Will UNC5221 pop a fresh zero-day before Dec 31? Final Forecast!

BRICKSTORM intel just landed: PRC actors camping in vCenter/ESXi + Windows. 🧱🕵️‍♂️
F5 source-code drama raises the long-run 0-day odds, but the calendar + attribution lag are savage.
Our final call: 11% UNC5221 gets publicly tied to a new 0-day before Dec 31. 🎯

Typhoon by Consent: Quiet, Durable, Everywhere

One “Allow” → tenant-wide weather event. 🌀
AI agent phish wraps the consent flow, device-code keeps churning, and Typhoon rides “good” U.S. infra. Kill list: user consent, device-code, or EWS app perms—what’s first?

Will RedNovember be publicly reported to exploit at least one zero-day vulnerability in 2026? Updated 2025-11-06

Edge casinos pay out on N-days… but the jackpot pops only when the house isn’t looking.

Will UNC5221 pop a fresh zero-day before Dec 31? Updated!

UNC5221 is an edge-focused PRC espionage actor repeatedly tied to zero-days (Ivanti 2023–2025; prior NetScaler). Edge products remained a major zero-day target in 2024. But public attributions typically lag exploitation by weeks, and the window is short...

Kill the Lights, Fire Up Starlink: Scam Compounds Slide South

Thailand pulled the plug. The grift brought generators + Starlink. Shift north→south (Shwe Kokko/Myawaddy; Tachileik/Mae Sai). Squeeze OTC cash-outs + first-funding friction, or watch it respawn.

Will RedNovember be publicly reported to exploit at least one zero-day vulnerability in 2026?

RedNovember likely stays fast-follow on edge devices using N-days and public PoCs, not 0-days. China-nexus peers show willingness to burn edge 0-days, so a pivot is plausible but not base case...