ALL POSTS

Key Findings A critical security vulnerability (CVE-2025-68613) with a CVSS score of 9.9 has been discovered in the n8n workflow automation platform. The flaw could enable arbitrary code execution under certain circumstances, potentially leading to a full compromise of the affected instances. The vulnerability affects all versions of n8n from 0.211.0 and below 1.120.4, and has been patched in versions 1.120.4, 1.121.1, and 1.122.0. According to Censys, there are 103,476 poten

Key Findings: A malicious npm package named "lotusbail" has been discovered that poses as a functional WhatsApp API, but actually steals users' messages, contacts, and login tokens. The package has been downloaded over 56,000 times since it was first uploaded in May 2025. The package is designed to capture authentication tokens, session keys, message history, contact lists, media files, and documents, and transmit the stolen data to an attacker-controlled server. The package

Key Findings The Kimwolf Android botnet has infected over 1.8 million devices globally, primarily targeting TV boxes It uses advanced techniques like DNS over TLS, elliptic curve digital signatures, and blockchain domains to evade detection The botnet is capable of massive DDoS attacks, issuing over 1.7 billion commands in a three-day period Kimwolf shares code with the Aisuru botnet family but has been heavily redesigned to avoid detection Background The Kimwolf botnet was f

Key Findings Iranian APT group Infy (aka Prince of Persia) has resurfaced with new malware campaigns after nearly 5 years of dormancy The scale of Infy's current activity is significantly larger than previously assessed The group has targeted victims across Iran, Iraq, Turkey, India, Canada, and parts of Europe Infy's malware arsenal includes updated versions of the Foudre downloader and Tonnerre implant Attack chains have evolved from macro-laced documents to embedded execut

Key Findings: Artem Aleksandrovych Stryzhak, a 35-year-old Ukrainian national, pleaded guilty to multiple crimes stemming from his involvement in a string of ransomware attacks targeting U.S. and Europe-based organizations from mid 2018 to late 2021. Stryzhak faces up to 10 years in jail for conspiracy to commit fraud, including extortion. Authorities are still looking for Stryzhak's alleged co-conspirator Volodymyr Tymoshchuk and announced a $11 million reward for informatio

Key Findings: A massive network of compromised YouTube accounts is being weaponized to spread a sophisticated new threat, turning the popular video platform into a launchpad for data theft. The campaign, dubbed the "YouTube Ghost Network," leverages malicious videos promoting "cracked" software, trainers, or cheats to lure users into downloading a new, heavily obfuscated JavaScript malware loader called GachiLoader. GachiLoader is written in Node.js and deploys a second-stage

Key Findings A fundamental vulnerability in the UEFI firmware implementations of certain motherboards from ASRock, ASUS, GIGABYTE, and MSI allows attackers with physical access to bypass operating system security controls. The flaw, which is tracked as CVE-2025-14304, CVE-2025-11901, CVE-2025-14302, and CVE-2025-14303, stems from a discrepancy between what the firmware reports and what it actually does in terms of enabling the Input-Output Memory Management Unit (IOMMU). Desp

Key Findings: Russian state-sponsored threat actors linked to the GRU are increasingly breaching critical infrastructure networks by exploiting basic configuration mistakes rather than software vulnerabilities. The campaign has targeted energy providers and other critical infrastructure organizations across North America and Europe since at least 2021. The attackers focused on enterprise routers, VPN gateways, and network management appliances with exposed or poorly secured m

Key Findings The original founder of the BreachForums hacking forum has been arrested and sentenced to prison. Numerous reincarnations of BreachForums have continued to surface, despite several being shut down. Users who had previously registered on BreachForums recently received emails claiming the forum had reopened. The emails were sent from the domain pppj-sdpj92-ger2@interieur.gouv.fr, which belongs to the French Ministry of the Interior. This incident coincides with a r

Key Findings DDoS attacks will increasingly be used as diversion tactics to draw attention away from more damaging activities API-first architectures will increase exposure to misconfigurations and business logic abuse Integrated WAAP platforms will overtake fragmented web security architectures AI-driven DDoS mitigation will become essential against hyper-scale attacks Regulatory pressure will intensify as cybersecurity oversight expands across Europe Background Cybersecurit

Key Findings Threat actors have begun exploiting two newly disclosed security flaws in Fortinet FortiGate devices, less than a week after public disclosure. The attacks exploit two critical authentication bypasses (CVE-2025-59718 and CVE-2025-59719, CVSS scores: 9.8). The vulnerabilities allow unauthenticated bypass of SSO login authentication via crafted SAML messages if the FortiCloud SSO feature is enabled. Fortinet has released patches for the flaws in FortiOS, FortiWeb,

Key Findings In August 2025, Kaspersky researchers discovered a new Android banking Trojan dubbed "Frogblight" targeting individuals in Turkey. The malware initially disguised itself as an app for accessing court case files via an official government webpage, but later adopted more universal disguises like the Chrome browser. Frogblight can use official government websites as an intermediary step to steal banking credentials and has spyware capabilities to collect SMS message

Key Findings A 16TB unsecured MongoDB database exposed about 4.3 billion professional records, mainly LinkedIn-style data The database was discovered by researchers Bob Diachenko and nexos.ai on November 23, 2025 and secured two days later The database contained 9 collections with at least 3 exposing nearly 2 billion personal records including names, emails, phone numbers, LinkedIn links, job roles, employers, work history, education, locations, skills, languages, and social

Key Findings The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2025-14174: Google Chromium Out-of-Bounds Memory Access Vulnerability CVE-2018-4063: Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability Background CVE-2025-14174 is an out-of-bounds memory access flaw in the ANGLE graphics library of Google Chrome on Mac, which can be expl

Key Findings React2Shell (CVE-2025-55182), a critical vulnerability in React Server Components, was disclosed on December 3, 2025, carrying a maximum CVSS score of 10.0 and enabling unauthenticated remote code execution. Shortly after disclosure, the Google Threat Intelligence Group (GTIG) observed widespread exploitation across various threat actor groups, ranging from opportunistic cybercriminals to suspected espionage groups. Several distinct campaigns were identified, inc

Key Findings CVE-2025-55184 (CVSS 7.5) - A pre-authentication denial of service vulnerability in React Server Components (RSC) that can trigger an infinite loop and hang the server process CVE-2025-67779 (CVSS 7.5) - An incomplete fix for CVE-2025-55184 with the same impact CVE-2025-55183 (CVSS 5.3) - An information leak vulnerability that may expose the source code of a vulnerable Server Function Background The React team has released fixes for three new vulnerabilities in R

Key Findings The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the widely used OSGeo GeoServer software to its Known Exploited Vulnerabilities (KEV) Catalog. The flaw, tracked as CVE-2025-58360, is an XML External Entity (XXE) vulnerability that attackers are actively exploiting to breach networks and steal sensitive data. The vulnerability lies within GeoServer's handling of XML input, allowing attackers to define e

Key Findings Google addressed three vulnerabilities in the Chrome browser, including a high-severity bug already exploited in the wild. Google tracked the high-severity vulnerability as Chromium issue 466192044, but did not share technical details. The bug lies in the ANGLE graphics library, where buffer sizes were incorrectly calculated, leading to memory corruption, crashes, or potentially arbitrary code execution. Google also fixed two medium-severity flaws: a use-after-fr

Key Findings: 90% of organizations are facing critical skills gaps (ISC2) AI is reshaping job roles across cybersecurity, cloud, and IT operations Enterprises are rapidly reallocating L&D budgets toward hands-on training that delivers measurable, real-world performance INE is uniquely positioned to support this shift, helping organizations invest their end-of-year budgets in scalable labs, simulations, and immersive learning experiences Background As AI accelerates job transf

Key Findings A critical vulnerability (CVE-2025-59718, CVE-2025-59719) in Fortinet's FortiCloud Single Sign-On (SSO) feature allows unauthenticated attackers to bypass authentication and gain administrative access to affected devices. The vulnerability, which has a CVSS score of 9.1, stems from improper verification of cryptographic signatures (CWE-347) in the FortiCloud SSO SAML implementation. Affected products include FortiOS, FortiWeb, FortiProxy, and FortiSwitch Manager.