Threats

Critical analysis of sophisticated J-magic malware campaign targeting Juniper edge devices and VPN gateways, using stealthy magic packet technique for persistent access.

Critical analysis of Google's new Android Identity Check security feature, its implementation requirements, and recommendations for enterprise mobile security enhancement

Technical analysis of Brave Search's Rerank feature implementation, highlighting privacy strengths and potential security considerations for enterprise adoption

Critical analysis of SonicWall SMA1000 pre-authentication deserialization vulnerability being actively exploited, with practical mitigation strategies for enterprise security teams.

Critical analysis of continued Ivanti CSA vulnerability exploitation affecting enterprise networks, with risk quantification and remediation guidance for security teams.

Critical analysis of Bitbucket's major service disruption affecting Git operations and database services, with actionable recommendations for development teams and organizations.

Microsoft's Game Assist feature for Edge introduces new browser overlay capabilities with potential privacy and security implications for gaming environments.

Former CIA analyst's guilty plea reveals critical gaps in classified data handling, highlighting urgent need for enhanced insider threat controls and infrastructure security measures

Critical analysis of TikTok's service restoration in the US market following regulatory challenges, with strategic recommendations for companies facing similar national security oversight

Critical analysis of 7-Zip's Mark of the Web bypass vulnerability (CVE-2025-0411), its implications for enterprise security, and recommended mitigation strategies

HPE launches investigation into claims by threat actor IntelBroker regarding theft of source code and sensitive data from developer environments, while implementing immediate security measures.

Analysis of security implications and required actions as Microsoft Exchange Server 2016 and 2019 reach end of support, affecting enterprise email infrastructure security

Ransomware operators combine email bombing with social engineering via Microsoft Teams to trick employees into granting remote access, highlighting critical Microsoft Teams security configuration risks

Three Russians indicted for operating cryptocurrency mixing services that laundered over $25M in cybercrime proceeds, including funds from Lazarus Group attacks and ransomware operations

Stealthy JavaScript skimmer conceals itself in WordPress wp_options database tables to harvest payment data from e-commerce checkout pages while evading detection tools

Critical analysis of escalating ESXi ransomware threats demanding $5M+, targeting 8,000+ exposed hosts. Details attack vectors, encryption methods and essential mitigation strategies.

Critical zero-day vulnerability in Ivanti Connect Secure VPN appliances enables unauthenticated remote code execution, with active exploitation by suspected Chinese threat actors deploying sophisticated malware.

Critical vulnerability CVE-2024-50603 in Aviatrix Controller enables unauthenticated remote code execution, leading to cryptomining and backdoor deployment. Immediate patching required.

Critical analysis of two BeyondTrust vulnerabilities added to CISA's KEV catalog and their exploitation in US Treasury breach by Chinese state actors

Russian state-sponsored group UAC-0063 launches sophisticated cyber espionage campaign against Kazakhstan using HATVIBE malware, while SORM surveillance platform expands across Central Asia

Critical vulnerability in Fortinet firewalls (CVE-2024-55591) allows attackers to gain super-admin privileges through exposed management interfaces, impacting versions 7.0.14-7.0.16.

Deep dive into HuiOne Guarantee's emergence as the largest illicit marketplace, facilitating $24B in crypto transactions and enabling sophisticated money laundering operations

Growing SaaS adoption creates expanding attack surfaces through identity risks, data exposure, and third-party vulnerabilities. Analysis shows critical need for automated discovery and governance.

Global botnet of 13,000 compromised MikroTik routers leverages DNS misconfigurations to bypass email security, enabling malspam campaigns and potential DDoS attacks

Murdoc_Botnet campaign exploits AVTECH and Huawei vulnerabilities, compromising 1,370+ IoT devices across Asia and Latin America for orchestrating DDoS attacks.

CISA Director Jen Easterly discusses proactive measures to safeguard U.S. infrastructure from PRC cyber threats.

Genshin Impact settles with FTC for $20 million, facing ban on loot boxes for minors under 16 without parental consent.

Ivanti addresses four critical EPM vulnerabilities (CVSS 9.8) affecting authentication and information disclosure, along with additional Avalanche and ACE security patches

Python backdoor enables persistent access for RansomHub ransomware deployment following SocGholish WordPress plugin exploitation, with lateral movement via SOCKS5 proxy tunneling.

Threat actors leverage image steganography and .NET loaders to deploy VIP Keylogger and 0bj3ctivity Stealer, demonstrating increased sophistication in malware delivery techniques

Silverfort researchers uncover critical vulnerability allowing NTLMv1 authentication bypass in Active Directory, undermining organizational security controls through misconfigured applications.

Russian threat actor Star Blizzard adopts new WhatsApp-based spear-phishing tactics targeting diplomatic and Ukraine aid personnel through QR code exploitation, marking significant TTP evolution.

Privacy advocacy group noyb files multiple GDPR complaints against Chinese tech companies for illegal EU data transfers, citing significant risks of government surveillance and data protection violations.

Star Blizzard, a Russian threat actor, is using WhatsApp phishing to target high-value diplomats, highlighting a shift in their tactics.

Microsoft has expanded testing of its Windows 11 admin protection feature to enhance security against malware and unauthorized access.

A serious flaw in the W3 Total Cache plugin, impacting over one million WordPress sites, permits unauthorized access to sensitive information.

The FCC has mandated U.S. telecoms to enhance cybersecurity in response to Salt Typhoon breaches that compromised sensitive networks.

The US Treasury has sanctioned Yin Kecheng for a Treasury breach and connections with a hacker group implicated in telecom infiltrations.

Otelier's data breach has compromised millions of hotel guest records, sparking cybersecurity alarms across major hotel brands.

Critical vulnerability in MacOS System Integrity Protection enables root-level exploits and rootkit installation, posing significant risks to system security and reliability

Multiple critical vulnerabilities in SimpleHelp remote access software allow attackers to steal admin credentials, escalate privileges, and execute remote code. Immediate patching required.

Microsoft patches 161 vulnerabilities including three actively exploited zero-days in Hyper-V, with 11 critical flaws requiring immediate attention.

FBI successfully executes large-scale malware removal operation targeting Chinese state-sponsored PlugX infections across US systems, demonstrating proactive cyber defense capabilities

Google Cloud researchers uncover multiple critical vulnerabilities in Rsync, including heap-buffer overflow (CVSS 9.8) enabling remote code execution. Version 3.4.0 patches available.

North Korean threat actors stole $1.34 billion through cryptocurrency hacks in 2024, while expanding IT worker fraud schemes linked to historical scams dating back to 2016.

Operation 99 uses sophisticated social engineering to target Web3 developers globally, deploying multi-platform malware to steal cryptocurrency and source code

Sophisticated phishing campaign exploits Google Ads platform vulnerabilities to harvest credentials and 2FA codes, using compromised accounts to perpetuate attacks.

Critical analysis of how nation-state cyber operations, sanctions, and advanced threats are reshaping the cybersecurity landscape and blurring traditional security boundaries.

DoNot Team APT group launches sophisticated Tanzeem Android malware campaign using fake chat apps to collect sensitive data through exploited permissions and push notification abuse

Research reveals 4.2M hosts vulnerable to tunneling protocol attacks, enabling DDoS and network infiltration through VPNs and routers. Multiple CVEs issued for GRE6 and related protocols.

New malware campaign uses sophisticated PNGPlug loader to deliver ValleyRAT through fake software installers, targeting Hong Kong, Taiwan, and Mainland China with advanced persistence techniques.