Frontline Intelligence Analysis of UNC1549 TTPs, Custom Tools, and Malware Targeting the Aerospace and Defense Ecosystem

Last year, Mandiant published a blog post highlighting suspected Iran-nexus espionage activity targeting the aerospace, aviation, and defense industries in the Middle East. In this follow-up post, ...

Nov 17, 2025 APT

Fortinet’s delayed alert on actively exploited defect put defenders at a disadvantage

The security vendor silently patched a vulnerability, but did not assign the flaw a CVE or publicly disclose its existence until 17 days later. By then, widespread attacks were already underway. F...

Nov 17, 2025 CYBERSECURITY

Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT

Title: Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT Source: The Hacker News Date Published: November 17, 2025 “Dragon Breath, a threat actor also known as APT-Q-2...

Nov 17, 2025 RESEARCH

AI's scary new trick - Conducting cyberattacks instead of just helping out

Anthropic, the company behind the AI assistant Claude, has documented a large-scale cyberattack campaign where AI was used beyond simple assistance. This marks what may be the first recorded instan...

Nov 17, 2025 MALWARE

U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Fortinet FortiWeb flaw, tracked as CVE-2025-64446 (CVSS score of 9.1), to its Known Exploited Vulnerabilities (KEV) catalog....

Nov 15, 2025 SECURITY

RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet

The botnet malware known as RondoDox has been observed targeting unpatched XWiki instances against a critical security flaw that could allow attackers to achieve arbitrary code execution. The vulne...

Nov 15, 2025 VULNS

RONINGLOADER Weaponizes Signed Drivers to Disable Defender and Evade EDR Tools

Source: Cyber Security News RONINGLOADER, a multi-stage loader spreading a modified version of the gh0st RAT, uses clever tricks to bypass antivirus protection. This campaign shows how attackers a...

Nov 15, 2025 CYBER SECURITY

Hackers are Weaponizing Invoices to Deliver XWorm That Steals Login Credentials

Attackers are using fake invoice emails to spread XWorm, a remote-access trojan that quietly steals login credentials, passwords, and sensitive files from infected computers. The script immediately...

Nov 15, 2025 MALWARE

Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies

The U.S. Department of Justice (DoJ) on Friday announced that five individuals have pleaded guilty to assisting North Korea’s illicit revenue generation schemes by enabling information technology (...

Nov 15, 2025 LEGAL

Decades-old ‘Finger’ protocol abused in ClickFix malware attacks

Threat actors are abusing the decades-old “finger” command to execute malicious commands on Windows devices, reviving a previously known LOLBIN technique. The Finger protocol, once commonly used fo...

Nov 15, 2025 RESEARCH

The State of Ransomware – Q3 2025

During the third quarter of 2025, we monitored more than 85 active data leak sites (DLS) that collectively listed 1,592 new victims. Compared to the 1,607 victims reported in Q2 2025, the publicati...

Nov 13, 2025 RESEARCH

Siemens COMOS

Siemens COMOS, a software used in critical manufacturing, is affected by two vulnerabilities that could allow attackers to execute arbitrary code or infiltrate data. Siemens has released updates to...

Nov 13, 2025 VULNS

Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests' Payment Data

A sophisticated phishing campaign, potentially originating from Russian-speaking threat actors, has been identified targeting customers in the hospitality industry. Since the beginning of the year,...

Nov 13, 2025 SECURITY

Inside the Great Firewall Part 3 - Geopolitical and Societal Ramifications

At its core, the GFW’s domestic function is ideological containment: a technical means to preempt the circulation of narratives, symbols, or software deemed threatening to Party legitimacy. The fil...

Nov 13, 2025 RESEARCH

Extra, extra, read all about it - Washington Post clobbered in Clop caper

The Washington Post has confirmed a data breach affecting nearly 10,000 employees and contractors, stemming from the Clop ransomware gang’s exploitation of an Oracle E-Business Suite (EBS) vulnerab...

Nov 13, 2025 BREACH

SIEM Modernization and Optimization - Step 2 - Define Your Goals

SIEM modernization requires clearly defined goals to minimize residual risk, optimize capabilities, and safeguard the solution against attacks. The overarching aim should be to ensure the Security ...

Nov 12, 2025 RESEARCH

Hackers Actively Exploiting Cisco and Citrix 0-Days in the Wild to Deploy Webshell

An advanced hacking group is actively exploiting zero-day vulnerabilities in Cisco Identity Services Engine (ISE) and Citrix systems. These attacks, spotted in real-world operations, allow hackers ...

Nov 12, 2025 CYBER SECURITY

Google Sues China-Based Hackers Behind $1 Billion Lighthouse Phishing Platform

Google has filed a civil lawsuit in the U.S. District Court for the Southern District of New York (SDNY) against China-based hackers who are behind a massive Phishing-as-a-Service (PhaaS) platform ...

Nov 12, 2025 CYBERSECURITY

2025-11-12 Daily Vulns

NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2025-3146 PHPGurukul - Bus Pass M...

Nov 12, 2025 VULNERABILITIES

Zscaler warns industrial operations face mounting risk as IoT, OT attacks surge across energy, manufacturing sectors

Zscaler ThreatLabz reported a 67% surge in Android malware, with 40% of IoT attacks now targeting critical industries and hybrid work environments. Critical infrastructure in the energy sector expe...

Nov 11, 2025 INFRASTRUCTURE