ALL POSTS

Key Findings China-nexus threat actor APT24 (also called Pitty Tiger) has been using a previously undocumented malware called BADAUDIO in a nearly 3-year espionage campaign. The campaign has targeted organizations in Taiwan, leveraging tactics like strategic website compromises, supply chain attacks, and targeted phishing. BADAUDIO is a highly obfuscated C++ malware that serves as a first-stage downloader, capable of fetching and executing encrypted payloads from command-and-

Key Findings: Google has updated its Android Quick Share file transfer service to work natively with Apple's AirDrop on Pixel 10 devices. The cross-platform compatibility is achieved through Google's own implementation, not official collaboration with Apple. The communication channel is built using the memory-safe Rust programming language to enhance security and prevent vulnerabilities. Independent security assessment by NetSPI found the Quick Share AirDrop implementation to

Key Findings Salesforce has revoked all access tokens associated with Gainsight integrations and removed the affected apps from the AppExchange. The incident may have enabled unauthorized access to certain Salesforce customers' data through the Gainsight app's connection. Salesforce confirmed the issue is not due to any vulnerability in the Salesforce platform, but is related to the external connection to Salesforce. Gainsight acknowledged disruptions to features that rely on

Key Findings The U.S. Securities and Exchange Commission (SEC) has abandoned its lawsuit against SolarWinds and its chief information security officer Timothy G. Brown. The SEC alleged in 2023 that SolarWinds and Brown had misled investors about the security practices that led to the 2020 supply chain attack, which was attributed to a Russian state-sponsored threat actor. However, in July 2024, many of these allegations were thrown out by the U.S. District Court for the South

Key Findings Sturnus is a new Android banking trojan with full device-takeover capabilities It targets secure messaging apps like WhatsApp, Telegram, and Signal to bypass encryption and steal sensitive data Sturnus employs sophisticated techniques like HTML overlays and accessibility-based keylogging to capture on-screen content, including messages, contacts, and credentials The malware enables remote control of infected devices through screen mirroring and a structured UI ma

Key Findings New Android banking trojan called Sturnus enables credential theft and full device takeover for financial fraud Key differentiator is ability to bypass encrypted messaging on apps like WhatsApp, Telegram, and Signal Captures content directly from device screen after decryption, allowing monitoring of private communications Stages overlay attacks to steal banking credentials and leverages accessibility services for extensive device control Blocks uninstallation at

Key Findings The U.S. Treasury Department, along with officials from the U.K. and Australia, imposed sanctions on two Russian bulletproof hosting providers and their key personnel. The targeted providers, Media Land and its subsidiaries, are accused of supporting ransomware operations and other cybercrime activities. The sanctions also targeted individuals and companies that helped the previously sanctioned Aeza Group evade sanctions and reconstitute their operations. Cybercr

Key Findings Nation-states are increasingly using cyber operations to enable and amplify the impact of kinetic military operations The boundaries between cyberattacks and physical, real-world attacks are blurring quickly Cyber-enabled kinetic targeting employs advanced tactics like compromising CCTV systems, maritime platforms, and accessing real-time data streams This represents a fundamental evolution in warfare, where the traditional boundaries between cyber and kinetic op

Key Findings A recently disclosed security vulnerability in 7-Zip, CVE-2025-11001 (CVSS score: 7.0), is being actively exploited in the wild. The vulnerability allows remote attackers to execute arbitrary code by exploiting improper handling of symbolic links in ZIP files. Proof-of-concept (PoC) exploits for the flaw have been publicly released, making it essential for 7-Zip users to update to the patched version 25.00 as soon as possible. The vulnerability can only be exploi

Key Findings Eurofiber France disclosed a data breach of its ticket management platform in November 2025 The breach resulted in the exposure of 10,003 unique email addresses, and a smaller number of names and phone numbers A threat actor claiming responsibility for the breach alleges to have additional, more sensitive data including screenshots, VPN configuration files, credentials, source code, certificates, archives, and SQL backup files Background In November 2025, Eurofib

Key Findings In Q3 2025, Kaspersky Security Network prevented 47 million attacks involving mobile malware, adware, or unwanted software. Trojans were the most widespread mobile malware, affecting 15.78% of attacked users. Over 197,000 malicious installation packages were discovered, including 52,723 associated with mobile banking Trojans and 1,564 identified as mobile ransomware. Background The Kaspersky Security Network (KSN) is a global network for analyzing anonymized thre

Key Findings Comet Browser has implemented a hidden MCP API (chrome.perplexity.mcp.addStdioServer) that allows its embedded extensions to execute arbitrary local commands on users' devices, a capability that traditional browsers explicitly prohibit. The MCP API is currently found in the Agentic extension and can be triggered by the perplexity.ai page, creating a covert channel for Comet to access local data and launch commands/apps without user consent. There is limited offic

Key Findings: Seraphic, the leader in enterprise browser security (SEB) and AI enablement, announced native protection for Electron-based applications. Seraphic is the first and only browser security platform to introduce this capability. Seraphic's technology operates at the core of the browser, enabling it to secure any AI-powered browser and Electron app. Background Seraphic transforms any traditional or AI browser into a secure enterprise browser, delivering real-time pro

Key Findings CredShields, a leading Web3 security firm, has partnered with Checkmarx, the global leader in agentic AI-powered application security testing. The collaboration aims to bring Web3 security expertise to Checkmarx's enterprise application security platform, addressing the growing need for decentralized security solutions. The partnership will focus on comprehensive security coverage for decentralized applications, smart contracts, and wallets, as well as AI-assiste

Key Findings Seven npm packages published by a threat actor using the alias "dino_reborn" were found to be part of a highly coordinated malware campaign The packages use Adspect-powered cloaking, anti-analysis JavaScript, and fake CAPTCHA interfaces to funnel unsuspecting victims toward malicious payloads while hiding their activity from security researchers The threat actor built an entire fake website to serve security researchers while real victims are redirected through a

Key Findings: Flowise, a popular open-source low-code workflow platform, contains a critical vulnerability allowing unauthenticated remote admin takeover. The vulnerability is due to an exposed registration endpoint that can be exploited to gain full administrative control of the Flowise instance. No authentication is required to leverage this flaw, making it trivial for attackers to gain complete control of affected systems. The vulnerability has been assigned the CVE identi

Key Findings: Cloudflare, a major web infrastructure company that handles an estimated 20% of global web traffic, experienced a service disruption on November 18, 2025. The disruption caused errors and inaccessibility for a wide range of websites and online services, including Hackread.com, Canva, Uber, IKEA, Shopify, League of Legends, DoorDash, Discord, Patreon, Medium, Crunchyroll, GitLab, Udemy, and popular AI tools like ChatGPT. The root cause was a latent bug triggered

Key Findings The cybercriminal supply chain continues to transform, with new specialized roles emerging to enable cybercrime at scale. Threat actor communities will fragment, evolve, and get younger, with an influx of teen cybercriminals using plug-and-play attack kits. The non-human identity (NHI) explosion will fuel hidden risks, as machine credentials proliferate across cloud environments with less protection than human-based credentials. Insider threats will be fueled by

Key Findings Microsoft disclosed that it automatically detected and mitigated a 15.72 Tbps DDoS attack, the largest ever observed in the cloud, targeting a single endpoint in Australia. The attack originated from the AISURU botnet, a Mirai-class IoT botnet powered by nearly 300,000 infected devices, mainly routers, security cameras, and DVR systems. The attack involved massive UDP floods from over 500,000 source IPs across various regions, with minimal spoofing and random sou

Key Findings Google released security updates for Chrome to address two security flaws, including one that is being actively exploited in the wild. The actively exploited vulnerability is CVE-2025-13223, a type confusion vulnerability in the V8 JavaScript and WebAssembly engine that could lead to arbitrary code execution or program crashes. Clément Lecigne of Google's Threat Analysis Group (TAG) discovered and reported the flaw on November 12, 2025. Google has not provided de