So far, we’ve seen the Crux ransomware being deployed in three separate incidents. Encrypted files end in the .crux file extension, and ransom notes follow the naming convention crux_readme_[random...

On July 16, 2025, Cisco updated its advisory—originally published in late June—to include a third maximum-severity vulnerability affecting Cisco Identity Services Engine (ISE) and ISE-Passive Ident...

The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a phishing campaign that’s designed to deliver a malware codenamed LAMEHUG. An obvious feature of LAMEHUG is the ...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2024-13972 Sophos - Sophos Interc...

Last month, a customer contacted us after noticing their WordPress website was unexpectedly redirecting to a spam domain. The redirection occurred approximately 4-5 seconds after a user landed on t...

Threat hunting case study: Lumma infostealer Source: Intel471 Information stealers, or infostealers, are malware applications that hoover enormous amounts of information from machines including lo...

Key Takeaways The Linuxsys cryptominer has been part of a long-running campaign exploiting multiple vulnerabilities with a consistent attacker methodology since at least 2021. The attacker levera...

Wiz Research discovered a critical container escape vulnerability in the NVIDIA Container Toolkit (NCT), which we’ve dubbed #NVIDIAScape. This toolkit powers many AI services offered by cloud and S...

The application is believed to be the successor of MFSocket, a tool that was analyzed in 2019, and which was used by the country’s police for the same purposes. Both applications require physical ...

In April 2025, Cisco Talos identified a Malware-as-a-Service (MaaS) operation that utilized Amadey to deliver payloads. The MaaS operators used fake GitHub accounts to host payloads, tools and Amad...

In a recent incident response (IR) case, we discovered highly customized malware targeting Exchange infrastructure within government environments. Analysis of detection logs and clues within the sa...

A vulnerability disclosed in May 2025, CVE-2025-48927, affects certain deployments of TeleMessage™ SGNL, an enterprise messaging system modeled after Signal, used by government agencies and enterpr...

This report examines a growing scam technique involving fake receipt generators – tools that enable fraudsters to create counterfeit receipts from well-known brands. This research was brought to ou...

It was 2017 when Coinhive burst onto the scene, embedding a Monero miner directly into websites. Users would unknowingly mine cryptocurrency while browsing, turning their devices into silent profit...

The identities of more than 100 British officials, including members of the special forces and MI6, were compromised in a data breach that also put thousands of Afghans at risk of reprisal, it can ...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-30747 Oracle Corporation - P...

Key Findings Multi-Stage Attacks: UNG0002 employs sophisticated infection chains using malicious LNK files, VBScript, batch scripts, and PowerShell to deploy custom RAT implants including ...

Aviation insiders say Serbia’s national airline, Air Serbia, was forced to delay issuing payslips to staff as a result of a cyberattack it is battling.\n\nInternal memos, seen by The Register, date...

A DoD report warns that a China-nexus hacking group, Salt Typhoon, breached a U.S. state’s Army National Guard network from March to December 2024. The APT stole network configurations, admin crede...

Key findings: Between March and June 2025, Proofpoint Threat Research observed three Chinese state-sponsored threat actors conduct targeted phishing campaigns against the Taiwanese semiconductor i...