Cambodia says it sealed off ~190 scam sites. 🧨
Now the real question: dismantled or displaced? 🧱🚚
Our forecast uses grown-up metrics (convictions + asset denial + independent compound counts).

Vendors are naming slices of the same IIS SEO fraud problem differently. This summary aligns those labels into one unified hunt surface and shows how to separate UAT-8099/WEBJACK from other BadIIS-style activity using concrete host and HTTP fingerprints.

BRICKSTORM intel just landed: PRC actors camping in vCenter/ESXi + Windows. 🧱🕵️‍♂️
F5 source-code drama raises the long-run 0-day odds, but the calendar + attribution lag are savage.
Our final call: 11% UNC5221 gets publicly tied to a new 0-day before Dec 31. 🎯

One “Allow” → tenant-wide weather event. 🌀
AI agent phish wraps the consent flow, device-code keeps churning, and Typhoon rides “good” U.S. infra. Kill list: user consent, device-code, or EWS app perms—what’s first?

Edge casinos pay out on N-days… but the jackpot pops only when the house isn’t looking.

UNC5221 is an edge-focused PRC espionage actor repeatedly tied to zero-days (Ivanti 2023–2025; prior NetScaler). Edge products remained a major zero-day target in 2024. But public attributions typically lag exploitation by weeks, and the window is short...

Thailand pulled the plug. The grift brought generators + Starlink. Shift north→south (Shwe Kokko/Myawaddy; Tachileik/Mae Sai). Squeeze OTC cash-outs + first-funding friction, or watch it respawn.