ALL POSTS

Key Findings: A newly discovered vulnerability in the Windows Kernel, tracked as CVE-2025-62215, allows local privilege escalation. The flaw, present in all supported versions of Windows, enables a low-privileged user or process to elevate their permissions to gain SYSTEM-level access. Proof-of-concept (PoC) exploits have been publicly released, demonstrating the ability to achieve arbitrary code execution with SYSTEM privileges. The vulnerability is considered high-severity,

Key Findings BreachLock, a global leader in offensive security, has announced a new integration with Vanta, the leading AI-powered trust management platform. The integration enables organizations to push security validation evidence directly into compliance workflows with a single click, bridging the gap between continuous security testing and compliance. Mutual customers can now connect the BreachLock Unified Platform to their Vanta environment, allowing them to automaticall

Key Findings ThreatBook has been recognized as a Strong Performer in the 2025 Gartner® Peer Insights™ Voice of the Customer for Network Detection and Response (NDR) for the third consecutive year. This recognition is driven by real-world customer feedback, with ThreatBook achieving a 100% recommendation rate from 43 verified reviews. Enterprise users across various industries, including finance, manufacturing, energy, and retail, contributed feedback highlighting ThreatBook T

Key Findings Amazon's threat intelligence team observed an advanced persistent threat group exploiting zero-day vulnerabilities in Cisco Identity Service Engine (ISE) and Citrix NetScaler ADC products before the vendors disclosed and patched the issues. The attacks leveraged the following vulnerabilities: CVE-2025-5777 (CVSS score: 9.3) - An insufficient input validation vulnerability in Citrix NetScaler ADC and Gateway that could be exploited to bypass authentication. (Fixed

Key Findings Google has released an emergency security update for Chrome Stable Channel, addressing a high-severity vulnerability in the V8 JavaScript engine (CVE-2025-13042) The vulnerability, described as an "inappropriate implementation in V8", could potentially lead to type confusion, memory corruption, or arbitrary code execution While no active exploitation is reported, V8 flaws have historically been targeted by threat actors for zero-day exploits in spear-phishing and

Key Findings North Korea-linked Konni APT group posed as psychological counselors and North Korean human rights activists to distribute malware disguised as stress-relief programs via KakaoTalk messenger Attackers compromised victims' Google accounts and abused Google's "Find Hub" service to remotely reset Android devices in South Korea, erasing users' personal data This is the first known case of a state-sponsored APT group exploiting Find Hub to perform destructive remote w

Key Findings Newly disclosed vulnerabilities in Apache OFBiz, an open-source ERP platform CVE-2025-59118: Unrestricted File Upload vulnerability allowing remote command execution (RCE) CVE-2025-61623: Reflected cross-site scripting (XSS) vulnerability Background Apache OFBiz is an open-source enterprise resource planning (ERP) software used for managing critical business workflows, including accounting, e-commerce, and inventory management. As a widely adopted ERP platform, v

Key Findings Microsoft released its November 2025 Patch Tuesday, addressing a total of 68 vulnerabilities, including a high-priority zero-day flaw already being actively exploited in the wild. The most urgent patch is for CVE-2025-62215, a Windows Kernel Elevation of Privilege Vulnerability that allows an authenticated attacker to gain SYSTEM privileges. In addition to the zero-day, four other flaws have been rated as Critical severity, posing a significant risk of Remote Cod

Key Findings Researchers at Mandiant Threat Defense, part of Google Cloud Security Operations, have revealed a critical unauthenticated access vulnerability in Gladinet's Triofox file-sharing platform (CVE-2025-12480). The vulnerability allowed attackers to bypass authentication, create administrative accounts, and achieve SYSTEM-level code execution through a chained attack path. The exploitation campaign was first detected on August 24, 2025, when Google Threat Intelligence

Key Findings: The North Korea-affiliated threat actor known as Konni (aka Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia) has been attributed to a new set of attacks targeting both Android and Windows devices for data theft and remote control. Attackers impersonated psychological counselors and North Korean human rights activists, distributing malware disguised as stress-relief programs. The attackers exploited Google's asset tracking services Find Hub (formerly Find My De

Key Findings: CVE-2025-12485 is a critical vulnerability (CVSS 9.4) in Devolutions Server that allows a low-privileged authenticated user to impersonate another account by replaying a pre-MFA cookie. CVE-2025-12808 is a high-severity vulnerability (CVSS 7.1) that allows a View-only user to retrieve sensitive third-level nested fields, potentially exposing stored passwords or configuration secrets. Both vulnerabilities affect multiple versions of Devolutions Server 2025 and re

Key Findings Cybersecurity researchers have discovered a new set of three Visual Studio Code (VS Code) extensions associated with the GlassWorm malware campaign. The extensions, with thousands of downloads, are still available for download and are being used to harvest credentials, drain cryptocurrency wallets, and drop remote access tools. The malware uses invisible Unicode characters to hide malicious code, allowing it to evade detection and create a self-replicating worm-l

Key Findings: Incident Response Team SA DE CV (ShieldForce), a leading cybersecurity provider in Mexico and Latin America, has partnered with AccuKnox, a Zero Trust CNAPP platform, and DeepRoot Technologies, a global cybersecurity service provider. The partnership aims to accelerate the adoption of Zero Trust strategies and AI Security innovation across the region. ShieldForce's CEO, Francisco Villegas, recently presented on the importance of Zero Trust CNAPP in modern enterp

Key Findings Nine NuGet packages published under the alias "shanhai666" are designed to execute destructive, time-delayed payloads against database applications and industrial control systems. The packages provide nearly all of their advertised functionality, blending genuine code with hidden sabotage to build trust and pass code reviews. The malware exploits C# extension methods to transparently inject malicious logic into database and PLC operations, including methods to te

Key Findings Researchers discovered a previously unknown Android spyware family dubbed LANDFALL, which leveraged a zero-day vulnerability (CVE-2025-21042) in Samsung's image processing library to compromise Galaxy devices. The campaign, active since mid-2024, appears to have targeted users in the Middle East, with the spyware embedded inside malicious DNG image files sent through WhatsApp. The exploit relies on malformed DNG (Digital Negative) image files, exploiting a flaw i

Key Findings: Microsoft set to receive $12.5 billion in tax breaks in 2026, enough to provide food assistance to 5.2 million people, Medicaid coverage for 1.6 million adults (or 3.8 million children), or reduce ACA premiums for 1.9 million Americans Amazon poised to receive $16 billion in tax reductions this year, which could fund SNAP benefits for 6.6 million people, Medicaid coverage for 2 million adults (or 5.4 million children), or reduce ACA premiums for 2.4 million Amer

Key Findings: The Danish government has reached a political agreement to introduce legislation banning social media use for anyone under the age of 15. This measure would rank among the strictest digital regulations aimed at protecting young users from the potential harms of social media. The government cites concerns over disrupted sleep, loss of peace and concentration, and increasing social pressure on children and adolescents. Denmark's initiative follows Australia's nati

Key Findings Microsoft has uncovered a novel side-channel attack, dubbed "Whisper Leak", that can identify AI chat topics in encrypted traffic The attack allows an attacker to observe encrypted TLS traffic and use trained classifiers to infer whether the conversation topic matches a sensitive target category This leakage of data exchanged between humans and streaming-mode language models could pose serious risks to the privacy of user and enterprise communications Background

Key Findings China-linked hackers targeted a U.S. non-profit organization in a long-term espionage campaign. The group gained access to the network for several weeks in April 2025 and used various techniques to establish persistence and maintain long-term access. The attackers leveraged DLL sideloading via the vetysafe.exe application, a tactic commonly associated with China-linked APT groups such as Space Pirates, Kelp, and Earth Longzhi (a subgroup of APT41). The group also

Key Findings A set of nine malicious NuGet packages capable of dropping time-delayed payloads has been identified. The packages were published in 2023 and 2024 by a user named "shanhai666" and are designed to run malicious code after specific trigger dates in August 2027 and November 2028. The packages were collectively downloaded 9,488 times. The most dangerous package, "Sharp7Extend," targets industrial PLCs with dual sabotage mechanisms: immediate random process terminatio