft via supply chain & phishing.
WANNACRY Resurgence: Critical Infrastructure Assault & 2026 Exploit Campaign Analysis
WANNACRY claims 33 new victims targeting Finance, Energy, and Gov sectors. Immediate action required on SmarterMail, Cisco FMC, and Exchange CVEs.
PRISMEX, ValleyRAT & AMOS Stealer: OTX Pulse Analysis — Enterprise Detection Pack
APT28 uses PRISMEX for espionage; Silver Fox targets Japan with ValleyRAT; AMOS Stealer exploits Cursor AI. Critical urgency.
GlassWorm, EtherRAT & Rebex RAT: Blockchain-C2 and Multi-Stage Supply Chain Attacks
APTs using Solana/Ethereum smart contracts & Telegram API for resilient C2. Targeting developers & retail sectors. Urgency: High.
Multi-Vector Infostealer Surge: Lumma, Rhadamanthys & PyPI Supply Chain Attacks — Detection Engineering
Critical surge in infostealers (Lumma, Rhadamanthys) via PyPI supply chain & AI lures targeting dev credentials. High urgency.
EtherRAT, PRISMEX, and ValleyRAT: Multi-Front APT Campaign Analysis — Node.js Backdoors & Steganography Detection Pack
North Korean & Russian APTs target Finance & Gov sectors with EtherRAT & PRISMEX; Void Arachne hits Japan. High urgency.
ClickFix & GlassWorm: Multi-Vector Stealer and RAT Campaigns — Enterprise Detection Pack
Active ClickFix and GlassWorm campaigns target enterprise devs and finance sectors with stealers and RATs via social engineering and supply chain.
ClickFix, GachiLoader, and KYCShadow: Multi-Vector Credential Theft Campaigns - OTX Pulse Analysis
Active campaigns utilize ClickFix social engineering, AI lures, and fake KYC apps to deploy Lumma, Rhadamanthys, and banking trojans.
WANNACRY Ransomware Gang: 33 New Victims Posted — Critical Infrastructure Targeting & Detection Rules
WANNACRY targets Public Sector and Energy with 33 new global victims. Patch Exchange and SmarterMail CVEs immediately.
PRISMEX, DinDoor, and ValleyRAT: OTX Pulse Analysis of APT28, MuddyWater, and Void Arachne — Enterprise Detection Pack
Analysis of active OTX pulses revealing PRISMEX (APT28), DinDoor (MuddyWater), and ValleyRAT (Void Arachne) targeting govt, finance, and manufacturing.
Showing 50 of 177 reports. Archive expands automatically as new intel is generated.
Every Telegram IntelReport Includes SIGMA & KQL Detection Rules
Every intelligence briefing on this page includes at least one Sigma rule, a Microsoft Sentinel KQL hunt query, and an IOC check script — ready to drop into your SIEM. No paywall. No registration.