Key Findings SocGholish, operated by TA569, actually functions as a Malware-as-a-Service (MaaS) vendor, selling access to compromised systems to various financially motivated cybercriminal clients....

“Ukraine’s Defence Intelligence agency (HUR) claims that its hackers have successfully stolen secret files and classified data on a state-of-the-art Russian nuclear submarine, the “Knyaz Pozharsky....

Mobile infostealers have rapidly evolved into a critical threat vector for both individuals and enterprises. These malicious apps are designed to harvest credentials, intercept communications, and ...

In today’s multi-stage attacks, neutralizing endpoint security solutions is a critical step in the process, allowing threat actors to operate undetected. Since 2022, we’ve seen an increase in the s...

Assessing software risk is a crucial task for security operations (SecOps) teams, who are bombarded by more than 4,000 alerts a day. A key tool historically for this is the Common Vulnerability Sco...

KLM Airlines (aka KLM Royal Dutch Airlines), a French-Dutch multinational airline, has notified customers about a recent data breach that exposed certain personal details after a third-party system...

Google is the latest company to suffer a data breach in an ongoing wave of Salesforce CRM data theft attacks conducted by the ShinyHunters extortion group. In June, Google warned that a threat act...

The security vulnerability In version 3.2.2 and below, Everest Forms is vulnerable to PHP object injection in certain WordPress environments when an Administrator user views form submissions. The ...

SonicWall is investigating a potential new zero-day after a surge in Akira ransomware attacks targeting Gen 7 firewalls with SSLVPN enabled. The company is working to determine if the incidents ste...

Executive Summary SentinelLABS has uncovered a series of cryptocurrency scams in which threat actors distribute a malicious smart contract disguised as a trading bot in order to drain user wallets ...

Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that they are calling “ReVault”. 100+ models of Dell laptops are aff...

Excerpt: This post explains a recent incident response engagement handled by NCC Group’s Digital Forensics and Incident Response (DFIR) team, involving a social engineering attack followed by the q...

AhnLab SEcurity intelligence Center (ASEC) recently identified cases of Makop ransomware attacks targeting South Korean users. The Makop ransomware has been distributed to South Korean users by dis...

Key Takeaways Threat actors are leveraging generative AI tools like DeepSite AI and BlackBox AI to produce phishing templates that closely mimic official government websites, like the Brazilian St...

In June 2025, during the 12-day conflict between Israel and Iran, a network of Iran-linked hackers launched a flurry of cyber-operations aligned with the war. As air strikes crossed borders, a vast...

Bumblebee malware has been an initial access tool used by threat actors since late 2021. In 2023 the malware was first reported as using SEO poisoning as a delivery mechanism. Recently in May of 20...

Key Insights Critical RCE Flaw in Popular AI-powered IDE. Check Point Research uncovered a persistent remote code execution vulnerability in Cursor, a fast-growing AI-powered coding platform trus...

The incident came to light on July 24, when Cisco learned that one of its representatives had been targeted in a vishing attack. The threat actor had managed to access and steal a “subset of basic ...

Key Takeaways Raspberry Robin is an advanced malware downloader that has been active since 2021. The developers have improved the malware’s obfuscation methods by adding multiple initialization lo...

Cybersecurity researchers have uncovered significant overlaps between the attack infrastructure of ShadowSyndicate, also known as Infra Storm by Group-IB, and several prominent ransomware-as-a-serv...