Skip to content
Briefings are running a touch slower this week while we rebuild the foundations.See roadmap
Timeline

Mandiant

Google Cloud threat intelligence and IR firm; authors M-Trends; tracks state-sponsored APTs.

17 of 17 entries (16 events, 1 interactions)

Filters
#411 May

Confirmed @shadanai/openclaw and @qqbrowser/openclaw-qbot as additional WAVESHAPER.V2 distribution vectors

Cybersecurity: Threats and Defences: UNC1069 expands the npm WAVESHAPER supply chain
#411 May

Mentioned in: RansomHouse posts Trellix internal screenshots as extortion leverage

Cybersecurity: Threats and Defences
#411 May

Published attribution naming UNC6780 as the Cisco repository breach operator

Cybersecurity: Threats and Defences: UNC6780 takes Cisco AI Defense source code
#411 May

Published attribution report on 11 May 2026 documenting AI-generated zero-day and AI-augmented threat clusters

Cybersecurity: Threats and Defences: GTIG names the first LLM-written working zero-day
#38 May

Mentioned in: Trellix discloses 21-day-old breach of source-code repository

Cybersecurity: Threats and Defences
#48 May

Named UNC6780 as the operator behind the LiteLLM intrusion and documented the 36-hour exploitation window

Cybersecurity: Threats and Defences: LiteLLM SQL injection hits in 36 hours
#37 May

Mentioned in: CSIS calls for operational US-ROK cyber alliance

Cybersecurity: Threats and Defences
#35 May

Co-disclosed UNC1069 activity with GTIG on 5 May

Cybersecurity: Threats and Defences: UNC1069 planted WAVESHAPER.V2 in Axios via maintainer phishing
#81 May

Mentioned in: AISI: GPT-5.5 matches Mythos on 32-step attack

AI: Jobs, Power & Money
#229 Apr

Mentioned in: Three supply-chain hits in thirteen days

Cybersecurity: Threats and Defences
#228 Apr

Mentioned in: Scattered Spider's Bouquet arrested in Helsinki

Cybersecurity: Threats and Defences
#224 Apr

Mentioned in: Federal agency stayed compromised six months

Cybersecurity: Threats and Defences
#223 Apr

Published disclosure of UNC6692 SNOW malware ecosystem and Teams-based social engineering campaign

Cybersecurity: Threats and Defences: UNC6692 runs SNOW through Microsoft Teams
#123 Mar

Mentioned in: CitrixBleed 3 lands on SAML broker

Cybersecurity: Threats and Defences
#111 Mar

Mentioned in: Handala wipes 200,000 devices at Stryker

Cybersecurity: Threats and Defences
#11 Mar

Published M-Trends 2026 report disclosing UNC5221 BRICKSTORM campaign with 393-day average dwell time

Cybersecurity: Threats and Defences: BRICKSTORM dwell hits 393 days, Mandiant
#11 Mar
StatedM2M-Trends 2026
published threat intelligence report
Cybersecurity: Threats and Defences · source event
← Back to Mandiant