Mjolnir Security's threat intelligence and research blog. In-depth reports on emerging threat actors, active campaigns, malware analysis, and strategic advisories from our analyst team.
An employee departed on a Monday. His Active Directory account was still fully live eight days later. The ransomware operator who found his LinkedIn password was grateful. XYZ Company, which paid $500,000 in Bitcoin, was not.
A threat actor knew the IT admin's 96-character domain admin password. Then knew the new one, an hour later. Three days of forensics found nothing. The answer was a five-minute conversation about someone's morning routine.
An unpatched local privilege escalation in Windows Defender that turns the antivirus itself into a SYSTEM-level arbitrary-write primitive. ~100% reliable on patched Win10/11/Server 2025.
The .NET ransomware that destroyed data instead of encrypting it, leaked its builder to the world, and quietly became Yashma. Six versions, hundreds of variants, military contractor targeting.