⚠ Experiencing an incident? Call +1 833 403 5875 — 24/7 Incident Response Available
ᛊᚲᚢᚷᚷᚨᚺᛖᛁᛗᚨᚱ · Shadow Realm

Skuggaheimar

Mjolnir Security's threat intelligence and research blog. In-depth reports on emerging threat actors, active campaigns, malware analysis, and strategic advisories from our analyst team.

All Threat Intelligence Breach Malware Ransomware Incident Response APT
Featured Report
Zero-Day
REDSUN
NT AUTHORITY\SYSTEM
UNPATCHED
Threat AdvisoryZero-DayApr 23, 2026·No Patch Available

Microsoft Defender RedSun: When the Protector Becomes the Attacker

An unpatched local privilege escalation in Windows Defender that turns the antivirus itself into a SYSTEM-level arbitrary-write primitive. ~100% reliable on patched Win10/11/Server. Being paired in the wild with BlueHammer and UnDefend.

RedSun (Unpatched LPE)
UnDefend (Unpatched)
BlueHammer (CVE-2026-33825)
Read Full Advisory
Recent Reports
Latest Intelligence
RansomwareMalware AnalysisMay 14, 2026

Chaos Ransomware: When the Builder Goes Rogue

The .NET ransomware that destroyed data instead of encrypting it, leaked its builder to the world, and quietly became Yashma. Six versions, hundreds of variants, military contractor targeting.

Read →14 min
Threat IntelligenceData ExtortionMTACApr 22, 2026

Unmasking ShinyHunters — The Most Prolific Data Extortion Group of 2026

650 sensor events. 9 named extortion victims. 429 0ktapus MFA-bypass events. Inside the most prolific data extortion operation of 2026 via MTAC telemetry.

Read →28 min
Threat IntelligenceSupply ChainApr 19, 2026

The Vercel OAuth Identity Compromise

Identity supply chain attack via compromised Context.ai OAuth integration. Attacker inherited refresh tokens, bypassed MFA, and exfiltrated production secrets without stealing a credential.

Read →18 min
Archive
Most Read Reports
04
Threat IntelligenceCVEApr 22, 2026

Under Siege: Active Exploitation of Critical Video Platform Vulnerabilities

05
Threat IntelligenceIoT BotnetApr 21, 2026

Operation DARK LENS — IoT Camera Botnet Recruitment Campaign

06
Threat IntelligenceSpecial ReportMar 28, 2026

Operation IRON VEIL — Iran Conflict Cyber Threat Assessment

07
BreachCVEApr 4, 2026

CVE-2026-35616 | FortiClient EMS API Authentication & Authorization Bypass

08
Incident ResponseDFIR EngagementOct 2024

The Insider Who Wasn't (And Then Was)

09
Threat IntelligenceCryptocurrencyMar 21, 2026

From a Single Address to Full Attribution

10
Incident ResponseDFIR EngagementFeb 2024

The Index That Read Everything First

11
Incident ResponseDFIR EngagementJan 2024

The Files That Never Existed — $I30 Directory Index Slack DFIR

12
Incident ResponseDFIR EngagementMar 2024

The Database That Windows Built — SRUM.db Data Exfiltration DFIR

13
Incident ResponseDFIR EngagementDec 2024

The Rate Limiter Was on the Wrong Field — Credential Stuffing Healthcare DFIR

14
Incident ResponseDFIR EngagementMay 2024

The Keys to Every Kingdom — MSP RMM Supply Chain DFIR

15
Incident ResponseDFIR EngagementSep 2024

The $2.3 Million Email Thread — BEC Wire Fraud DFIR

16
Incident ResponseDFIR EngagementAug 2024

Ghost in the OT Network — Volt Typhoon Water Treatment DFIR

17
Threat IntelligenceCampaign PredictionMar 8, 2026

MIMIR Threat Prediction: Cisco ASA Exploitation

18
Incident ResponseDFIR EngagementJun 2022

Everything Is Fine. The Building Is Fine. — BlackCat Hospital DFIR

19
Threat IntelligenceExtortionMar 13, 2026

ShinyHunters: Anatomy of a Cloud-Native Extortion Empire

20
Mobile ForensicsDFIR ResearchApr 2026

The Ghost Data Problem: Mobile Artifacts Nobody Checks

21
Digital ForensicsDFIR EngagementMar 2025

The Radio That Remembered: Bluetooth Signal Attenuation as a Location Witness

22
Digital ForensicsDFIR ReferenceMar 2025

Windows Server 2025: Entra ID-Joined Endpoints — Complete Forensic Artifact Reference

23
Digital ForensicsMar 2025

The Phone That Forgot Itself: Reconstructing a Wiped iPhone From Mac Artifacts

24
Threat IntelligenceMar 2025

Living Off the Land: Threat Actor Abuse of RMM Tools

25
MalwareMar 5, 2026

RedLine Stealer: The Infostealer That Fueled a Cybercrime Empire

26
MalwareFeb 20, 2026

Cobalt Strike: When Red Team Tools Become the Adversary's Arsenal

27
MalwareFeb 8, 2026

SystemBC: The Ransomware Enabler Hiding in Plain Sight

28
APTOct 2025

Lazarus Group: North Korea's Most Dangerous Cyber Threat

29
RansomwareSep 2025

LockBit Ransomware: Inside the World's Most Prolific RaaS

30
MalwareNov 2025

Emotet: The Botnet That Refuses to Die

31
MalwareAug 2025

Remcos RAT: The Surveillance Tool Turned Cybercrime Staple

32
APTDec 2025

APT28 / Sofacy: Russia's Premier Cyber Espionage Unit

33
MalwareJul 2025

TrickBot: From Banking Trojan to Ransomware Enabler

34
MalwareJan 2026

Mimikatz: The Credential Harvesting Tool Behind Every Breach

35
MalwareJun 2025

QakBot: The Shape-Shifting Malware Distribution Network

36
RansomwareOct 2025

Ryuk Ransomware: Big Game Hunting Pioneer

37
MalwareFeb 2026

DarkGate: The Premium Loader Replacing QakBot

Paid Threat Intelligence Reports Available

In addition to our public research, Mjolnir Security offers detailed, industry-specific threat intelligence reports with actionable IOCs, tailored risk assessments, and strategic recommendations for your organization.

Request Access →

Need help defending against these threats?

Mjolnir Security provides 24/7 incident response, threat hunting, and managed detection services.

Visit mjolnirsecurity.com ↗
or call+1 833 403 5875
ESC
↑↓ Navigate⏎ OpenESC Close