In a recent incident response (IR) case, we discovered highly customized malware targeting Exchange infrastructure within government environments. Analysis of detection logs and clues within the sa...
A vulnerability disclosed in May 2025, CVE-2025-48927, affects certain deployments of TeleMessage™ SGNL, an enterprise messaging system modeled after Signal, used by government agencies and enterpr...
This report examines a growing scam technique involving fake receipt generators – tools that enable fraudsters to create counterfeit receipts from well-known brands. This research was brought to ou...
It was 2017 when Coinhive burst onto the scene, embedding a Monero miner directly into websites. Users would unknowingly mine cryptocurrency while browsing, turning their devices into silent profit...
The identities of more than 100 British officials, including members of the special forces and MI6, were compromised in a data breach that also put thousands of Afghans at risk of reprisal, it can ...
NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2025-30747 Oracle Corporation - P...
Key Findings Multi-Stage Attacks: UNG0002 employs sophisticated infection chains using malicious LNK files, VBScript, batch scripts, and PowerShell to deploy custom RAT implants including ...
Aviation insiders say Serbia’s national airline, Air Serbia, was forced to delay issuing payslips to staff as a result of a cyberattack it is battling.\n\nInternal memos, seen by The Register, date...
A DoD report warns that a China-nexus hacking group, Salt Typhoon, breached a U.S. state’s Army National Guard network from March to December 2024. The APT stole network configurations, admin crede...
Key findings: Between March and June 2025, Proofpoint Threat Research observed three Chinese state-sponsored threat actors conduct targeted phishing campaigns against the Taiwanese semiconductor i...
Google Threat Intelligence Group (GTIG) has identified an ongoing campaign by a suspected financially-motivated threat actor we track as UNC6148, targeting fully patched end-of-life SonicWall Secur...
The FortiCNAPP team, part of FortiGuard Labs, recently investigated a cluster of virtual private servers (VPS) used for Monero mining. The identified samples are associated with prior H2miner campa...
Between 14 and 17 July, a joint international operation, known as Eastwood and coordinated by Europol and Eurojust, targeted the cybercrime network NoName057(16). Law enforcement and judicial autho...
In one of the most recent cases (July 2025), a Morphisec customer was targeted through external Microsoft Teams calls impersonating an IT helpdesk. During this engagement, Quick Assist was activate...
NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2024-42650 n/a - n/a NanoMQ...
Zyxel has released patches to address a path traversal vulnerability in the file_upload-cgi CGI program of certain access point (AP) firmware versions. Users are advised to install these patches fo...
Cyber specialists from Ukraine’s Defense Intelligence Directorate (HUR), with support from the “Ukrainian Cyber Alliance” and the hacker group “BO Team,” have carried out a cyberattack on the netwo...
Socket’s Threat Research Team recently reported on two npm packages with hidden functionality for Russian-language users visiting Russian domains in a browser. In the last few weeks, the team has f...
A new phishing campaign leveraging SVG files to deliver JavaScript-based redirect attacks has been uncovered by cybersecurity researchers. The attack utilizes seemingly benign image files to conce...
Executive summary This report details an investigation into a Fast Flux network observed in 2024. It covers the technical details of the network, its observable infrastructure, the malware associa...