The Reveal Platform
Featured SOC Security Analytics
We’re thrilled to announce that Gurucul has been recognized as a Leader in the 2025 Gartner Magic Quadrant for Security Information and Event Management (SIEM). After three consecutive…
May 12, 2026
HWMonitor Trojanized to Deliver Multi-Stage STX RAT via DLL Sideloading
Threat Research
Introduction HWMonitor, a legitimate hardware monitoring utility developed by CPUID, was observed distributing a trojanized archive through a compromised download workflow. Analysis of a Reddit post led to the discovery of a malicious ZIP archive hosted on a Cloudflare…
Read More
May 12, 2026
Investigating the Alleged Polymarket Data Exposure
Threat Intelligence
Executive Summary On April 28, 2026, the threat actor identified as XORCAT claimed responsibility for an alleged large-scale data exposure involving the decentralized prediction market platform Polymarket. According to the actor, the incident involved a significant API-related exposure affecting…
Read More
May 7, 2026
ClickFix to PureHVNC: Multi-Stage Malware Delivery via Fake Booking Portal
Threat Research
Introduction This campaign leverages the ClickFix social-engineering technique through a fake Booking-themed verification portal hosted at hxxps://bkngpanelcntlrguest[.]com to trick users into manually executing malicious PowerShell commands. By abusing legitimate Windows utilities such as PowerShell, the attackers achieve user-assisted code execution and…
Read More
May 7, 2026
Analyzing the Alleged Udemy Data Leak Claimed by ShinyHunters
Threat Intelligence
Executive Summary On April 26, 2026, the threat actor ShinyHunters claimed responsibility for a major data breach, alleging the exposure of over 1.4 million records. This incident highlights ongoing risks from financially motivated cybercriminal groups targeting large datasets, underscoring…
Read More
May 6, 2026
One USB. No Network Traffic. No Incident. Now What?
The Breach That Never Triggers an Incident Enterprises spend millions on cloud security, firewalls, and network monitoring – yet some of the most damaging breaches happen in complete silence. While ransomware announces itself loudly, USB exfiltration doesn’t. It blends…
Read More
April 29, 2026
Herth+Buss Data Leak Claimed by Qilin Ransomware: Exposure of Financial and Identity Data
Threat Intelligence
Ransomware groups continue to prioritize organizations within global supply chains, where access to financial systems, partner data, and cross-border operations significantly increases monetization opportunities. The recent claim involving Herth+Buss highlights how threat actors are leveraging data exfiltration to…
Read More
April 29, 2026
ADT Inc. Data Breach: Analysis of a Suspected ShinyHunters Data Extortion Campaign
Threat Intelligence
Executive Summary : ADT Inc. disclosed unauthorized access to a subset of customer data, while a threat actor identified as ShinyHunters claimed responsibility for a significantly larger breach involving over 10 million records. The incident evolved into a data…
Read More
April 24, 2026
Vercel Data Exposure Attributed to ShinyHunters Following Infostealer-Driven Third-Party Compromise
Threat Intelligence
Executive Summary A multi-stage intrusion involving Context AI and Vercel has been identified, leading to alleged data exposure and monetization activity attributed to ShinyHunters. The incident originated from a confirmed Lumma Stealer infection on a Context AI employee system, enabling credential theft…
Read More
April 24, 2026
Xinference PyPI Supply Chain Attack: Credential Theft, Cloud Abuse, and Crypto Wallet Targeting
Threat Research
Executive Summary: This report analyzes a supply chain compromise involving malicious Xinference packages on PyPI, which were used to exfiltrate sensitive data, harvest cloud credentials, and target cryptocurrency wallets. On April 22, 2026, a user reported that Xinference version…
Read More
April 17, 2026
CrySome RAT: Multi-Layered Userland Evasion and Post-Exploitation Framework
Threat Research
Overview CrySome RAT is a .NET-based remote access trojan designed for post-compromise control, credential harvesting, and covert system interaction. The malware prioritizes persistence, defense evasion, and operator control over initial access techniques.
Read More
April 14, 2026
Leading the Autonomous SOC: The Future of Machine-Speed Security
SOC
Introduction The global cyber landscape has reached a turning point. Attackers are leveraging automation, distributed computing, and adaptive AI to expand their operations with unprecedented precision, while most Security Operations Centers still depend on human-driven processes designed for a…
Read More
April 13, 2026
LiteLLM Supply Chain Compromise: Downstream Impact Analysis with Mercor Breach Case Study
Threat Research
Executive Summary Supply chain compromise affecting the LiteLLM library (versions v1.82.7 and v1.82.8) resulted in the distribution of malicious packages via PyPI. These packages contained embedded data exfiltration capabilities, enabling unauthorized data collection from downstream environments. Multiple organizations were…
Read More
