DMZ//THREAT INTEL
FEED ACTIVELAST SYNC: 06:03:37ZSOURCES: 14CRITICAL: 15
⚠ ACTIVE ALERTS
SYLVANITE CRITICAL — SYLVANITE is a newly named Dragos-tracked threat group identified as a dedicated… /// @MsftSecIntel CRITICAL — We are tracking TeamPCP (UNC6780) activity following the GitHub internal repository… /// @GossiTheDog CRITICAL — The GitHub / TeamPCP breach is now being monetized on BreachForums. Listing is up — $95k… /// @struppigel CRITICAL — SUPPLY CHAIN ALERT: Laravel-Lang PHP packages backdoored May 22-23 via hijacked GitHub… /// @MalwareHunterTeam CRITICAL — Seeing fresh DebugElevator stealer log batches already appearing for sale on Exploit.in —…
15Critical Threats
8Active CVEs
0IOCs Tracked
0New Advisories
CLASSIFIED // NEW HERE
DMZ surfaces threats hiding between the headlines.
We correlate signals across underground forums, security researcher posts on X, vendor disclosures, and CISA advisories — then publish what defenders actually need to know. No noise. No engagement bait. Just the threats that matter.
⚿ SEE SUBSCRIPTION TIERS→ HOW DMZ WORKS
// Latest Intelligence
30 REPORTS TODAY
INFO#EDITORIAL#BY JORDAN2026-05-15

Why I'm Building DMZ

I served nine years in the Navy as an Aviation Boatswain's Mate before I ever touched a SIEM. A year into my first analyst role, I started building DMZ — the threat intel publication I wish existed when I was sitting at my desk a year ago,…

founders-noteintel-philosophymanifesto
READ BRIEF →
CRITICAL#ACTOR#NATION-STATE

SYLVANITE

SYLVANITE is a newly named Dragos-tracked threat group identified as a dedicated initial-access broker operating in direct support of Volt Typhoon. The group gains footholds across OT-adjacent organizations in North America, Europe, South…

2026-05-26READ →
HIGH#DARK WEB#BREACH

GitHub Internal Source — ~3,800 Repos — Full Org Data — $95k OBO or FREE LEAK

[SUPPLY CHAIN | HIGH VALUE] Selling full exfil from ██████ internal infrastructure. Approx 3,800 private repos. Includes Actions, Copilot internals, CodeQL, Dependabot, Codespaces, security tooling, Rails/PR controllers. Obtained via…

2026-05-26READ →
HIGH#DARK WEB#EXPLOIT

Laravel-Lang DebugElevator Stealer Logs BULK — AWS/GCP/Azure/K8s/SSH/Stripe/Slack Keys — Fresh May 22-23 Harvest

[STEALER LOGS | FRESH] Selling exfiltrated credential packages harvested by ████████████ PHP stealer deployed via Laravel-Lang supply chain attack (May 22-23 window). Logs contain: AWS IAM keys + session tokens, GCP service account JSONs,…

2026-05-26READ →
CRITICAL#CVE#CRITICAL

CVE-2026-8992: Ivanti Secure Access Client Improper Certificate Validation RCE

An improper certificate validation vulnerability (CWE-295) in Ivanti Secure Access Client allows a remote unauthenticated attacker to execute arbitrary code. The flaw was disclosed as part of Ivanti's May 2026 Patch Tuesday release. No…

2026-05-22READ →