Sign in Subscribe
Threat Intelligence & Security News

Threat Intelligence & Security News

CyberDesserts covers the threat landscape as it happens, ransomware campaigns, vulnerability disclosures, and emerging attack techniques. Written for security practitioners who need to understand what's happening, why it matters, and what to do about it. No vendor noise. No recycled press releases. Just analysis grounded in 20+ years of defending real organisations.
24
May
What is a JA3 Fingerprint? How TLS Client Fingerprinting Works

What is a JA3 Fingerprint? How TLS Client Fingerprinting Works

Recognise the software behind any encrypted connection from its TLS handshake alone. How JA3 fingerprinting works, how to read one, and what a single hash reveals about shared attacker tooling.
7 min read
23
May
AndroxGh0st and the limits of TLS fingerprinting

AndroxGh0st and the limits of TLS fingerprinting

May 2026 The same scanner toolkit AWS attributed to Interlock ransomware in March 2026 also runs AndroxGh0st credential theft and
11 min read
14
May
Inside the Scanners Hunting Exposed AI Infrastructure: 72 Hours of Findings

Inside the Scanners Hunting Exposed AI Infrastructure: 72 Hours of Findings

460 source IPs, 11,643 requests, 72 hours. The AI-aware operators in the data enumerated; the exploitation observed targeted credentials, not AI capabilities.
19 min read
14
Apr
A glasswing butterfly resting on a green leaf, its transparent wings revealing the leaf surface beneath

Claude Mythos Preview: Project Glasswing Solves One Problem. Here Are the Other Two

April 2026 On 7 April 2026, Anthropic announced that Claude Mythos Preview had autonomously found thousands of zero-day vulnerabilities across
4 min read
08
Apr
Scattered Spider: The Attack Chain, Hard Lessons, and What Comes Next

Scattered Spider: The Attack Chain, Hard Lessons, and What Comes Next

April 2026 Scattered Spider is a financially motivated cybercrime collective responsible for some of the most disruptive attacks in recent
18 min read
07
Apr
Developer desk with a "No Bad Days" sign, keyboard, coffee mug and monitor taken before the axios npm supply chain attack made March 31 2026 a very bad day

Axios NPM Supply Chain Attack (2026): What Happened and What to Do

On March 31, 2026, two malicious versions of the axios npm package were published using a compromised maintainer account. The
8 min read
31
Mar
A ginger cat viewed from behind, sitting in front of a blurred monitor displaying code

What Censys's OpenClaw Count Reveals That February's Headlines Did Not

31st March 2026 OpenClaw's internet-facing exposure has fallen sharply since the February 2026 peak. Public scrutiny, repeated security
9 min read
18
Mar
Targeting Firewalls And VPN Appliances

Why Ransomware Groups Are Targeting Firewalls and VPN Appliances

Updated March 2026: Analysis of the Interlock ransomware campaign exploiting a zero-day in Cisco Secure Firewall Management Center, based on
9 min read
16
Mar
Microsoft Intune Security Hardening

Microsoft Intune Security: Hardening Privileged Access

Updated March 2026: Based on the Stryker incident and Microsoft's official hardening guidance published 13 March 2026. LinkedIn
9 min read
13
Mar
he Dead Internet Is a Security Problem

The Dead Internet Is a Security Problem: What Digg's Collapse Teaches Us

Published March 2026 Digg launched in January 2026 to challenge the idea that the internet is full of bots, by
4 min read