ALL POSTS

Key Findings: Cloudflare, a major web infrastructure company that handles an estimated 20% of global web traffic, experienced a service disruption on November 18, 2025. The disruption caused errors and inaccessibility for a wide range of websites and online services, including Hackread.com, Canva, Uber, IKEA, Shopify, League of Legends, DoorDash, Discord, Patreon, Medium, Crunchyroll, GitLab, Udemy, and popular AI tools like ChatGPT. The root cause was a latent bug triggered

Key Findings The cybercriminal supply chain continues to transform, with new specialized roles emerging to enable cybercrime at scale. Threat actor communities will fragment, evolve, and get younger, with an influx of teen cybercriminals using plug-and-play attack kits. The non-human identity (NHI) explosion will fuel hidden risks, as machine credentials proliferate across cloud environments with less protection than human-based credentials. Insider threats will be fueled by

Key Findings Microsoft disclosed that it automatically detected and mitigated a 15.72 Tbps DDoS attack, the largest ever observed in the cloud, targeting a single endpoint in Australia. The attack originated from the AISURU botnet, a Mirai-class IoT botnet powered by nearly 300,000 infected devices, mainly routers, security cameras, and DVR systems. The attack involved massive UDP floods from over 500,000 source IPs across various regions, with minimal spoofing and random sou

Key Findings Google released security updates for Chrome to address two security flaws, including one that is being actively exploited in the wild. The actively exploited vulnerability is CVE-2025-13223, a type confusion vulnerability in the V8 JavaScript and WebAssembly engine that could lead to arbitrary code execution or program crashes. Clément Lecigne of Google's Threat Analysis Group (TAG) discovered and reported the flaw on November 12, 2025. Google has not provided de

Key Findings The Dragon Breath APT group (APT-Q-27) has deployed a new multi-stage malware loader called RoningLoader to target Chinese-speaking users. The campaign uses trojanized installers masquerading as trusted applications like Google Chrome and Microsoft Teams. RoningLoader exhibits sophisticated evasion and defense bypass techniques, including: Abuse of Protected Process Light (PPL) to disable Windows Defender Leveraging a legitimate, signed kernel driver to terminate

Key Findings Alice Blue, a prominent brokerage and financial services firm, has partnered with AccuKnox, a global leader in Zero Trust Cloud-Native Application Protection Platforms (CNAPP), to strengthen its security and compliance frameworks across on-prem and cloud workloads. The partnership was executed through channel partner Airowire. Leveraging AccuKnox's security capabilities, Alice Blue aims to achieve enhanced visibility, automated compliance, and continuous protecti

Key Findings GoSign Desktop, a widely used electronic signature solution, contains critical vulnerabilities that can lead to remote code execution and privilege escalation. The platform disables TLS certificate validation when configured to use a proxy server, exposing users to man-in-the-middle attacks. The update mechanism relies on an unsigned manifest, allowing an attacker to deliver malicious updates and fully compromise the machine. Sensitive data, such as OAuth secrets

Key Findings: RondoDox botnet malware is targeting unpatched XWiki instances to exploit a critical remote code execution vulnerability (CVE-2025-24893). The vulnerability, with a CVSS score of 9.8, allows any guest user to execute arbitrary code through a request to the "/bin/get/Main/SolrSearch" endpoint. The flaw was patched by XWiki in versions 15.10.11, 16.4.1, and 16.5.0RC1 released in late February 2025. Evidence shows the vulnerability has been exploited in the wild si

Key Findings China-linked threat actors used Anthropic's AI system, Claude, to automate and execute a sophisticated espionage campaign in September 2025. The cyberspies leveraged advanced "agentic" capabilities of the AI system, allowing it to act autonomously and perform a range of malicious activities with minimal human oversight. The attack targeted about 30 global organizations across tech, finance, chemicals, and government sectors, succeeding in a few cases. This incide

Key Findings Microsoft has made its internal Xbox Game Publishing Guide publicly available, previously accessible only to select partners. This move is expected to significantly lower the barrier for game developers, particularly independent creators, to bring their titles to the Xbox platform. The guide offers a comprehensive breakdown of the entire process required to publish a game within the Xbox ecosystem, covering every stage from pre-production to final release. Backgr

Key Findings: Five individuals have pleaded guilty to assisting North Korea's illicit revenue generation schemes by enabling information technology (IT) worker fraud in violation of international sanctions. The five defendants are Audricus Phagnasay, Jason Salazar, Alexander Paul Travis, Oleksandr Didenko, and Erick Ntekereze Prince. The defendants facilitated the use of stolen U.S. identities by North Korean IT workers to secure jobs at American firms, hosted company-issued

Key Findings North Korean threat actors behind the Contagious Interview campaign have adopted a new tactic of using JSON storage services to host and deliver malware. The campaign involves approaching targets on professional networking sites under the pretext of a job assessment or project collaboration, instructing them to download a demo project hosted on platforms like GitHub, GitLab, or Bitbucket. In one such project, a file named "server/config/.config.env" contains a Ba

Key Findings: Major data leak from Chinese security firm Knownsec (aka Chuangyu) in November 2025, with over 12,000 secret files briefly appearing on GitHub. Leak provided a rare insight into China's government-backed hacking tools and operations. The data theft may have occurred as early as 2023, but the files were taken down quickly. Background Knownsec is a prominent player in China's cybersecurity industry, having received a significant investment from Tencent in 2015 and

Key Findings Cybersecurity researchers have uncovered critical remote code execution vulnerabilities in major AI inference engines, including those from Meta, Nvidia, Microsoft, and open-source projects like vLLM and SGLang. The vulnerabilities stem from the unsafe use of ZeroMQ (ZMQ) and Python's pickle deserialization, a pattern dubbed "ShadowMQ." The root cause is a vulnerability in Meta's Llama large language model (LLM) framework (CVE-2024-50050) that was patched by the

Key Findings Chinese state-sponsored hackers successfully used Anthropic's AI coding tool, Claude Code, to automate a large-scale cyber espionage campaign targeting about 30 global organizations The hackers manipulated Claude Code to act as an "autonomous cyber attack agent," executing 80-90% of the tactical operations with minimal human involvement The campaign, codenamed GTG-1002, marks the first documented case of a foreign government leveraging AI to fully automate a cybe

Key Findings The Washington Post has notified nearly 10,000 current and former employees and contractors about a data breach that exposed their personal and financial information. The breach was linked to a zero-day vulnerability (CVE-2025-61884) in Oracle's E-Business Suite software, which was exploited by the Clop ransomware group between July 10 and August 22, 2025. The stolen data includes names, bank account numbers, routing numbers, Social Security numbers, and tax IDs.

Key Findings A critical vulnerability in Fortinet's FortiWeb Web Application Firewall (WAF) product allows unauthenticated attackers to gain administrative-level access. The flaw has been observed actively exploited in the wild since October 2025. A public Proof-of-Concept (PoC) exploit exists, raising the likelihood of widespread exploitation. Organizations using vulnerable versions of FortiWeb are advised to take emergency remediation steps. Background On October 6, 2025, c

Key Findings Zoho Corporation has released an urgent security advisory addressing a critical severity SQL injection vulnerability affecting Analytics Plus on-premise installations. The vulnerability, tracked as CVE-2025-8324, has a CVSS score of 9.8 and allows unauthenticated remote attackers to execute arbitrary SQL queries. Exploitation of this flaw can lead to unauthorized data exposure and, in severe cases, account takeover. Background Zoho Analytics Plus is a widely used

Key Findings Chrome extension "Safery: Ethereum Wallet" is a malicious extension posing as a legitimate crypto wallet The extension is designed to steal users' Ethereum wallet seed phrases The seed phrases are exfiltrated by encoding them into Sui blockchain transactions Background The malicious extension was uploaded to the Chrome Web Store on September 29, 2025 It is still available for download as of November 12, 2025 The extension is ranked fourth in search results for "E

Key Findings Operation Endgame, a global law enforcement operation, has taken down the core systems of three major online crime groups, including the Rhadamanthys infostealer, the VenomRAT remote control tool, and the Elysium botnet. The operation was coordinated by Europol and Eurojust, with the participation of law enforcement and judicial authorities from 11 countries, including Australia, Belgium, Canada, Denmark, France, Germany, Greece, Lithuania, the Netherlands, the U