China-linked cyberespionage group Fire Ant is exploiting VMware and F5 vulnerabilities to stealthily access secure, segmented systems, according to Sygnia. Since early 2025, the group has targeted...
Scattered Spider hackers have been aggressively targeting virtualized environments by attacking VMware ESXi hypervisors at U.S. companies in the retail, airline, transportation, and insurance secto...
A large-scale counterfeit currency operation is reportedly circulating fake notes worth millions of dollars, which has been brought to light by cybersecurity firm CloudSEK. Its investigation, share...
EXECUTIVE SUMMARY Raven Stealer is a modern, lightweight, information-stealing malware developed primarily in Delphi and C++, designed to extract sensitive data from victim machines with minimal us...
Summary: Gaming peripheral manufacturer Endgame Gear has disclosed a security incident involving malware-infected software distributed through their official website, affecting users who downloade...
Nesreen Dalhy B.S. ’23, M.S. ’25 worked with Dr. Karim Elish, associate professor of computer science at Florida Poly, to identify new, more effective ways to detect this malicious software as part...
NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2024-48729 n/a - n/a An iss...
Introduction This week’s zero-day exploit targeting Microsoft SharePoint, now referred to as ToolShell, caught organizations off guard. The exploit allowed unauthenticated remote code execution an...
Introduction Resecurity conducted hundreds of VAPT (Vulnerability Assessment and Penetration Testing) engagements for customers of different sizes and profiles—ranging from Fortune 100 corporation...
“Laundry Bear, as tracked by Dutch Intelligence (also tracked as Void Blizzard by Microsoft Threat Intelligence), is a Russian state-sponsored APT that has been active since at least April 2024 and...
Overview The SonicWall Capture Labs threat research team became aware of a pre-authentication memory leak vulnerability leading to information disclosure in Citrix NetScaler devices and assessed i...
Cybercrime unveiled in the suburbs Authorities sentenced an Arizona resident to over eight years in prison after discovering a covert “laptop farm” connected to a remote work scam involving North ...
NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2025-33109 IBM - i IBM i 7....
Cisco Talos Incident Response (Talos IR) recently observed attacks by Chaos, a relatively new ransomware-as-a-service (RaaS) group conducting big-game hunting and double extortion attacks. Chaos R...
On July 19, 2025, Microsoft confirmed that a set of zero-day vulnerabilities in SharePoint Server called ToolShell is being exploited in the wild. ToolShell is comprised of CVE-2025-53770, a remote...
Introduction When we as network threat hunters think of Command and Control (C2) over DNS, a familiar image comes to mind: long, garbled subdomains streaming out of a network. This being the case,...
Key Takeaways First identified by eSentire’s Threat Response Unit (TRU) in May 2025, Cyber Stealer represents a new and actively developing threat. The malware authors are consistently updating the...
…Nothing unusual about botnet traffic. But this time, dozens of malicious IPs were all coming from a single region with a population of just over 3,000 people. It didn’t fit the pattern. So we dug...
NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2021-39077 IBM - Security Guardiu...
Unknown threat actors have breached the National Nuclear Security Administration’s network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain. NNSA is a sem...