ALL POSTS

Key Findings: A use-after-free (UAF) vulnerability in the Linux kernel's io_uring subsystem can be exploited to bypass the BPF verifier and achieve container escape. The flaw, tracked as CVE-2025-40364, allows attackers to manipulate the BPF verifier and gain arbitrary kernel code execution. Proof-of-concept (PoC) exploits have been publicly released, demonstrating the feasibility of the attack. Background The Linux kernel's io_uring subsystem is a high-performance I/O interf

Key Findings Four new phishing kits named BlackForce, GhostFrame, InboxPrime AI, and Spiderman are capable of facilitating credential theft at scale. BlackForce is designed to steal credentials and perform Man-in-the-Browser (MitB) attacks to capture one-time passwords (OTPs) and bypass multi-factor authentication (MFA). GhostFrame uses an iframe-based approach to hide its malicious behavior and easily switch out phishing content. InboxPrime AI leverages artificial intelligen

Key Findings A new campaign is leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based Remote Access Trojan (RAT) dubbed PyStoreRAT. The malicious repositories, often themed as development utilities or OSINT tools, contain code responsible for silently downloading and executing a remote HTA file. PyStoreRAT is a modular, multi-stage implant that can execute various payloads, including an information stealer known as Rhadamanthys.

Key Findings CVE-2025-55184 (CVSS 7.5) - A pre-authentication denial of service vulnerability in React Server Components (RSC) that can trigger an infinite loop and hang the server process CVE-2025-67779 (CVSS 7.5) - An incomplete fix for CVE-2025-55184 with the same impact CVE-2025-55183 (CVSS 5.3) - An information leak vulnerability that may expose the source code of a vulnerable Server Function Background The React team has released fixes for three new vulnerabilities in R

Key Findings The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the widely used OSGeo GeoServer software to its Known Exploited Vulnerabilities (KEV) Catalog. The flaw, tracked as CVE-2025-58360, is an XML External Entity (XXE) vulnerability that attackers are actively exploiting to breach networks and steal sensitive data. The vulnerability lies within GeoServer's handling of XML input, allowing attackers to define e

Key Findings Google addressed three vulnerabilities in the Chrome browser, including a high-severity bug already exploited in the wild. Google tracked the high-severity vulnerability as Chromium issue 466192044, but did not share technical details. The bug lies in the ANGLE graphics library, where buffer sizes were incorrectly calculated, leading to memory corruption, crashes, or potentially arbitrary code execution. Google also fixed two medium-severity flaws: a use-after-fr

Key Findings: 90% of organizations are facing critical skills gaps (ISC2) AI is reshaping job roles across cybersecurity, cloud, and IT operations Enterprises are rapidly reallocating L&D budgets toward hands-on training that delivers measurable, real-world performance INE is uniquely positioned to support this shift, helping organizations invest their end-of-year budgets in scalable labs, simulations, and immersive learning experiences Background As AI accelerates job transf

Key Findings 1inch, the leading DeFi ecosystem, has been selected as the exclusive swap provider at launch for Ledger Multisig. This integration enables secure, seamless treasury swaps with full clear signing, addressing the issue of blind signing in on-chain treasury management. Ledger Multisig and the 1inch Swap API provide verifiable swap routes, deep liquidity aggregation, and MEV-resistant execution paths, setting a new benchmark for treasury security. 1inch is also adop

Key Findings: A high-severity unpatched security vulnerability in Gogs (CVE-2025-8110) with a CVSS score of 8.7 is under active exploitation, affecting over 700 compromised instances accessible online. The vulnerability allows for file overwrite in the file update API, enabling an attacker to achieve arbitrary code execution through a four-step process. The malware deployed in the attacks is a payload based on Supershell, an open-source command-and-control (C2) framework ofte

Key Findings React2Shell vulnerability (CVE-2025-55182) in React version 19 and React Server Components (RSC) is being heavily exploited by threat actors Exploitation attempts have been observed targeting a wide range of sectors, particularly construction and entertainment industries Attackers are leveraging the vulnerability to deliver cryptocurrency miners and a variety of previously undocumented malware, including: PeerBlight Linux backdoor CowTunnel reverse proxy tunnel Z

Key Findings North Korea-linked threat actors are exploiting the critical React2Shell vulnerability (CVE-2025-55182) to deploy a previously unknown remote access trojan (RAT) dubbed EtherRAT EtherRAT leverages Ethereum smart contracts for command-and-control (C2) resolution, deploys five independent Linux persistence mechanisms, and downloads its own Node.js runtime from nodejs.org The activity exhibits significant overlap with a long-running campaign codenamed "Contagious In

Key Findings Microsoft released patches for 56 security vulnerabilities in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild. Of the 56 flaws, three are rated Critical, and 53 are rated Important in severity. Two of the patched vulnerabilities are listed as publicly known at the time of the release. The vulnerabilities include 29 privilege escalation, 18 remote code execution, four information disclosure, th

Key Findings A critical vulnerability (CVE-2025-59718, CVE-2025-59719) in Fortinet's FortiCloud Single Sign-On (SSO) feature allows unauthenticated attackers to bypass authentication and gain administrative access to affected devices. The vulnerability, which has a CVSS score of 9.1, stems from improper verification of cryptographic signatures (CWE-347) in the FortiCloud SSO SAML implementation. Affected products include FortiOS, FortiWeb, FortiProxy, and FortiSwitch Manager.

Key Findings Microsoft released 57 vulnerabilities in the December 2025 Patch Tuesday, including 2 "critical" and the rest "important" Microsoft assessed that exploitation of the 2 "critical" vulnerabilities is "less likely" Cisco Talos is releasing new Snort rules to detect attempts to exploit some of the disclosed vulnerabilities Background This month's Patch Tuesday addresses a range of vulnerabilities, including: CVE-2025-62562: Microsoft Outlook remote code execution vul

Key Findings Trend Micro's AI-driven threat hunting pipeline discovered a previously unknown and undetectable Linux backdoor called "GhostPenguin" GhostPenguin had zero detections on VirusTotal for over four months before being identified The sophisticated, multi-threaded backdoor is written in C++ and uses RC5-encrypted UDP for covert Command and Control (C2) communications Background GhostPenguin was first submitted to VirusTotal on July 7, 2025, but remained completely inv

Key Findings Ransomware payments reported to FinCEN exceeded $4.5 billion by 2024 2023 marked a record year with $1.1 billion in ransomware payments across 1,512 incidents From 2022 to 2024, organizations reported 4,194 ransomware incidents and over $2.1 billion in payments In comparison, from 2013 to 2021, FinCEN logged 3,075 reports totaling about $2.4 billion Background FinCEN analyzed ransomware trends using Bank Secrecy Act (BSA) reports filed from January 2022 to Februa

Key Findings Securonix researchers discovered a new malware campaign dubbed JS#SMUGGLER that delivers the powerful NetSupport RAT through compromised websites. The attack is designed in three stages to evade detection, starting with an obfuscated JavaScript loader, followed by a hidden HTML Application (HTA) and a final PowerShell payload that downloads and executes the NetSupport RAT. The multi-layered tactics, including encryption, compression, and in-memory execution, indi

Here is the article with the requested format: Key Findings INE has been recognized with seven G2 Winter 2026 badges The awards include Leader status in the Online Course Providers Grid Report and Momentum Leader recognition in two major training categories INE also earned regional leadership positions across Europe, Asia, Asia Pacific, and India Background INE is the premier provider of online networking and cybersecurity training and certification. The company harnesses a p

Key Findings The Iranian hacking group known as MuddyWater has been observed deploying a new backdoor called UDPGangster that uses the User Datagram Protocol (UDP) for command-and-control (C2) communication. The cyber espionage activity targeted users in Turkey, Israel, and Azerbaijan. The attack chain involves using spear-phishing tactics to distribute booby-trapped Microsoft Word documents that trigger the execution of a malicious payload once macros are enabled. UDPGangste

Key Findings: A new packer-as-a-service offering called "Shanya" has been gaining popularity among ransomware groups. Shanya offers features like AMSI bypass, UAC bypass, runtime protection, and anti-VM/sandbox evasion. Early samples of the Shanya crypter contained revealing information about its purpose and development. The Shanya packer has been detected in a wide geographic distribution, with higher prevalence in certain countries like Tunisia and the UAE. The packed execu