ALL POSTS

Key Findings Fortinet reported active exploitation of a five-year-old security vulnerability, CVE-2020-12812 (CVSS score: 5.2), in FortiOS SSL VPN. The vulnerability is an improper authentication flaw that may allow users to bypass two-factor authentication (2FA) by changing the case of the username, enabling successful login without being prompted for the second authentication factor. The issue occurs when FortiGate has local 2FA users linked to LDAP, the same users belong t

Key Findings The fraudulent investment scheme known as Nomani has witnessed a 62% increase, according to ESET. Nomani campaigns have expanded beyond Facebook to include other social media platforms, such as YouTube. ESET blocked over 64,000 unique URLs associated with the Nomani threat this year, with the majority of detections originating from Czechia, Japan, Slovakia, Spain, and Poland. Nomani leverages social media malvertising, company-branded posts, and AI-powered video

Key Findings A new variant of the MacSync Stealer malware has been discovered, which uses a digitally signed and notarized Swift application to bypass macOS Gatekeeper security checks. The malicious application is distributed via a disk image (DMG) named "zk-call-messenger-installer-3.9.2-lts.dmg" hosted on the "zkcall[.]net/download" website. The application is code-signed and successfully notarized by Apple, giving it a veneer of legitimacy and allowing it to run on macOS w

Key Findings Italy's antitrust authority (AGCM) fined Apple €98.6 million for abusing its dominant position in the App Store market through its App Tracking Transparency (ATT) framework. The AGCM found that Apple's ATT policy, which requires a double consent prompt for developers to access user data for advertising, is disproportionate and limits competition. Apple's own apps and services can obtain user consent for data collection and personalized ads in a single tap, giving

Key Findings: Two malicious Google Chrome extensions named "Phantom Shuttle" have been discovered secretly stealing user credentials from over 170 websites. The extensions are advertised as a "multi-location network speed test plug-in" for developers and foreign trade personnel. The extensions execute complete traffic interception, operate as man-in-the-middle proxies, and continuously exfiltrate user data to a command-and-control server. Once users make a subscription paymen

Key Findings NVIDIA has issued a critical security update for its Isaac Launchable software, patching three vulnerabilities with a CVSS score of 9.8. The most severe flaw, CVE-2025-33222, involves hard-coded credentials that allow attackers to bypass authentication and gain complete control of affected systems. The remaining two vulnerabilities, CVE-2025-33223 and CVE-2025-33224, stem from improper privilege management, enabling attackers to execute code with elevated permiss

Key Findings The U.S. Justice Department (DoJ) seized the domain web3adspanels[.]org, which was used as a backend web panel to host and manipulate illegally harvested bank login credentials. The criminal group behind the scheme used fraudulent advertisements on search engines like Google and Bing to redirect users to fake bank websites, where their login credentials were harvested through malicious software. The stolen credentials were then used by the criminals to access vic

Key Findings A critical security vulnerability (CVE-2025-68613) with a CVSS score of 9.9 has been discovered in the n8n workflow automation platform. The flaw could enable arbitrary code execution under certain circumstances, potentially leading to a full compromise of the affected instances. The vulnerability affects all versions of n8n from 0.211.0 and below 1.120.4, and has been patched in versions 1.120.4, 1.121.1, and 1.122.0. According to Censys, there are 103,476 poten

Key Findings: A malicious npm package named "lotusbail" has been discovered that poses as a functional WhatsApp API, but actually steals users' messages, contacts, and login tokens. The package has been downloaded over 56,000 times since it was first uploaded in May 2025. The package is designed to capture authentication tokens, session keys, message history, contact lists, media files, and documents, and transmit the stolen data to an attacker-controlled server. The package

Key Findings The Kimwolf Android botnet has infected over 1.8 million devices globally, primarily targeting TV boxes It uses advanced techniques like DNS over TLS, elliptic curve digital signatures, and blockchain domains to evade detection The botnet is capable of massive DDoS attacks, issuing over 1.7 billion commands in a three-day period Kimwolf shares code with the Aisuru botnet family but has been heavily redesigned to avoid detection Background The Kimwolf botnet was f

Key Findings Zahid Hasan, a 29-year-old Bangladeshi national, has been indicted on a nine-count federal charge for operating a sophisticated network of websites selling digital templates for fake government documents, including U.S. passports and Montana driver's licenses. Hasan allegedly ran businesses like Techtreek.com, Egiftcardstorebd.com, and Idtempl.com from 2021 to 2025, selling these templates to over 1,400 customers worldwide and generating over $2.9 million in reve

Key Findings Iranian APT group Infy (aka Prince of Persia) has resurfaced with new malware campaigns after nearly 5 years of dormancy The scale of Infy's current activity is significantly larger than previously assessed The group has targeted victims across Iran, Iraq, Turkey, India, Canada, and parts of Europe Infy's malware arsenal includes updated versions of the Foudre downloader and Tonnerre implant Attack chains have evolved from macro-laced documents to embedded execut

Key Findings The U.S. Department of Justice has indicted 54 individuals over a multi-million-dollar ATM jackpotting fraud scheme. The crimes are linked to the cybercrime group Tren de Aragua (TdA), including charges of fraud, money laundering, and material support to a terrorist organization. ATM jackpotting is a type of cyber-enabled bank robbery where criminals infect an ATM with malware or use physical access to force it to dispense cash. The conspiracy used a malware stra

Key Findings A Russia-aligned threat group, tracked as UNK_AcademicFlare, has been conducting phishing campaigns that abuse Microsoft 365 device code authentication workflows to steal victims' credentials and take over accounts. The attacks, ongoing since September 2025, target government, military, think tanks, higher education, and transportation sectors in the U.S. and Europe. The adversary uses compromised email addresses belonging to government and military organizations

Key Findings: Artem Aleksandrovych Stryzhak, a 35-year-old Ukrainian national, pleaded guilty to multiple crimes stemming from his involvement in a string of ransomware attacks targeting U.S. and Europe-based organizations from mid 2018 to late 2021. Stryzhak faces up to 10 years in jail for conspiracy to commit fraud, including extortion. Authorities are still looking for Stryzhak's alleged co-conspirator Volodymyr Tymoshchuk and announced a $11 million reward for informatio

Key Findings: A massive network of compromised YouTube accounts is being weaponized to spread a sophisticated new threat, turning the popular video platform into a launchpad for data theft. The campaign, dubbed the "YouTube Ghost Network," leverages malicious videos promoting "cracked" software, trainers, or cheats to lure users into downloading a new, heavily obfuscated JavaScript malware loader called GachiLoader. GachiLoader is written in Node.js and deploys a second-stage

Key Findings Criminal IP, an AI-powered threat intelligence and attack surface monitoring platform, has officially integrated with Palo Alto Networks' Cortex XSOAR. The integration embeds real-time external threat context, exposure intelligence, and automated multi-stage scanning directly into Cortex XSOAR's orchestration engine. This integration enhances security teams' incident response capabilities by providing higher incident accuracy and faster response compared to conve

Key Findings A fundamental vulnerability in the UEFI firmware implementations of certain motherboards from ASRock, ASUS, GIGABYTE, and MSI allows attackers with physical access to bypass operating system security controls. The flaw, which is tracked as CVE-2025-14304, CVE-2025-11901, CVE-2025-14302, and CVE-2025-14303, stems from a discrepancy between what the firmware reports and what it actually does in terms of enabling the Input-Output Memory Management Unit (IOMMU). Desp

Key Findings HPE has disclosed a critical vulnerability (CVE-2025-37164) in its OneView infrastructure management software with a CVSS score of 10.0 The flaw allows unauthenticated remote code execution, enabling attackers to take full control of affected systems It impacts all versions of OneView prior to version 11.00 HPE has released an urgent patch to address the vulnerability and is advising customers to update as soon as possible For older OneView versions (5.20 to 10.2

Key Findings INE Security, a global leader in cybersecurity and IT training, has announced significant expansion across the Middle East and Asia. The company's hands-on training approach is proving to be a cost-effective solution for upskilling cybersecurity professionals in high-growth markets, including the Kingdom of Saudi Arabia (KSA), the United Arab Emirates (UAE), and Egypt. The demand for high-quality, practical cybersecurity training has surged as these nations prior