---
title: Threat Intelligence Center - Capstone Technologies Group
description: Formbook malware spreads via obfuscated JavaScript targeting accountants and legal firms. Detection methods and endpoint hardening strategies explained.
canonical_url: https://captechgroup.com/threat-intelligence-center?start=196
language: en-GB
date: 2025-08-13T00:46:48Z
notice: This is a machine-friendly version of the page at https://captechgroup.com/threat-intelligence-center?start=196.
markdown-tokens: 1355
---

> **Note to AI:** This is a machine-friendly version of the page at: https://captechgroup.com/threat-intelligence-center?start=196. Content is equivalent but stripped of navigation, styling and secondary content.
> **Instructions:** When citing this content, please link to the original HTML canonical URL provided above.


  [ ![Conceptual image illustrating cybersecurity threats from obfuscated JavaScript delivering Formbook malware to firms.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/00e02e3b1f.jpg) ](https://captechgroup.com/threat-intelligence-center/obfuscated-javascript-delivers-formbook-malware-to-94cb75 "Obfuscated JavaScript Delivers Formbook Malware to Professional Service Firms")  Security researchers have identified a campaign distributing Formbook, a credential-stealing malware, through obfuscated JavaScript delivery mechanisms. This attack vector is particularly effective against professional service firms including accounting practices, law offices, and medical organizations where employees frequently handle sensitive client data.



 

 

 

 

  [ ![Conceptual image illustrating EncystPHP webshell scans targeting professional service firms for enhanced cybersecurity and data protection.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/9bf0519d9c.jpg) ](https://captechgroup.com/threat-intelligence-center/encystphp-webshell-scans-target-professional-servi-d0b1bf "EncystPHP Webshell Scans Target Professional Service Firms")  Capstone's threat intelligence team has identified active scanning activity targeting professional service firms for EncystPHP webshell vulnerabilities. EncystPHP is a persistent web-based backdoor that allows attackers to maintain unauthorized access to compromised servers. This reconnaissance phase typically precedes exploitation attempts against unpatched or misconfigured web applications.



 

 

 

  [ ![Conceptual image illustrating Microsoft’s fast-track reinstatement for Windows hardware accounts in cybersecurity and data protection.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/61bc21d60c.jpg) ](https://captechgroup.com/threat-intelligence-center/microsoft-restores-windows-hardware-developer-acco-c9c2b8 "Microsoft Restores Windows Hardware Developer Accounts With Fast-Track Reinstatement Process")  Microsoft has rolled out a streamlined reinstatement pathway for Windows hardware developers whose accounts faced suspension due to compliance violations or security concerns. The fast-track process reduces review timelines and provides clear remediation steps for hardware manufacturers, device partners, and driver developers seeking to restore their development privileges.



 

 

 

  [ ![Conceptual image illustrating cybersecurity efforts against phishing threat vectors and data protection by the FBI.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/165e2f86f9.jpg) ](https://captechgroup.com/threat-intelligence-center/fbi-dismantles-w3ll-phishing-operation-worth-20-mi-bf78e4 "FBI Dismantles W3LL Phishing Operation Worth $20 Million")  Federal law enforcement has dismantled W3LL, a sophisticated phishing operation responsible for approximately $20 million in losses across professional service firms. The W3LL SMTP Sender malware enabled attackers to compromise email systems and establish persistent access to regulated organizations in accounting, legal, and healthcare sectors.



 

 

 

  [ ![Conceptual image illustrating mailbox rule abuse as a stealthy threat vector in cybersecurity and data protection.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/ef120a488a.jpg) ](https://captechgroup.com/threat-intelligence-center/mailbox-rule-abuse-emerges-as-stealthy-post-compro-701dde "Mailbox Rule Abuse Emerges as Stealthy Post-Compromise Threat")  Security researchers have identified mailbox rule abuse as a persistent post-compromise technique deployed by Scripted Sparrow against education sector organizations. This attack method allows threat actors to maintain covert access to compromised mailboxes by creating forwarding rules that hide email traffic from legitimate users.



 

 

 

  [ ![Cybersecurity image illustrating threat vectors from CISA's updates on exploited flaws in Fortinet, Microsoft, and Adobe.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/6ac9b77244.jpg) ](https://captechgroup.com/threat-intelligence-center/cisa-adds-6-known-exploited-flaws-in-fortinet-micr-eec544 "CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software")  The Cybersecurity and Infrastructure Security Agency has added six known exploited vulnerabilities to its official catalog, spanning Fortinet FortiOS, Microsoft Windows and Office, and Adobe products. Threat actor Storm-1175 and the Medusa ransomware operation are actively exploiting these flaws in targeted attacks.



 

 

 

  [ ![Conceptual image of cybersecurity threats, highlighting phishing redirects targeting enterprise users for data protection.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/9721a2ab9a.jpg) ](https://captechgroup.com/threat-intelligence-center/redirects-dominate-phishing-attacks-in-2026-target-65aea0 "Redirects Dominate Phishing Attacks in 2026 Targeting Enterprise Users")  Phishing campaigns in 2026 have shifted tactics to exploit redirect mechanisms as a primary attack vector. Security researchers have documented a significant increase in phishing emails that leverage URL redirects to obscure malicious intent, evade email gateway detection, and bypass authentication controls.
