ALL POSTS

Key Findings Trend Micro patched three vulnerabilities (CVE-2025-69258, CVE-2025-69259, CVE-2025-69260) in its Apex Central management console. The most severe issue is a LoadLibraryEX remote code execution (RCE) vulnerability tracked as CVE-2025-69258, with a CVSS score of 9.8. The other vulnerabilities are an unchecked NULL return value Denial of Service (DoS) issue (CVE-2025-69259) and a message out-of-bounds read Denial of Service (DoS) flaw (CVE-2025-69260), both with a

Key Findings: Chinese-speaking threat actors leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit toolkit. The toolkit targeted up to 155 ESXi builds and enabled virtual machine (VM) escape via disabled VMCI drivers and unsigned kernel drivers, potentially paving the way for a ransomware attack. The exploit chain included a sophisticated VM escape and appears to have been developed more than a year before the related VMwa

Key Findings The Astaroth banking Trojan is spreading in Brazil through a WhatsApp worm that automatically sends malicious messages to victims' contacts. The malware uses a Python-based propagation module to harvest the victim's WhatsApp contacts and automatically forward infected ZIP files, enabling self-spreading capabilities. A separate banking module operates silently in the background, monitoring the victim's browsing activity and stealing credentials when banking-relate

Key Findings A critical vulnerability (CVE-2026-21858, CVSS score of 10.0) has been discovered in the n8n workflow automation platform, dubbed "Ni8mare" by researchers. The flaw allows unauthenticated attackers to fully compromise affected n8n instances, exposing sensitive data and potentially leading to further system compromise. The vulnerability affects all versions of n8n prior to and including 1.65.0, and it was fixed in n8n version 1.121.0 in November 2025. Background n

Key Findings: Veeam has released security updates to address critical vulnerabilities in its Backup & Replication software, including a flaw with a CVSS score of 9.0 that could allow remote code execution (RCE). The most severe vulnerability, CVE-2025-59470 (CVSS 9.0), enables a Backup or Tape Operator to achieve RCE as the postgres user by sending a malicious interval or order parameter. Three other vulnerabilities, CVE-2025-55125 (CVSS 7.2), CVE-2025-59469 (CVSS 7.2), and C

Key Findings Threat actors are exploiting misconfigured email routing and spoof protection to impersonate organizations' internal domains and distribute phishing emails. These phishing campaigns leverage phishing-as-a-service (PhaaS) platforms like Tycoon 2FA, delivering a variety of lures related to voicemails, shared documents, HR communications, and password resets. The attack vector is not new, but Microsoft has observed a surge in its usage since May 2025, targeting a wi

Key Findings Hackers are actively exploiting a critical remote code execution (RCE) vulnerability, CVE-2026-0625 (CVSS score: 9.3), in legacy D-Link DSL routers. The flaw is an improper neutralization of special elements used in an OS Command, allowing unauthenticated remote attackers to inject and execute arbitrary shell commands. The vulnerable endpoint, dnscfg.cgi, is also associated with unauthenticated DNS modification ("DNSChanger") behavior documented by D-Link. Exploi

Background Fraud has long been perceived as a cost of doing business, a nuisance to be absorbed by banks and consumers. This perception is outdated, as modern fraud blends geopolitics with advanced technical tactics, carried out through criminal proxies to target businesses and the public. Key Findings The global response to fraud has remained piecemeal, reactive, and inadequate, despite it being a global security threat. Industrialized fraud integrates aspects of asymmetric

Key Findings A critical vulnerability (CVSS score 9.8) has been discovered in the Harvester Hyperconverged Infrastructure (HCI) platform. The flaw allows remote attackers to gain unauthorized access to new servers during the installation process using default credentials. Successful exploitation could enable attackers to completely compromise the affected servers and leverage them for further malicious activities. Background Harvester is an open-source HCI solution built on t

Key Findings AccuKnox, a global leader in Zero Trust Cloud-Native Application Protection Platforms (CNAPP), has appointed Connex Information Technologies as its authorized distribution partner across South and Southeast Asia. The partnership aligns AccuKnox with Connex, a global value-added distributor that has steadily expanded its regional footprint since its founding in 2014. Connex operates in 14 countries and supports a network of over 1,500 channel partners across its g

Key Findings The Kimwolf Android botnet has infected over 2 million devices, primarily through the exploitation of residential proxy networks. The botnet primarily targets low-cost, unofficial Android TV boxes that are left insecure or intentionally configured as proxy nodes. Kimwolf is believed to be an Android variant of the AISURU botnet, with connections to a series of record-setting DDoS attacks. The botnet uses a scanning infrastructure that leverages residential proxie

Key Findings Ilya Lichtenstein, the cybercriminal behind the 2016 Bitfinex hack, has been released from prison early thanks to the 2018 First Step Act signed by former President Donald Trump. Lichtenstein was sentenced to 5 years in prison in November 2024 for his role in a money laundering conspiracy related to the Bitfinex hack, where he stole approximately 120,000 bitcoins. The First Step Act allows inmates to earn credits for good behavior and rehabilitation, potentially

Key Findings President Trump ordered the divestment of a $2.9 million chips deal between U.S. firm Emcore and Chinese-linked company HieFo Corp. Trump cited national security risks tied to HieFo's control of Emcore's chip technology and its links to China. The deal was initially approved in 2024 but later blocked in 2026 after a government review. The blocked technology includes indium phosphide wafers used for advanced internet, laser, and military applications. The move is

Key Findings Cybersecurity firm Resecurity responded to claims made by hacking group ShinyHunters that they had breached the company's internal systems. Resecurity says the attackers were interacting with a honeypot, not their real infrastructure. The honeypot included synthetic employee accounts, fake apps, and isolated infrastructure unrelated to Resecurity's real operations or customers. Resecurity claims no actual client data, passwords, or operational systems were affect

Key Findings Cybersecurity researchers have uncovered a phishing campaign that abuses Google Cloud Application Integration to send emails impersonating legitimate Google messages. The campaign used layered redirection, trusted cloud services, user validation checks, and brand impersonation to evade detection and increase phishing success. Over a two-week period, the researchers observed nearly 9,400 phishing emails targeting approximately 3,200 customers across various indust

Key Findings IBM disclosed a critical vulnerability (CVE-2025-13915) in its API Connect product that allows remote attackers to bypass authentication and gain unauthorized access. The vulnerability has a CVSS score of 9.8, indicating a severe and high-risk flaw. The issue affects versions 10.0.8.0 through 10.0.8.5 and 10.0.11.0 of IBM API Connect. Background IBM API Connect is an end-to-end API management solution used by organizations to create, test, manage, and secure APIs

Key Findings The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the MongoDB vulnerability CVE-2025-14847, known as "MongoBleed," to its Known Exploited Vulnerabilities (KEV) Catalog. The vulnerability, with a CVSS score of 8.7, allows unauthenticated, remote attackers to execute arbitrary code on vulnerable MongoDB servers. Over 87,000 potentially vulnerable MongoDB instances have been identified worldwide, primarily located in the U.S., China, Germany

Key Findings Vulnerability CVE-2025-54322 in XSpeeder networking devices allows for remote root access without a password. The vulnerability earned a perfect 10.0 (Critical) CVSS score, the highest possible threat rating. The vulnerability was discovered by the research firm pwn.ai using its proprietary AI tool. Over 70,000 XSpeeder devices are currently exposed online due to this vulnerability. Despite the research team's 7-month effort to notify the vendor, XSpeeder has not

Key Findings Autonomous AI agents discovered a critical, unpatched vulnerability (CVE-2025-54322) in networking gear manufactured by Xspeeder, a Chinese vendor known for routers and SD-WAN appliances. The vulnerability is a pre-authentication Remote Code Execution (RCE) flaw with a CVSS score of 10. This is the first remotely exploitable zero-day vulnerability discovered by an automated AI platform, according to the report. The vulnerable firmware, SXZOS, powers Xspeeder's SD

Key Findings: A critical security flaw (CVE-2025-68664) has been disclosed in LangChain Core that could enable attackers to steal sensitive secrets and influence large language model (LLM) responses through prompt injection. The vulnerability, tracked as CVE-2025-68664, carries a CVSS score of 9.3 out of 10.0. The vulnerability is caused by a serialization injection issue in the `dumps()` and `dumpd()` functions of LangChain, which fail to properly escape dictionaries with "l