Key findings: Zero-day exploitation is becoming more difficult, opaque, and expensive, leading to “feast-or-famine” contract cycles. Middlemen with prior government connections further drive up cos...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-34033 5VTechnologies - Blue ...

Key Takeaways The supply-chain blast radius is extensive. Anthropic’s vulnerable SQLite MCP server was forked over 5,000 times before being archived. This means this unpatched code now exists insi...

In March–April 2024, during incident response within the information and communication system of a central executive body, Ukraine’s Computer and Emergency Response identified a Windows system infe...

The Trellix Advanced Research Center has uncovered a sophisticated APT malware campaign that we’ve dubbed OneClik. It specifically targets the energy, oil, and gas sector through phishing attacks a...

Citrix patched a critical vulnerability in its NetScaler ADC and NetScaler Gateway products that is already being compared to the infamous CitrixBleed flaw exploited by ransomware gangs and other c...

Executive Summary Unit 42 researchers have been monitoring a series of attacks targeting financial organizations across Africa. We assess that the threat actor may be gaining initial access to the...

Introduction Welcome to the final installment of our Cryptominers’ Anatomy blog series: In our first post, we discussed cryptocurrencies’ fundamentals, their various attributes, and what makes so...

The Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation (FBI) have issued an advisory warning of cyber attacks mounted by the China-linked Salt Typhoon actors to breach ...

The Socket Threat Research Team has uncovered an extended and ongoing North Korean supply chain attack that hides behind typosquatted npm packages. Threat actors linked to the Contagious Interview ...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-49144 notepad-plus-plus - no...

This blog post highlights a Mandiant Red Team case study simulating an “Initial Access Brokerage” approach that discovered two vulnerabilities on Aviatrix Controller, a Software-Defined Networking ...

Here are the key facts about this new threat: The malware targets both iOS and Android devices, and it is spreading in the wild as well as through the App Store and Google Play. The app is already...

Key findings China-aligned threat actor Hive0154 has spread numerous phishing lures in targeted campaigns throughout 2025 to deploy the Pubload backdoor. Hive0154 devises filenames referencing vari...

A severe cryptographic vulnerability in the popular open-source Meshtastic project allows attackers to decrypt private messages and hijack nodes across LoRa mesh networks. The vulnerability tracke...

Source: G Data Excerpt: “ConnectWise abuse 2024-2025 This isn’t the first time that ConnectWise has been used by threat actors. Back in February 2024, we saw a spike in ransomware activity tied t...

China-nexus actors are using a network of Operational Relay Boxes (ORBs) including compromised connected devices to target victims in the US and Asia with a cyber-espionage campaign, SecurityScorec...

Today (June 22, 2025) — the threat actors associated with the “Cyber Fattah” movement leaked thousands of records containing information about visitors and athletes from past Saudi Games, one of th...

Executive Summary CloudSEK’s recent investigation reveals that the Androxgh0st botnet has evolved significantly since its early activity in 2023, leveraging a wide range of Initial Access Vectors ...

Executive Summary APT36, also known as Transparent Tribe, is a Pakistan-based cyber espionage group that has been actively targeting Indian defense personnel through highly sophisticated phishing ...