Overview Imagine that you’re looking at a potential issue that shows up in a Zeek log file. Instead of attaching the entire log file to a response ticket it might make sense to extract just the lin...

Summary Netskope Threat Labs has discovered a campaign using fake installers to deliver the Sainbox RAT and a Hidden rootkit. During our threat hunting activities, we encountered multiple installer...

Source: Cisco Talos Excerpt: Armory Crate and AI Suite are applications used to manage and monitor ASUS motherboards and related components such as the processor, RAM or the increasingly popular ...

Nature of the Vulnerabilities The vulnerabilities, tracked as CVE-2025-20281 and CVE-2025-20282, target specific APIs within Cisco ISE and ISE-PIC. Both can be exploited without any valid credent...

Spammy posts and pages being placed on WordPress websites is one of the most common infections that we come across. The reason being is that the attack is very low-level in terms of sophistication:...

GreyNoise has identified a notable surge in scanning activity targeting MOVEit Transfer systems, beginning on May 27, 2025. Prior to this date, scanning was minimal—typically fewer than 10 IPs obse...

A critical vulnerability in Realtek’s Bluetooth Low Energy (BLE) implementation enables attackers to launch denial-of-service (DoS) attacks during device pairing. The flaw (CVE-2024-48290) affects...

Since November 2024, Blind Eagle actors have been conducting an ongoing campaign targeting Colombian organizations. In this campaign, threat actors have been observed using phishing emails to deliv...

Key findings Amid ongoing tensions between Iran and Israel, the Iranian threat group Educated Manticore, associated with the Islamic Revolutionary Guard Corps, has launched spear-phishing campaign...

The public discourse surrounding the capabilities and emerging role of AI is drowned in a sea of fervor and confusion. The few attempts to ground the discussion in concrete arguments and experiment...

Cybercriminals are continuing to explore artificial intelligence (AI) technologies such as large language models (LLMs) to aid in their criminal hacking activities. Some cybercriminals have resort...

The report, published this week, paints a sobering picture with two-thirds of surveyed African countries reporting that cybercrime represents a medium-to-high proportion of their total reported cri...

Key findings: Zero-day exploitation is becoming more difficult, opaque, and expensive, leading to “feast-or-famine” contract cycles. Middlemen with prior government connections further drive up cos...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2025-34033 5VTechnologies - Blue ...

Key Takeaways The supply-chain blast radius is extensive. Anthropic’s vulnerable SQLite MCP server was forked over 5,000 times before being archived. This means this unpatched code now exists insi...

In March–April 2024, during incident response within the information and communication system of a central executive body, Ukraine’s Computer and Emergency Response identified a Windows system infe...

The Trellix Advanced Research Center has uncovered a sophisticated APT malware campaign that we’ve dubbed OneClik. It specifically targets the energy, oil, and gas sector through phishing attacks a...

Citrix patched a critical vulnerability in its NetScaler ADC and NetScaler Gateway products that is already being compared to the infamous CitrixBleed flaw exploited by ransomware gangs and other c...

Executive Summary Unit 42 researchers have been monitoring a series of attacks targeting financial organizations across Africa. We assess that the threat actor may be gaining initial access to the...

Introduction Welcome to the final installment of our Cryptominers’ Anatomy blog series: In our first post, we discussed cryptocurrencies’ fundamentals, their various attributes, and what makes so...