ALL POSTS

Here is the article with the key findings in bullet point format, the background as the first major point, and the headers formatted with ##: Key Findings Threat actors uploaded 8 malicious packages on the npm registry masquerading as n8n workflow automation integrations to steal OAuth credentials One such package, "n8n-nodes-hfgjf-irtuinvcm-lasdqewriit", mimicked a Google Ads integration and prompted users to link their advertising account to siphon the credentials This atta

Here is an article in the requested format: Key Findings Cybersecurity researchers have uncovered two service providers that supply online criminal networks with tools and infrastructure to fuel the pig butchering-as-a-service (PBaaS) economy. Since 2016, Chinese-speaking criminal groups have established industrial-scale scam centers across Southeast Asia, creating special economic zones devoted to fraudulent investment and impersonation operations. These compounds host thous

Key Findings: Aaron Swartz's life, work, and ideals continue to shape the internet, digital rights, and the concept of knowledge as a public good. Swartz believed that access to knowledge was a fundamental right and challenged the monopolization of information by academic publishers and institutions. His decision to download and share academic papers was an act of civil disobedience, which led to aggressive government prosecution and his tragic death at the age of 26. Swartz'

Key Findings A new vulnerability, CVE-2025-68493, has been discovered in the Apache Struts 2 web application framework. The flaw, which affects multiple versions of Struts 2, allows for XML External Entity (XXE) injection attacks. The vulnerability can lead to data disclosure, denial of service, and server-side request forgery (SSRF). The issue stems from improper validation of XML configurations in the XWork component of Struts 2. Background Apache Struts 2 is a popular open

Europol Raids Disrupt Black Axe Cybercrime Ring in Spain Key Findings: International law enforcement agencies have dealt a major blow to the criminal network known as Black Axe. 34 people were arrested across Spain, with the majority in Seville. Black Axe is a large, organized criminal group originating in West Africa, with an estimated 30,000 members worldwide. The group is known for online fraud schemes, including romance scams, phishing, and business email compromise (BEC)

Key Findings The FBI warns that the North Korea-linked advanced persistent threat (APT) group Kimsuky is targeting governments, think tanks, and academic institutions with "quishing" attacks. Quishing is a social engineering attack that uses malicious QR codes to trick victims into visiting fake websites or downloading malware. Kimsuky has conducted spear-phishing campaigns using QR codes that impersonate trusted figures like foreign advisors, embassy staff, and think tank em

Key Findings: A massive data breach has exposed the personal information of about 17.5 million Instagram users. The exposed data includes usernames, physical addresses, phone numbers, and email addresses. Cybercriminals have stolen this sensitive information and are selling it in batches on dark web forums. Affected users have reported receiving password reset emails, raising concerns about ongoing phishing attempts. Security experts warn this breach poses serious privacy and

Key Findings Meta has secured up to 6.6 GW of nuclear power through landmark deals with Vistra, TerraPower, and Oklo to fuel its growing AI infrastructure and the "Prometheus" supercomputing cluster in Ohio. The collaboration with TerraPower involves financing the construction of two sodium-cooled reactors utilizing proprietary "Natrium" technology, providing 690 MW initially, with plans to expand to 2.1 GW by 2035. Meta has also entered an agreement with Oklo, a startup back

Key Findings Iran has imposed a nationwide internet blackout amid widespread protests, severely restricting global connectivity. However, a limited surge of traffic was detected from select Iranian academic institutions, suggesting potential "whitelisting" tests. The fluctuations in connectivity for these academic networks indicate a strategic assessment of restricting global access to a limited elite. Tehran accounted for the majority of the observed academic traffic, likely

Key Findings Russian state-sponsored threat group APT28 (aka BlueDelta) linked to a fresh wave of credential harvesting attacks Targeting individuals associated with a Turkish energy and nuclear research agency, a European think tank, and organizations in North Macedonia and Uzbekistan Campaign leverages sophisticated phishing techniques to compromise accounts and steal user credentials Background APT28 is associated with the Main Directorate of the General Staff of the Armed

Key Findings Trend Micro patched three vulnerabilities (CVE-2025-69258, CVE-2025-69259, CVE-2025-69260) in its Apex Central management console. The most severe issue is a LoadLibraryEX remote code execution (RCE) vulnerability tracked as CVE-2025-69258, with a CVSS score of 9.8. The other vulnerabilities are an unchecked NULL return value Denial of Service (DoS) issue (CVE-2025-69259) and a message out-of-bounds read Denial of Service (DoS) flaw (CVE-2025-69260), both with a

Key Findings: Chinese-speaking threat actors leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit toolkit. The toolkit targeted up to 155 ESXi builds and enabled virtual machine (VM) escape via disabled VMCI drivers and unsigned kernel drivers, potentially paving the way for a ransomware attack. The exploit chain included a sophisticated VM escape and appears to have been developed more than a year before the related VMwa

Key Findings China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe UAT-7290 primarily targets telecom providers, conducting espionage by deeply embedding in victim networks and operating Operational Relay Box (ORB) infrastructure The threat actor uses a broad toolset, including open-source tools, custom malware, and one-day exploits against edge networking devices Attacks are preceded by extensive

Key Findings Researchers from Zscaler ThreatLabz discovered three malicious npm packages that deliver a new Remote Access Trojan (RAT) called NodeCordRAT. The packages - bitcoin-main-lib, bitcoin-lib-js, and bip40 - were designed to mimic legitimate tools from the bitcoinjs project, tricking developers into installing them. NodeCordRAT uses Discord as a command-and-control (C2) channel, blending its malicious traffic with legitimate user activity to evade detection. The malwa

Key Findings: CISA has added two security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2009-0556: A code injection flaw in Microsoft Office PowerPoint that allows remote code execution CVE-2025-37164: A code injection vulnerability in HPE OneView that allows remote unauthenticated code execution Background CVE-2009-0556 is a memory corruption vulnerability in legacy Microsoft PowerPoint that was exploited in the wild in April 2009. It affects Powe

Key Findings The Astaroth banking Trojan is spreading in Brazil through a WhatsApp worm that automatically sends malicious messages to victims' contacts. The malware uses a Python-based propagation module to harvest the victim's WhatsApp contacts and automatically forward infected ZIP files, enabling self-spreading capabilities. A separate banking module operates silently in the background, monitoring the victim's browsing activity and stealing credentials when banking-relate

Key Findings: Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). The vulnerability, tracked as CVE-2026-20029 (CVSS score: 4.9), resides in the licensing feature and could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. The vulnerability is due to improper parsing of XML that is processed by the web-based management

Key Findings A critical vulnerability (CVE-2026-21858, CVSS score of 10.0) has been discovered in the n8n workflow automation platform, dubbed "Ni8mare" by researchers. The flaw allows unauthenticated attackers to fully compromise affected n8n instances, exposing sensitive data and potentially leading to further system compromise. The vulnerability affects all versions of n8n prior to and including 1.65.0, and it was fixed in n8n version 1.121.0 in November 2025. Background n

Key Findings: Veeam has released security updates to address critical vulnerabilities in its Backup & Replication software, including a flaw with a CVSS score of 9.0 that could allow remote code execution (RCE). The most severe vulnerability, CVE-2025-59470 (CVSS 9.0), enables a Backup or Tape Operator to achieve RCE as the postgres user by sending a malicious interval or order parameter. Three other vulnerabilities, CVE-2025-55125 (CVSS 7.2), CVE-2025-59469 (CVSS 7.2), and C

Key Findings Threat actors are exploiting misconfigured email routing and spoof protection to impersonate organizations' internal domains and distribute phishing emails. These phishing campaigns leverage phishing-as-a-service (PhaaS) platforms like Tycoon 2FA, delivering a variety of lures related to voicemails, shared documents, HR communications, and password resets. The attack vector is not new, but Microsoft has observed a surge in its usage since May 2025, targeting a wi