<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom">
    <channel>
        <title>HTB Blog > Threat Intelligence</title>
        <link>https://www.hackthebox.com/rss/blog/threat-intelligence</link>
        <description>All the latest news and insights about cybersecurity from Hack The Box. Hacking trends, insights, interviews, stories, and much more</description>
        <language>en</language>
        <atom:link href="https://www.hackthebox.com/rss/blog/threat-intelligence" rel="self" type="application/rss+xml" />
        <image>
            <url>
                https://www.hackthebox.com/images/landingv3/logo-htb-blog.svg
            </url>
            <title>HTB Blog > Threat Intelligence</title>
            <link>https://www.hackthebox.com/rss/blog/threat-intelligence</link>
        </image>
                    <item>
                <title>Escaping the Scattered Spider’s web: 6 takeaways from our deep dive</title>
                <link>https://www.hackthebox.com/blog/dissecting-scattered-spider-webinar-ransomware-social-engineering</link>
                <description>Discover how Scattered Spider blends social engineering with technical precision to launch high-impact ransomware attacks.</description>
                <content:encoded>
                    <![CDATA[
                    <img src="/storage/blog/PI00kERdV7JkuLjlOZhCphhC4ZkWd20u.jpg" align="left" hspace="5"/>
                    
                ]]>
                </content:encoded>
                <category>Threat Intelligence</category>
                <pubDate>Wed, 05 Nov 2025 09:57:00 +0000</pubDate>
                <guid>https://www.hackthebox.com/blog/dissecting-scattered-spider-webinar-ransomware-social-engineering</guid>
            </item>
                    <item>
                <title>The Brickstorm breach: Anatomy of UNC5221’s 12-month espionage operation</title>
                <link>https://www.hackthebox.com/blog/f5-networks-breach-unc5221-brickstorm-supply-chain-attack</link>
                <description>F5 Networks was breached for over a year by China-linked APT UNC5221. Learn how Brickstorm malware enabled source code theft and supply chain attack risks—and how to defend.</description>
                <content:encoded>
                    <![CDATA[
                    <img src="/storage/blog/aZvWijc5UPTExaM9dor2qFwDVrSFxogI.jpg" align="left" hspace="5"/>
                    
                ]]>
                </content:encoded>
                <category>Threat Intelligence</category>
                <pubDate>Tue, 04 Nov 2025 08:27:00 +0000</pubDate>
                <guid>https://www.hackthebox.com/blog/f5-networks-breach-unc5221-brickstorm-supply-chain-attack</guid>
            </item>
                    <item>
                <title>Scattered Spider: A 90-day recovery plan to build better resilience</title>
                <link>https://www.hackthebox.com/blog/scattered-spider-cyberattack-recovery-plan</link>
                <description>Learn how organizations can recover from Scattered Spider attacks. Follow our 90-day recovery plan to rebuild systems, strengthen defenses, and boost cyber resilience.</description>
                <content:encoded>
                    <![CDATA[
                    <img src="/storage/blog/UI2Vg7jg1vlRAHiqXgqP1J7lZ9X36ZNt.jpg" align="left" hspace="5"/>
                    
                ]]>
                </content:encoded>
                <category>Threat Intelligence</category>
                <pubDate>Tue, 28 Oct 2025 03:57:00 +0000</pubDate>
                <guid>https://www.hackthebox.com/blog/scattered-spider-cyberattack-recovery-plan</guid>
            </item>
                    <item>
                <title>BianLian’s silent breach: How 1 exploit hit Nippon Steel’s supply chain</title>
                <link>https://www.hackthebox.com/blog/bianlian-nippon-steel-supply-chain-attack</link>
                <description>A deep dive into the Nippon Steel breach and BianLian’s growing focus on supply chain data theft. Learn how to defend your network.</description>
                <content:encoded>
                    <![CDATA[
                    <img src="/storage/blog/V5AXvGaIsO79cwTa3rhh4vemzARfZTqW.jpg" align="left" hspace="5"/>
                    
                ]]>
                </content:encoded>
                <category>Threat Intelligence</category>
                <pubDate>Tue, 28 Oct 2025 02:44:00 +0000</pubDate>
                <guid>https://www.hackthebox.com/blog/bianlian-nippon-steel-supply-chain-attack</guid>
            </item>
                    <item>
                <title>Beware the Cozy Bear: Dissecting APT29&#039;s obfuscated JavaScript watering hole campaign</title>
                <link>https://www.hackthebox.com/blog/apt29-watering-hole-microsoft-device-auth</link>
                <description>Cozy Bear’s watering-hole attack on Microsoft device code auth used obfuscated JS and redirects to compromise 10% of visitors. Learn how to defend against it.</description>
                <content:encoded>
                    <![CDATA[
                    <img src="/storage/blog/xTc74E8VApaUjn7i54L4rVR1XBSOIsJX.jpg" align="left" hspace="5"/>
                    
                ]]>
                </content:encoded>
                <category>Threat Intelligence</category>
                <pubDate>Tue, 23 Sep 2025 01:59:00 +0000</pubDate>
                <guid>https://www.hackthebox.com/blog/apt29-watering-hole-microsoft-device-auth</guid>
            </item>
                    <item>
                <title>CVE-2025-54136: Remote code execution in Cursor editor</title>
                <link>https://www.hackthebox.com/blog/CVE-2025-54136-cursor-code-editor</link>
                <description>See how CVE-2025-54136 lets attackers exploit Cursor’s MCP configs for remote code execution and how to protect your environment.</description>
                <content:encoded>
                    <![CDATA[
                    <img src="/storage/blog/vYR4pCPG0irtr8x6g5jt1xKsXHfonkrv.jpg" align="left" hspace="5"/>
                    
                ]]>
                </content:encoded>
                <category>Threat Intelligence</category>
                <pubDate>Tue, 16 Sep 2025 02:57:00 +0000</pubDate>
                <guid>https://www.hackthebox.com/blog/CVE-2025-54136-cursor-code-editor</guid>
            </item>
                    <item>
                <title>Inside FireAnt: How UNC3886 used 15+ exploits to breach VMware ESXi and avoid detection</title>
                <link>https://www.hackthebox.com/blog/unc3886-fireant-chinese-apt-vmware-esxi-hypervisor-attack</link>
                <description>Discover how Chinese APT UNC3886 used 20+ MITRE techniques in the FireAnt campaign to exploit VMware ESXi hypervisors and evade detection.</description>
                <content:encoded>
                    <![CDATA[
                    <img src="/storage/blog/yGh6ss3UaVtZ1GPSkqzOYURfOuijro5d.jpg" align="left" hspace="5"/>
                    
                ]]>
                </content:encoded>
                <category>Threat Intelligence</category>
                <pubDate>Wed, 10 Sep 2025 10:34:00 +0000</pubDate>
                <guid>https://www.hackthebox.com/blog/unc3886-fireant-chinese-apt-vmware-esxi-hypervisor-attack</guid>
            </item>
                    <item>
                <title>Sandworm unleashed: Inside APT44’s Dune-inspired cyber destruction</title>
                <link>https://www.hackthebox.com/blog/apt-44-sandworm-attack-anatomy-mitre-techniques</link>
                <description>Explore Sandworm (APT44), the Dune-inspired APT group behind NotPetya, Olympic Destroyer, and power grid attacks — and learn how to defend against their tactics.</description>
                <content:encoded>
                    <![CDATA[
                    <img src="/storage/blog/yhDopKGlz7P4QPngjdupYjIeWpZV19WF.jpg" align="left" hspace="5"/>
                    
                ]]>
                </content:encoded>
                <category>Threat Intelligence</category>
                <pubDate>Wed, 06 Aug 2025 09:39:00 +0000</pubDate>
                <guid>https://www.hackthebox.com/blog/apt-44-sandworm-attack-anatomy-mitre-techniques</guid>
            </item>
                    <item>
                <title>Ghost in the PowerShell: APT33’s low-and-slow tactics explained</title>
                <link>https://www.hackthebox.com/blog/how-to-defend-against-apt33-powershell-attacks</link>
                <description>How the Elfin group made the move from quiet espionage to all-out disruption, and how to stay a few steps ahead of its tactics.</description>
                <content:encoded>
                    <![CDATA[
                    <img src="/storage/blog/5db86YnD8Jb2HwkRa7mYYncId30N7xZR.jpg" align="left" hspace="5"/>
                    
                ]]>
                </content:encoded>
                <category>Threat Intelligence</category>
                <pubDate>Tue, 15 Jul 2025 08:20:00 +0000</pubDate>
                <guid>https://www.hackthebox.com/blog/how-to-defend-against-apt33-powershell-attacks</guid>
            </item>
                    <item>
                <title>Inside Salt Typhoon: How Chinese APTs breached US telecoms (and stayed hidden for years)</title>
                <link>https://www.hackthebox.com/blog/salt-typhoon-apt-us-telecom-espionage-attack-analysis</link>
                <description>Call recordings from US presidential campaigns. Wiretaps hijacked. No less than nine telecoms infiltrated—completely undetected—for years. Salt Typhoon didn’t just spy, they embedded.</description>
                <content:encoded>
                    <![CDATA[
                    <img src="/storage/blog/MdmJJKCSGpXl7i5cg7XH6TJmgGQTBI4p.jpg" align="left" hspace="5"/>
                    
                ]]>
                </content:encoded>
                <category>Threat Intelligence</category>
                <pubDate>Mon, 30 Jun 2025 10:23:00 +0000</pubDate>
                <guid>https://www.hackthebox.com/blog/salt-typhoon-apt-us-telecom-espionage-attack-analysis</guid>
            </item>
            </channel>
</rss>
