by Eric J. Taylor | Jun 30, 2026 | Blog Post, CTI Report
A genuine login.microsoftonline.com link — no typosquat — is abused as an open redirect to deliver a malicious MSI that installs the Ninite Pro Remote agent as a SYSTEM service, which then deploys TeamViewer and AnyDesk for persistent remote control. Here is exactly...
by Eric J. Taylor | Apr 23, 2026 | Blog Post, CTI Report
Received: 2026-04-22 Case opened: 2026-04-22 Subject of targeting: Eric J. Taylor — Barricade Cyber Solutions, author of [CTI Report: ShadowByt3$ Ransomware Group](https://barricadecyber.com/cti-report-shadowbyt3-ransomware-group/) published 2026-04-15 Attributed...
by Eric J. Taylor | Apr 15, 2026 | CTI Report
Published: 2026-04-15Classification: TLP:CLEARPrepared by: Barricade Cyber SolutionsSource: Primary source analysis — leaked source code, Telegram channel export, DLS screenshots, PwnForums posts, Rootsploit forum activity, VirusTotal submissions, blockchain explorer...
by Eric J. Taylor | Apr 13, 2026 | Blog Post, CTI Report
Published: 2026-04-13 | Updated: 2026-04-15Classification: TLP:CLEARPrepared by: Eric TaylorSource: 0APT leak, panel.sql database analysis, leaks_db.sql file inventory, 0APT server files leaked by Krybit, DLS screenshots, nginx access logs, bash history Two Ransomware...
by vqfvznbmglfx | Feb 24, 2026 | Blog Post, CTI Report
Introduction In the rapidly evolving world of cyber threats, SAFEPAY ransomware has emerged as a formidable adversary. First identified in November 2024, this group has quickly escalated its activities, targeting over 169 organizations by May 2025, with a significant...