Telegram Intel Intelligence
Live threat intelligence collected from criminal Telegram channels — real-time threat actor communications, malware distribution campaigns, and first-look intelligence before it hits mainstream reporting.
Telegram Intel — Archive & Latest
Storm-3075 AI Impersonation & UAT-8616 SD-WAN Exploitation: SilabRAT, Vidar, and Cisco Breaches
Active exploitation of Cisco SD-WAN (CVE-2026-20128) and AI-themed campaigns delivering Vidar/SilabRAT. Urgent detection required.
Gremlin, SilabRAT & AI-Themed Stealers: OTX Pulse Analysis — Credential Theft & Supply Chain Threat Pack
Active campaigns using Gremlin Stealer, SilabRAT, and AI-themed phishing targeting credentials via supply chain and malvertising. High Urgency.
QILIN Ransomware: Surge in Legal & Business Services Attacks — Global Campaign Analysis & Detection Rules
Qilin aggressively targets US/EU legal and professional services. Briefing includes TTPs, Sigma rules, and immediate containment actions.
Gremlin Stealer, SilabRAT, and PyPI Supply Chain Attacks: OTX Pulse Analysis
Multi-vector credential theft campaign involving AI-themed phishing, malicious Python packages, and evolved info-stealers targeting enterprises.
QILIN Ransomware: Aggressive Campaign Targeting Business Services & Legal Sector Exploiting Firewall Flaws
Qilin group heavily targets Business Services and Legal firms using Check Point & ScreenConnect flaws. Immediate patching required.
4BID Hacktivist Ops, Needle Crypto-Stealer, & The Gentlemen Ransomware: OTX Pulse Analysis
OTX pulses reveal active 4BID hacktivism via ProxyShell, Needle MaaS crypto-theft, and The Gentlemen ransomware targeting critical sectors.
Storm-3075 AI Impersonation & SilabRAT MaaS Campaign: Multi-Vector Threat Analysis
AI-themed phishing, credential theft via Vidar/Lumma, and SilabRAT RAT targeting enterprise credentials. CRITICAL urgency.
Vidar, SilabRAT & PyPI Supply Chain Attack: Dark Web Credential Theft Surge
Credential theft via AI impersonation, TikTok tutorials, and malicious Python packages. Urgent detection required.
QILIN Ransomware: 15 New Victims Posted — Legal & Consumer Services Targeted via ScreenConnect & Firewall Exploits
Qilin ransomware posts 15 new victims, heavily targeting US legal and consumer services. Immediate patching of ScreenConnect and Check Point CVEs is critical.
AI Social Engineering, SD-WAN Exploitation, and SilabRAT MaaS: OTX Pulse Analysis
Urgent: Active AI-themed phishing delivering Vidar/Lumma, Cisco SD-WAN exploits (UAT-8616), and SilabRAT MaaS detected. Block IOCs.
Vidar, SilabRAT & PyPI Supply Chain Attacks: Multi-Vector Credential Theft Campaign Analysis
AI-themed lures, PyPI supply chain attacks, and TikTok social engineering drive Vidar and SilabRAT infections. Urgency: High.
QILIN Ransomware Gang: 18 New Victims Posted — Business Services Targeted & Detection Engineering
QILIN ransomware posted 18 new victims this week, heavily targeting Business Services sector across US, EU. Immediate patching of VPN/RDP vulnerabilities critical.
Storm-3075 AI Phishing & SilabRAT MaaS: OTX Pulse Analysis — Enterprise Detection Pack
High urgency: Storm-3075 AI phishing, UAT-8616 Cisco SD-WAN exploitation, and SilabRAT MaaS detected. Actionable IOC pack.
Vidar, Lumma, and SilabRAT: Multi-Vector Credential Theft Campaigns via AI Lures & Supply Chains
OTX Pulse: Vidar/Lumma stealers spreading via AI lures & TikTok; SilabRAT MaaS targeting crypto; Cisco SD-WAN exploits active. (High Urgency)
QILIN Ransomware: Surge in Business Services Attacks & Exploitation of New Check Point CVE
Qilin posts 19 new victims, heavily targeting US Business Services. Immediate patching of Check Point and ScreenConnect CVEs required.
Operation AI Bait & Crypto MaaS: Vidar, SilabRAT, and Needle Campaign Analysis — OTX Pulse Intelligence
Active infostealer campaigns leveraging AI hype, TikTok, and PyPI to distribute Vidar, SilabRAT, and Needle. High urgency for credential defense.
QILIN Ransomware Gang: 19 New Victims Posted — Sector Targeting Analysis & Detection Rules
QILIN intensifies attacks on Business Services sector across US and Europe. Detection rules provided.
The Gentlemen RaaS & AI Supply Chain Poisoning: SystemBC, AMOS Stealer, and CVE-2024-55591 Exploitation
Active RaaS operation Storm-2697 exploits CVE-2024-55591 while threat actors poison AI supply chains with AMOS Stealer. Urgent patching required.
Storm-3075 AI-Themed Social Engineering & 4BID ProxyShell Exploitation: OTX Pulse Intelligence — Enterprise Detection Pack
Storm-3075 & 4BID campaigns: AI phishing & ProxyShell attacks. Urgent: Hunt for Vidar, SilabRAT, Sliver, Lumma Stealer IOCs across enterprise.
Vidar, SilabRAT & Needle C2: Multi-Vector Credential Theft Campaigns Targeting Devs and End Users
Active infostealer campaigns (Vidar, SilabRAT) using AI phishing, TikTok tutorials, and malicious PyPI packages. Urgency: High.
QILIN Ransomware: 19 New Victims Posted — Surge in Professional Services & Detection Engineering
Qilin claims 19 new victims, heavily targeting Business Services & Legal sectors via VPN/RDP exploits. Patch ScreenConnect & Check Point immediately.
The Gentlemen RaaS (Storm-2697) & AI Supply Chain (AMOS Stealer): OTX Pulse Analysis
Alert: The Gentlemen ransomware exploiting CVE-2024-55591 and AI supply chain trojans dropping AMOS stealer. High urgency.
SilabRAT MaaS & Storm-3075 AI Phishing: OTX Pulse Analysis — Enterprise Detection Pack
OTX pulses reveal Storm-3075 AI phishing, SilabRAT MaaS, and 4BID hacktivism. Detect stealers, RATs, and ProxyShell exploits.
Storm-3075, SilabRAT, and AI-Themed Infostealers: OTX Pulse Analysis — Enterprise Detection Pack
Active campaigns using AI phishing, TikTok tutorials, and PyPI supply chain attacks deploy Vidar, SilabRAT, and RustyStealer to steal credentials.
QILIN Ransomware Gang: 19 New Victims Posted — Critical Firewall & RaaS Activity Surge
QILIN claims 19 new victims, heavily targeting US Business Services. Immediate action required on Check Point & Cisco CVEs and RDP hardening.
Storm-3075 AI Phishing, SilabRAT MaaS, and 4BID ProxyShell Campaigns: OTX Pulse Analysis
Analysis of AI-themed credential theft, SilabRAT MaaS operations, and 4BID ProxyShell attacks targeting critical sectors.
AI-Themed Phishing, MaaS Crypto-Stealers, and PyPI Worms: OTX Pulse Analysis — Enterprise Detection Pack
Surge in infostealers (Vidar, SilabRAT) via AI-branded lures and supply chain attacks targeting finance and tech sectors.
QILIN Ransomware Gang: Surge in Attacks on US Business Services & Critical Infrastructure Vulnerabilities
QILIN posts 21 victims, heavily targeting US Business Services via Check Point and ScreenConnect exploits. Immediate patching required.
Storm-3075 AI Phishing, SilabRAT MaaS & 4BID ProxyShell: OTX Pulse Analysis — Enterprise Detection Pack
Storm-3075 uses AI themes for Vidar/Lumma infections; SilabRAT MaaS targets crypto; 4BID exploits ProxyShell for Sliver C2 deployment.
Storm-3075 AI Hype & SilabRAT MaaS: Multi-Vector Infostealer Surge & PyPI Supply Chain Compromise
Critical surge in infostealer campaigns (Vidar, Lumma, SilabRAT) leveraging AI hype, TikTok tutorials, and PyPI supply chains for credential theft.
QILIN Ransomware: Aggressive Campaign Targeting US Professional Services — Critical CVEs & IOCs
Qilin gang heavily targeting US Business Services and Retail. Patch Check Point and ScreenConnect CVEs immediately.
Storm-3075 AI Impersonation & SilabRAT MaaS: OTX Pulse Analysis — Enterprise Detection Pack
Threat actors leverage AI-themed lures for Vidar/Lumma deployment while new SilabRAT MaaS targets crypto wallets. 4BID exploits ProxyShell.
Storm-3075, SilabRAT, and Needle: Multi-Vector Infostealer Campaigns Leveraging AI Hype and Supply Chains
OTX Pulse Analysis: Credential theft surge via AI scams, TikTok tutorials, and crypto-stealers. Block Vidar, SilabRAT, and Needle IOCs immediately.
QILIN Ransomware: 15 New Victims in Professional Services & Retail — KEV Exploitation Alert
Qilin claims 15+ US victims in Business & Consumer services. Immediate patching of ConnectWise and Check Point CVEs is critical.
SilabRAT MaaS, AI Brand Impersonation, and PyPI Supply Chain Attacks: Credential Theft Campaigns — OTX Pulse Analysis
Active Infostealer & C2 campaigns (SilabRAT, Vidar, Needle) use AI phishing, malicious PyPI wheels, and social media to steal crypto & credentials.
QILIN Ransomware: 15+ Victims in 48 Hours — Check Point & ConnectWise Exploitation Surge
Qilin gang posts 15+ new victims targeting US Consumer/Business sectors. Immediate patching for Check Point CVE-2026-50751 required.
AI-Hype Stealers & SilabRAT MaaS: OTX Pulse Analysis — Enterprise Detection Pack
Storm-3075 and o1oo1 exploiting AI trends with Vidar, Lumma, and SilabRAT. High urgency credential theft campaign.
AI-Themed Infostealers & Supply Chain Attacks: Storm-3075, SilabRAT, and PyPI Worms — Detection Engineering
Active campaigns using AI lures (Vidar/Lumma) and malicious PyPI packages (Hades) targeting credentials and crypto. Immediate action required.
QILIN Ransomware: Legal Sector Under Siege — 15 Victims Posted & Critical Check Point CVE Exploited
Qilin posts 15 new victims targeting US legal and energy sectors. Actively exploiting Check Point VPN and ScreenConnect vulnerabilities.
SilabRAT MaaS & AI-Themed Infostealer Operations: Storm-3075 & o1oo1 Analysis
Emerging campaigns using AI-branded lures and SilabRAT to steal credentials/crypto. High urgency for Finance & Tech sectors.
Lumma Stealer, Vidar, and SilabRAT Credential Harvesting Campaigns: OTX Pulse Analysis & Detection Engineering
OTX Pulses reveal active credential theft campaigns via AI social engineering, malicious PyPI packages, and MaaS platforms targeting finance & tech.
QILIN Ransomware: Critical Check Point & Cisco Firewall Exploits Fueling Healthcare & Manufacturing Surge
QILIN gang exploits CVE-2026-50751; targeting US Healthcare & Manufacturing. Detection rules and IOCs included.
OTX Pulse Analysis: 4BID Hacktivist Operations & PAN-OS Zero-Day Exploitation (CL-STA-1132)
4BID group leverages ProxyShell/Sliver to target Gov/Healthcare; CL-STA-1132 exploits PAN-OS zero-day; GriefLure hits Vietnam/Philippines.
AI-Themed Infostealer Surge: Storm-3075, TroyDen, and SilabRAT Campaign Analysis — Detection & Hunt Pack
Urgent: AI-themed campaigns deploying Lumma, Vidar, and SilabRAT. Storm-3075 and TroyDen targeting tech/finance. Includes detection rules.
Storm-3075 & SilabRAT: AI Lures & Supply Chain Worms — OTX Pulse Detection Pack
Storm-3075 and SilabRAT MaaS campaigns target finance/tech via AI lures and malicious packages, deploying Vidar, Lumma, and RustyStealer.
THEGENTLEMEN Ransomware: Global Surge Exploiting Check Point & Cisco Perimeter Flaws
THEGENTLEMEN claims 15+ global victims, heavily targeting Healthcare and Tech via CVE-2026-50751 and ScreenConnect exploits.
AI-Themed Infostealers & 4BID ProxyShell Campaigns: Storm-3075, TroyDen, and 4BID OTX Analysis
Threat actors Storm-3075 and TroyDen leverage AI branding for Lumma/Vidar distribution; 4BID expands hacktivism via ProxyShell.
Infostealer Ecosystem & Supply Chain Compromise: Storm-3075, TroyDen, and Hades Worms
Active credential theft campaigns leveraging AI lures, malicious PyPI/npm packages, and game trojanizers. Urgent detection required.
THEGENTLEMEN Ransomware: Critical Surge in Healthcare & Tech Targets — CVE-2026-50751 Exploitation Analysis
THEGENTLEMEN posted 15+ victims in 24h. Active exploitation of CVE-2026-50751 (Check Point) and ScreenConnect detected. Patching and detection rules required.
ClickFix RATs & CL-STA-1132 PAN-OS Exploitation: OTX Pulse Analysis — Enterprise Detection Pack
Active campaigns targeting macOS/Windows with ClickFix (CastleLoader/AMOS) and critical PAN-OS zero-day exploitation by CL-STA-1132.
Showing 50 of 553 reports. Archive expands automatically as new intel is generated.
Every Telegram IntelReport Includes SIGMA & KQL Detection Rules
Every intelligence briefing on this page includes at least one Sigma rule, a Microsoft Sentinel KQL hunt query, and an IOC check script — ready to drop into your SIEM. No paywall. No registration.