In January 2026, Dream uncovered a targeted supply-chain attack in Southeast Asia, where malicious updates were delivered through MicroWorld Technologies’ eScan antivirus infrastructure. Dubbed Verglas internally, the campaign replaced a trusted component with a trojanized version, enabling remote access and blocking future updates to prevent cleanup. Building on earlier reports

Between late Dec 2025 and mid-Jan 2026, a covert cyber-espionage campaign targeted diplomatic, election, and policy officials by exploiting trust rather than technical vulnerabilities. Attackers distributed malicious documents masquerading as diplomatic briefings or materials that appeared credible, timely, and aligned with real geopolitical events. Simply opening the files triggered compromise,

Most organizations unknowingly carry generic AD permissions that are broader than intended and silently create privilege-escalation and MFA-bypass risk. Dream demonstrates how simple LDAP writes combined with Duo directory sync bypass MFA (phone import + SMS). The core problem isn’t exotic exploits; it’s unseen, overbroad permissions. Dream addresses this by

Dream’s Identity Researcher is an LLM-powered tool that finds hidden privilege escalation routes in Active Directory by identifying tiering violations where lower-tier objects can access Tier 0 assets. These misconfigurations are common and often create silent paths to full-domain compromise, but now with the Identity Researcher, they are exposed before

This analysis of the F5 BIG-IP breach showcases how Dream’s Posture Engine transforms static visibility into genuine defensive intelligence. Powered by CLM and Dream’s cyber ontology, the platform reveals how misconfigurations and privilege relationships create real attack paths by prioritizing risks based on exploitability and impact. In the F5 supply

This report links nine coordinated phishing campaigns from 2025 to the Iranian APT group MuddyWater, revealing a single, consistent operational footprint across attacks targeting governments and diplomatic sectors worldwide. Through analysis of shared C2 behavior, VBS loaders, and repeated staging logic, the investigation connects previously isolated incidents into one unified