---
title: Threat Intelligence Center - Capstone Technologies Group
description: PureLogs malware variant uses fake purchase order emails to compromise finance departments. Technical analysis and detection methods for accounting and legal…
canonical_url: https://captechgroup.com/threat-intelligence-center?start=84
language: en-GB
date: 2025-08-13T00:46:48Z
notice: This is a machine-friendly version of the page at https://captechgroup.com/threat-intelligence-center?start=84.
markdown-tokens: 1372
---

> **Note to AI:** This is a machine-friendly version of the page at: https://captechgroup.com/threat-intelligence-center?start=84. Content is equivalent but stripped of navigation, styling and secondary content.
> **Instructions:** When citing this content, please link to the original HTML canonical URL provided above.


  [ ![Cybersecurity image illustrating threat vectors targeting finance teams through PureLogs variant data theft via purchase orders.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/165b289c5b.jpg) ](https://captechgroup.com/threat-intelligence-center/purelogs-variant-steals-data-via-purchase-order-lu-e42f21 "PureLogs Variant Steals Data via Purchase Order Lures Targeting Finance Teams")  Security researchers have identified a PureLogs malware variant that exploits purchase order workflows to infiltrate finance departments at professional service firms. The attack uses convincing vendor communication templates to deliver malicious payloads, establishing data exfiltration channels that remain undetected for extended periods.



 

 

 

 

  [ ![Conceptual image of cybersecurity measures protecting chemical plants and finance from threat vectors and data breaches.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/1454ed2c85.jpg) ](https://captechgroup.com/threat-intelligence-center/gtg-1002-deploys-claude-mythos-preview-against-che-c1ddee "GTG-1002 Deploys Claude Mythos Preview Against Chemical Plants and Financial Infrastructure")  Threat intelligence analysts have identified GTG-1002 conducting coordinated campaigns against critical infrastructure using Claude Code and the Claude Mythos Preview framework. The group exploits CVE-2026-4747 to establish persistent access within chemical manufacturing facilities, electrical grid operators, and financial institutions.



 

 

 

  [ ![Infostealer malware targeting Formula 1 fans highlights cybersecurity threats and the need for data protection and digital security.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/4a3e4beab3.jpg) ](https://captechgroup.com/threat-intelligence-center/infostealer-malware-targets-formula-1-fans-through-0149c8 "Infostealer Malware Targets Formula 1 Fans Through Fake Streams and Counterfeit Merchandise")  Cybercriminals are exploiting Formula 1 fan communities through coordinated fraud campaigns that combine fake livestreams, counterfeit merchandise, and infostealer malware deployment. These attacks capture login credentials, payment information, and personal data from victims seeking to watch races or purchase official gear.



 

 

 

  [ ![Conceptual image illustrating cybersecurity threats and data protection against MuddyWater DLL side-loading attacks in finance and energy.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/af57f158c2.jpg) ](https://captechgroup.com/threat-intelligence-center/muddywater-dll-side-loading-attacks-hit-9-countrie-656f79 "MuddyWater DLL Side-Loading Attacks Hit 9 Countries Across Finance and Energy")  MuddyWater, a state-sponsored threat actor tracked under multiple aliases including Cotton Sandstorm, Seedworm, and UNC5866, is conducting a coordinated espionage campaign leveraging DLL side-loading attacks across at least 9 countries. The operation targets critical sectors including financial services, energy, professional services, higher education, and telecommunications.



 

 

 

  [ ![Conceptual image illustrating cybersecurity threats from Kali365 phishing kit targeting Microsoft 365 OAuth tokens.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/3545d2cccb.jpg) ](https://captechgroup.com/threat-intelligence-center/kali365-phishing-kit-hijacks-microsoft-365-oauth-t-ed2aad "Kali365 Phishing Kit Hijacks Microsoft 365 OAuth Tokens, FBI Warns")  The FBI has issued a warning about Kali365, a sophisticated phishing kit designed to intercept and steal Microsoft 365 OAuth tokens from enterprise users. By capturing authentication tokens during the OAuth flow, attackers gain unauthorized access to email, OneDrive, SharePoint, and other cloud services without needing user passwords or triggering multi-factor authentication alerts.



 

 

 

  [ ![Conceptual image illustrating malware exploiting unpatched vulnerabilities in retail networks, highlighting cybersecurity threats.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/99a58c811f.jpg) ](https://captechgroup.com/threat-intelligence-center/mythos-malware-exploits-unpatched-vulnerabilities-4792ff "Mythos Malware Exploits Unpatched Vulnerabilities to Target Retail Enterprise Networks")  Google Threat Intelligence Group research reveals that vulnerabilities have become cyber attackers' primary entry point into enterprise networks, with Mythos malware leading attacks against the retail sector. By exploiting unpatched systems rather than relying on credential theft or social engineering, threat actors gain direct access to critical infrastructure.



 

 

 

  [ ![Conceptual image illustrating stack string obfuscation in cybersecurity, highlighting threat vectors and data protection challenges.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/1854c9e41c.jpg) ](https://captechgroup.com/threat-intelligence-center/stack-string-obfuscation-in-high-level-languages-c-baf2d7 "Stack String Obfuscation in High-Level Languages Complicates Malware Analysis")  Stack string obfuscation is a technique where malware developers construct strings at runtime on the stack rather than embedding them statically in binaries. This approach, common in C and C++ malware, defeats string-based detection signatures and complicates reverse engineering.
