ALL POSTS

Key Findings Criminal IP, an AI-powered threat intelligence and attack surface monitoring platform, has officially integrated with Palo Alto Networks' Cortex XSOAR. The integration embeds real-time external threat context, exposure intelligence, and automated multi-stage scanning directly into Cortex XSOAR's orchestration engine. This integration enhances security teams' incident response capabilities by providing higher incident accuracy and faster response compared to conve

Key Findings A fundamental vulnerability in the UEFI firmware implementations of certain motherboards from ASRock, ASUS, GIGABYTE, and MSI allows attackers with physical access to bypass operating system security controls. The flaw, which is tracked as CVE-2025-14304, CVE-2025-11901, CVE-2025-14302, and CVE-2025-14303, stems from a discrepancy between what the firmware reports and what it actually does in terms of enabling the Input-Output Memory Management Unit (IOMMU). Desp

Key Findings HPE has disclosed a critical vulnerability (CVE-2025-37164) in its OneView infrastructure management software with a CVSS score of 10.0 The flaw allows unauthenticated remote code execution, enabling attackers to take full control of affected systems It impacts all versions of OneView prior to version 11.00 HPE has released an urgent patch to address the vulnerability and is advising customers to update as soon as possible For older OneView versions (5.20 to 10.2

Key Findings INE Security, a global leader in cybersecurity and IT training, has announced significant expansion across the Middle East and Asia. The company's hands-on training approach is proving to be a cost-effective solution for upskilling cybersecurity professionals in high-growth markets, including the Kingdom of Saudi Arabia (KSA), the United Arab Emirates (UAE), and Egypt. The demand for high-quality, practical cybersecurity training has surged as these nations prior

Key Findings The Botting Network, a forum for making money with botting, suffered a data breach in August 2012. The breach exposed 96,000 user records, including email addresses, usernames, dates of birth, and salted MD5 password hashes. The breach poses risks such as potential phishing attacks, identity theft, and other security concerns. Background In August 2012, the forum for making money with botting "The Botting Network" suffered a data breach that exposed 96,000 user r

Key Findings SonicWall has released fixes to address a security flaw, CVE-2025-40602, in its Secure Mobile Access (SMA) 100 series appliances. The vulnerability, with a CVSS score of 6.6, allows for local privilege escalation due to insufficient authorization in the appliance management console (AMC). The vulnerability was reported to be exploited in combination with CVE-2025-23006 (CVSS 9.8) to achieve unauthenticated remote code execution with root privileges. CVE-2025-2300

Key Findings Amazon's threat intelligence team has disclosed details of a "years-long" Russian state-sponsored campaign that targeted Western critical infrastructure between 2021 and 2025. The activity has been attributed with high confidence to Russia's Main Intelligence Directorate (GRU), citing infrastructure overlaps with APT44, also known as FROZENBARENTS, Sandworm, Seashell Blizzard, and Voodoo Bear. The campaign targeted energy sector organizations across Western natio

Key Findings: Russian state-sponsored threat actors linked to the GRU are increasingly breaching critical infrastructure networks by exploiting basic configuration mistakes rather than software vulnerabilities. The campaign has targeted energy providers and other critical infrastructure organizations across North America and Europe since at least 2021. The attackers focused on enterprise routers, VPN gateways, and network management appliances with exposed or poorly secured m

Key Findings The original founder of the BreachForums hacking forum has been arrested and sentenced to prison. Numerous reincarnations of BreachForums have continued to surface, despite several being shut down. Users who had previously registered on BreachForums recently received emails claiming the forum had reopened. The emails were sent from the domain pppj-sdpj92-ger2@interieur.gouv.fr, which belongs to the French Ministry of the Interior. This incident coincides with a r

Key Findings DDoS attacks will increasingly be used as diversion tactics to draw attention away from more damaging activities API-first architectures will increase exposure to misconfigurations and business logic abuse Integrated WAAP platforms will overtake fragmented web security architectures AI-driven DDoS mitigation will become essential against hyper-scale attacks Regulatory pressure will intensify as cybersecurity oversight expands across Europe Background Cybersecurit

Key Findings Threat actors have begun exploiting two newly disclosed security flaws in Fortinet FortiGate devices, less than a week after public disclosure. The attacks exploit two critical authentication bypasses (CVE-2025-59718 and CVE-2025-59719, CVSS scores: 9.8). The vulnerabilities allow unauthenticated bypass of SSO login authentication via crafted SAML messages if the FortiCloud SSO feature is enabled. Fortinet has released patches for the flaws in FortiOS, FortiWeb,

Key Findings In August 2025, Kaspersky researchers discovered a new Android banking Trojan dubbed "Frogblight" targeting individuals in Turkey. The malware initially disguised itself as an app for accessing court case files via an official government webpage, but later adopted more universal disguises like the Chrome browser. Frogblight can use official government websites as an intermediary step to steal banking credentials and has spyware capabilities to collect SMS message

Key Findings: Sophisticated phishing campaign targeting Russian finance sector, using high-quality social engineering to bypass defenses. Malware dubbed "Phantom Stealer" deployed via malicious ISO files attached to phishing emails. Phantom Stealer equipped with aggressive data-harvesting modules targeting crypto wallets, chat apps, and browser data. Malware includes anti-analysis checks to evade security researchers. Campaign highlights shift towards ISO-based initial access

Key Findings NVIDIA has issued critical security updates for its Merlin framework, addressing high-severity vulnerabilities (CVSS 8.8) in two key components: NVTabular and Transformers4Rec. The vulnerabilities stem from unsafe deserialization, which could allow attackers to execute malicious code, tamper with data, or cause denial of service in AI recommendation pipelines. The first flaw (CVE-2025-33214) affects the Workflow component of NVTabular, a feature engineering libra

Key Findings Elastic Security Labs has uncovered a sophisticated new Windows backdoor called NANOREMOTE that leverages the Google Drive API for covert command-and-control (C2) and data exfiltration operations. NANOREMOTE employs legitimate cloud services to blend its malicious traffic with normal network activity, making it extremely difficult for traditional security tools to detect. The malware uses OAuth 2.0 tokens to authenticate with Google's servers and create a covert

Key Findings A 16TB unsecured MongoDB database exposed about 4.3 billion professional records, mainly LinkedIn-style data The database was discovered by researchers Bob Diachenko and nexos.ai on November 23, 2025 and secured two days later The database contained 9 collections with at least 3 exposing nearly 2 billion personal records including names, emails, phone numbers, LinkedIn links, job roles, employers, work history, education, locations, skills, languages, and social

Key Findings A critical security vulnerability, CVE-2025-13780, has been discovered in pgAdmin, the popular open-source management tool for PostgreSQL. The flaw allows attackers to achieve Remote Code Execution (RCE) by exploiting a subtle oversight in how the software processes file encoding. The vulnerability affects pgAdmin versions up to 9.10 when running in server mode. It creates a scenario where a routine database restore operation can be weaponized to execute arbitrar

Key Findings: Germany summoned Russia's ambassador over alleged cyberattacks on its air traffic control authority and a disinformation campaign ahead of national elections. The German government has clear evidence linking an August 2024 cyberattack on Deutsche Flugsicherung, the country's air traffic control authority, to the Russia-nexus group APT28 (aka Fancy Bear). Germany also accused Moscow of attempting to influence and destabilize Germany's federal election through a d

Key Findings The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2025-14174: Google Chromium Out-of-Bounds Memory Access Vulnerability CVE-2018-4063: Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability Background CVE-2025-14174 is an out-of-bounds memory access flaw in the ANGLE graphics library of Google Chrome on Mac, which can be expl

Key Findings React2Shell (CVE-2025-55182), a critical vulnerability in React Server Components, was disclosed on December 3, 2025, carrying a maximum CVSS score of 10.0 and enabling unauthenticated remote code execution. Shortly after disclosure, the Google Threat Intelligence Group (GTIG) observed widespread exploitation across various threat actor groups, ranging from opportunistic cybercriminals to suspected espionage groups. Several distinct campaigns were identified, inc