ALL POSTS

Key Findings A critical vulnerability (CVSS score 9.8) has been discovered in the Harvester Hyperconverged Infrastructure (HCI) platform. The flaw allows remote attackers to gain unauthorized access to new servers during the installation process using default credentials. Successful exploitation could enable attackers to completely compromise the affected servers and leverage them for further malicious activities. Background Harvester is an open-source HCI solution built on t

Key Findings AccuKnox, a global leader in Zero Trust Cloud-Native Application Protection Platforms (CNAPP), has appointed Connex Information Technologies as its authorized distribution partner across South and Southeast Asia. The partnership aligns AccuKnox with Connex, a global value-added distributor that has steadily expanded its regional footprint since its founding in 2014. Connex operates in 14 countries and supports a network of over 1,500 channel partners across its g

Key Findings The Russia-aligned threat actor known as UAC-0184 (also tracked as Hive0156) has been targeting Ukrainian military and government entities by leveraging the Viber messaging platform to deliver malicious ZIP archives. The attack campaign involves using Viber to distribute malicious ZIP files disguised as official Ukrainian parliamentary documents and military casualty data. The ZIP archives contain Windows shortcut (LNK) files posing as Microsoft Word and Excel do

Key Findings The Kimwolf Android botnet has infected over 2 million devices, primarily through the exploitation of residential proxy networks. The botnet primarily targets low-cost, unofficial Android TV boxes that are left insecure or intentionally configured as proxy nodes. Kimwolf is believed to be an Android variant of the AISURU botnet, with connections to a series of record-setting DDoS attacks. The botnet uses a scanning infrastructure that leverages residential proxie

Key Findings Ilya Lichtenstein, the cybercriminal behind the 2016 Bitfinex hack, has been released from prison early thanks to the 2018 First Step Act signed by former President Donald Trump. Lichtenstein was sentenced to 5 years in prison in November 2024 for his role in a money laundering conspiracy related to the Bitfinex hack, where he stole approximately 120,000 bitcoins. The First Step Act allows inmates to earn credits for good behavior and rehabilitation, potentially

Key Findings VVS Stealer is a Python-based malware that steals Discord credentials and tokens It has been sold on Telegram since at least April 2025 The malware uses the source code obfuscator Pyarmor to heavily obfuscate its Python code, hindering analysis and detection Background VVS Stealer is marketed on Telegram as the "ultimate stealer" and is sold via subscriptions or licenses, starting at €10 per week up to €199 for lifetime access The malware can steal Discord data,

Key Findings President Trump ordered the divestment of a $2.9 million chips deal between U.S. firm Emcore and Chinese-linked company HieFo Corp. Trump cited national security risks tied to HieFo's control of Emcore's chip technology and its links to China. The deal was initially approved in 2024 but later blocked in 2026 after a government review. The blocked technology includes indium phosphide wafers used for advanced internet, laser, and military applications. The move is

Key Findings Cybersecurity firm Resecurity responded to claims made by hacking group ShinyHunters that they had breached the company's internal systems. Resecurity says the attackers were interacting with a honeypot, not their real infrastructure. The honeypot included synthetic employee accounts, fake apps, and isolated infrastructure unrelated to Resecurity's real operations or customers. Resecurity claims no actual client data, passwords, or operational systems were affect

Key Findings Cybersecurity researchers have uncovered a phishing campaign that abuses Google Cloud Application Integration to send emails impersonating legitimate Google messages. The campaign used layered redirection, trusted cloud services, user validation checks, and brand impersonation to evade detection and increase phishing success. Over a two-week period, the researchers observed nearly 9,400 phishing emails targeting approximately 3,200 customers across various indust

Key Findings SpaceX, OpenAI, and Anthropic are reportedly preparing for IPOs in 2026 that could collectively exceed $3 trillion in valuation. SpaceX is targeting a $1.5 trillion IPO, fueled by Starlink's profitability and plans to accelerate Starship's Mars colonization and develop space-based AI data centers. OpenAI is eyeing a $1 trillion IPO to fund the development of GPT-6 and the Stargate supercomputing infrastructure. Anthropic, the dark horse, may leapfrog OpenAI by go

Key Findings The RondoDox botnet has been conducting a persistent nine-month campaign targeting IoT devices and web applications. The botnet has been exploiting the recently disclosed React2Shell (CVE-2025-55182, CVSS score: 10.0) vulnerability in Next.js and React Server Components (RSC) to achieve remote code execution on susceptible devices. There are about 90,300 instances that remain vulnerable to React2Shell globally, with the majority (68,400) located in the U.S. The R

Key Findings The RondoDox botnet is exploiting the critical React2Shell vulnerability (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. The RondoDox botnet has been active since 2024 and has evolved through three phases: reconnaissance and vulnerability testing, automated web application exploitation, and large-scale IoT botnet deployment. The botnet now runs hourly IoT exploitation waves targeting routers from vendors like Linksys and Wavli

Key Findings HoneyMyte, also known as Mustang Panda or Bronze President, has deployed a sophisticated kernel-mode rootkit to infiltrate government networks in Southeast and East Asia. The rootkit, named ProjectConfiguration.sys, is signed with a stolen digital certificate to bypass security checks. The rootkit acts as a "bodyguard" for HoneyMyte's malware, including the group's signature backdoor ToneShell, by manipulating driver loading order to blind security software like

Key Findings IBM disclosed a critical vulnerability (CVE-2025-13915) in its API Connect product that allows remote attackers to bypass authentication and gain unauthorized access. The vulnerability has a CVSS score of 9.8, indicating a severe and high-risk flaw. The issue affects versions 10.0.8.0 through 10.0.8.5 and 10.0.11.0 of IBM API Connect. Background IBM API Connect is an end-to-end API management solution used by organizations to create, test, manage, and secure APIs

Key Findings The second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain attack in November 2025 was likely responsible for the hack of Trust Wallet's Google Chrome extension. The attack resulted in the theft of approximately $8.5 million in cryptocurrency assets from 2,520 wallet addresses. The attacker obtained full access to the Chrome Web Store (CWS) API key, allowing them to upload a trojanized version of the extension with a backdoor capable of harvesting users

Key Points The cybercrime group known as Silver Fox has shifted its focus to Indian users, using income tax-themed phishing emails to distribute the ValleyRAT remote access trojan. Silver Fox is a Chinese hacking group that has been active since 2022, targeting Chinese-speaking individuals and organizations initially, but has now expanded its victimology to include Indian users. The phishing emails contain malicious PDF attachments that lead victims to download a ZIP file con

Key Findings Mustang Panda (aka HoneyMyte, Camaro Dragon, RedDelta, Bronze President) used a signed kernel-mode rootkit driver to deploy its ToneShell backdoor in attacks targeting government entities in Southeast and East Asia, especially Myanmar and Thailand. The driver file, named "ProjectConfiguration.sys", is signed with a stolen or leaked digital certificate from Guangzhou Kingteller Technology Co., Ltd. (serial number 08 01 CC 11 EB 4D 1D 33 1E 3D 54 0C 55 A4 9F 7F). T

Key Findings The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the MongoDB vulnerability CVE-2025-14847, known as "MongoBleed," to its Known Exploited Vulnerabilities (KEV) Catalog. The vulnerability, with a CVSS score of 8.7, allows unauthenticated, remote attackers to execute arbitrary code on vulnerable MongoDB servers. Over 87,000 potentially vulnerable MongoDB instances have been identified worldwide, primarily located in the U.S., China, Germany

Key Findings Servers of Ubisoft's Rainbow Six Siege were compromised in a hacker attack Attackers infiltrated the servers and granted massive amounts of in-game currency and items to players This triggered Ubisoft's anti-cheat system, which began issuing account bans indiscriminately Even well-known players were caught up in the wave of suspensions Ubisoft is working to resolve the issue through data rollbacks and quality control testing The company cautioned that a full rest

Key Findings Vulnerability CVE-2025-54322 in XSpeeder networking devices allows for remote root access without a password. The vulnerability earned a perfect 10.0 (Critical) CVSS score, the highest possible threat rating. The vulnerability was discovered by the research firm pwn.ai using its proprietary AI tool. Over 70,000 XSpeeder devices are currently exposed online due to this vulnerability. Despite the research team's 7-month effort to notify the vendor, XSpeeder has not