ALL POSTS

Europol Raids Disrupt Black Axe Cybercrime Ring in Spain Key Findings: International law enforcement agencies have dealt a major blow to the criminal network known as Black Axe. 34 people were arrested across Spain, with the majority in Seville. Black Axe is a large, organized criminal group originating in West Africa, with an estimated 30,000 members worldwide. The group is known for online fraud schemes, including romance scams, phishing, and business email compromise (BEC)

Key Findings The FBI warns that the North Korea-linked advanced persistent threat (APT) group Kimsuky is targeting governments, think tanks, and academic institutions with "quishing" attacks. Quishing is a social engineering attack that uses malicious QR codes to trick victims into visiting fake websites or downloading malware. Kimsuky has conducted spear-phishing campaigns using QR codes that impersonate trusted figures like foreign advisors, embassy staff, and think tank em

Key Findings: A massive data breach has exposed the personal information of about 17.5 million Instagram users. The exposed data includes usernames, physical addresses, phone numbers, and email addresses. Cybercriminals have stolen this sensitive information and are selling it in batches on dark web forums. Affected users have reported receiving password reset emails, raising concerns about ongoing phishing attempts. Security experts warn this breach poses serious privacy and

Key Findings Meta has secured up to 6.6 GW of nuclear power through landmark deals with Vistra, TerraPower, and Oklo to fuel its growing AI infrastructure and the "Prometheus" supercomputing cluster in Ohio. The collaboration with TerraPower involves financing the construction of two sodium-cooled reactors utilizing proprietary "Natrium" technology, providing 690 MW initially, with plans to expand to 2.1 GW by 2035. Meta has also entered an agreement with Oklo, a startup back

Key Findings Iran has imposed a nationwide internet blackout amid widespread protests, severely restricting global connectivity. However, a limited surge of traffic was detected from select Iranian academic institutions, suggesting potential "whitelisting" tests. The fluctuations in connectivity for these academic networks indicate a strategic assessment of restricting global access to a limited elite. Tehran accounted for the majority of the observed academic traffic, likely

Key Findings Russian state-sponsored threat group APT28 (aka BlueDelta) linked to a fresh wave of credential harvesting attacks Targeting individuals associated with a Turkish energy and nuclear research agency, a European think tank, and organizations in North Macedonia and Uzbekistan Campaign leverages sophisticated phishing techniques to compromise accounts and steal user credentials Background APT28 is associated with the Main Directorate of the General Staff of the Armed

Key Findings Trend Micro patched three vulnerabilities (CVE-2025-69258, CVE-2025-69259, CVE-2025-69260) in its Apex Central management console. The most severe issue is a LoadLibraryEX remote code execution (RCE) vulnerability tracked as CVE-2025-69258, with a CVSS score of 9.8. The other vulnerabilities are an unchecked NULL return value Denial of Service (DoS) issue (CVE-2025-69259) and a message out-of-bounds read Denial of Service (DoS) flaw (CVE-2025-69260), both with a

Key Findings: Chinese-speaking threat actors leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit toolkit. The toolkit targeted up to 155 ESXi builds and enabled virtual machine (VM) escape via disabled VMCI drivers and unsigned kernel drivers, potentially paving the way for a ransomware attack. The exploit chain included a sophisticated VM escape and appears to have been developed more than a year before the related VMwa

Key Findings China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe UAT-7290 primarily targets telecom providers, conducting espionage by deeply embedding in victim networks and operating Operational Relay Box (ORB) infrastructure The threat actor uses a broad toolset, including open-source tools, custom malware, and one-day exploits against edge networking devices Attacks are preceded by extensive

Key Findings Researchers from Zscaler ThreatLabz discovered three malicious npm packages that deliver a new Remote Access Trojan (RAT) called NodeCordRAT. The packages - bitcoin-main-lib, bitcoin-lib-js, and bip40 - were designed to mimic legitimate tools from the bitcoinjs project, tricking developers into installing them. NodeCordRAT uses Discord as a command-and-control (C2) channel, blending its malicious traffic with legitimate user activity to evade detection. The malwa

Key Findings: CISA has added two security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2009-0556: A code injection flaw in Microsoft Office PowerPoint that allows remote code execution CVE-2025-37164: A code injection vulnerability in HPE OneView that allows remote unauthenticated code execution Background CVE-2009-0556 is a memory corruption vulnerability in legacy Microsoft PowerPoint that was exploited in the wild in April 2009. It affects Powe

Key Findings The Astaroth banking Trojan is spreading in Brazil through a WhatsApp worm that automatically sends malicious messages to victims' contacts. The malware uses a Python-based propagation module to harvest the victim's WhatsApp contacts and automatically forward infected ZIP files, enabling self-spreading capabilities. A separate banking module operates silently in the background, monitoring the victim's browsing activity and stealing credentials when banking-relate

Key Findings: Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). The vulnerability, tracked as CVE-2026-20029 (CVSS score: 4.9), resides in the licensing feature and could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. The vulnerability is due to improper parsing of XML that is processed by the web-based management

Key Findings A critical vulnerability (CVE-2026-21858, CVSS score of 10.0) has been discovered in the n8n workflow automation platform, dubbed "Ni8mare" by researchers. The flaw allows unauthenticated attackers to fully compromise affected n8n instances, exposing sensitive data and potentially leading to further system compromise. The vulnerability affects all versions of n8n prior to and including 1.65.0, and it was fixed in n8n version 1.121.0 in November 2025. Background n

Key Findings: Veeam has released security updates to address critical vulnerabilities in its Backup & Replication software, including a flaw with a CVSS score of 9.0 that could allow remote code execution (RCE). The most severe vulnerability, CVE-2025-59470 (CVSS 9.0), enables a Backup or Tape Operator to achieve RCE as the postgres user by sending a malicious interval or order parameter. Three other vulnerabilities, CVE-2025-55125 (CVSS 7.2), CVE-2025-59469 (CVSS 7.2), and C

Key Findings Threat actors are exploiting misconfigured email routing and spoof protection to impersonate organizations' internal domains and distribute phishing emails. These phishing campaigns leverage phishing-as-a-service (PhaaS) platforms like Tycoon 2FA, delivering a variety of lures related to voicemails, shared documents, HR communications, and password resets. The attack vector is not new, but Microsoft has observed a surge in its usage since May 2025, targeting a wi

Key Findings Hackers are actively exploiting a critical remote code execution (RCE) vulnerability, CVE-2026-0625 (CVSS score: 9.3), in legacy D-Link DSL routers. The flaw is an improper neutralization of special elements used in an OS Command, allowing unauthenticated remote attackers to inject and execute arbitrary shell commands. The vulnerable endpoint, dnscfg.cgi, is also associated with unauthenticated DNS modification ("DNSChanger") behavior documented by D-Link. Exploi

Key Findings NVIDIA unveiled G-SYNC Pulsar technology, delivering 1000Hz-class dynamic visual clarity for esports displays DLSS 4.5 introduces Second-generation Super Resolution Transformer and Dynamic Multi-Frame Generation, significantly boosting performance in path-traced games NVIDIA's ACE (Avatar Cloud Engine) is now integrated into games like Total War: PHARAOH, enabling natural language-based interactions with AI advisors RTX Remix gains new Logic capabilities, allowin

Background Fraud has long been perceived as a cost of doing business, a nuisance to be absorbed by banks and consumers. This perception is outdated, as modern fraud blends geopolitics with advanced technical tactics, carried out through criminal proxies to target businesses and the public. Key Findings The global response to fraud has remained piecemeal, reactive, and inadequate, despite it being a global security threat. Industrialized fraud integrates aspects of asymmetric

Key Findings A critical vulnerability (CVSS score 9.8) has been discovered in the Harvester Hyperconverged Infrastructure (HCI) platform. The flaw allows remote attackers to gain unauthorized access to new servers during the installation process using default credentials. Successful exploitation could enable attackers to completely compromise the affected servers and leverage them for further malicious activities. Background Harvester is an open-source HCI solution built on t