ALL POSTS

Key Findings The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw in Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2023-52163, has a CVSS score of 8.8 and allows post-authentication remote code execution through a case of command injection. CISA cited evidence of active exploitation of the flaw by threat actors to deliver botnets like Mirai and S

Key Findings Fortinet reported active exploitation of a five-year-old security vulnerability, CVE-2020-12812 (CVSS score: 5.2), in FortiOS SSL VPN. The vulnerability is an improper authentication flaw that may allow users to bypass two-factor authentication (2FA) by changing the case of the username, enabling successful login without being prompted for the second authentication factor. The issue occurs when FortiGate has local 2FA users linked to LDAP, the same users belong t

Key Findings The fraudulent investment scheme known as Nomani has witnessed a 62% increase, according to ESET. Nomani campaigns have expanded beyond Facebook to include other social media platforms, such as YouTube. ESET blocked over 64,000 unique URLs associated with the Nomani threat this year, with the majority of detections originating from Czechia, Japan, Slovakia, Spain, and Poland. Nomani leverages social media malvertising, company-branded posts, and AI-powered video

Key Findings A new variant of the MacSync Stealer malware has been discovered, which uses a digitally signed and notarized Swift application to bypass macOS Gatekeeper security checks. The malicious application is distributed via a disk image (DMG) named "zk-call-messenger-installer-3.9.2-lts.dmg" hosted on the "zkcall[.]net/download" website. The application is code-signed and successfully notarized by Apple, giving it a veneer of legitimacy and allowing it to run on macOS w

Key Findings: Two malicious Google Chrome extensions named "Phantom Shuttle" have been discovered secretly stealing user credentials from over 170 websites. The extensions are advertised as a "multi-location network speed test plug-in" for developers and foreign trade personnel. The extensions execute complete traffic interception, operate as man-in-the-middle proxies, and continuously exfiltrate user data to a command-and-control server. Once users make a subscription paymen

Key Findings NVIDIA has issued a critical security update for its Isaac Launchable software, patching three vulnerabilities with a CVSS score of 9.8. The most severe flaw, CVE-2025-33222, involves hard-coded credentials that allow attackers to bypass authentication and gain complete control of affected systems. The remaining two vulnerabilities, CVE-2025-33223 and CVE-2025-33224, stem from improper privilege management, enabling attackers to execute code with elevated permiss

Key Findings A critical security vulnerability (CVE-2025-68613) with a CVSS score of 9.9 has been discovered in the n8n workflow automation platform. The flaw could enable arbitrary code execution under certain circumstances, potentially leading to a full compromise of the affected instances. The vulnerability affects all versions of n8n from 0.211.0 and below 1.120.4, and has been patched in versions 1.120.4, 1.121.1, and 1.122.0. According to Censys, there are 103,476 poten

Key Findings: A malicious npm package named "lotusbail" has been discovered that poses as a functional WhatsApp API, but actually steals users' messages, contacts, and login tokens. The package has been downloaded over 56,000 times since it was first uploaded in May 2025. The package is designed to capture authentication tokens, session keys, message history, contact lists, media files, and documents, and transmit the stolen data to an attacker-controlled server. The package

Key Findings The Kimwolf Android botnet has infected over 1.8 million devices globally, primarily targeting TV boxes It uses advanced techniques like DNS over TLS, elliptic curve digital signatures, and blockchain domains to evade detection The botnet is capable of massive DDoS attacks, issuing over 1.7 billion commands in a three-day period Kimwolf shares code with the Aisuru botnet family but has been heavily redesigned to avoid detection Background The Kimwolf botnet was f

Key Findings Iranian APT group Infy (aka Prince of Persia) has resurfaced with new malware campaigns after nearly 5 years of dormancy The scale of Infy's current activity is significantly larger than previously assessed The group has targeted victims across Iran, Iraq, Turkey, India, Canada, and parts of Europe Infy's malware arsenal includes updated versions of the Foudre downloader and Tonnerre implant Attack chains have evolved from macro-laced documents to embedded execut

Key Findings: Artem Aleksandrovych Stryzhak, a 35-year-old Ukrainian national, pleaded guilty to multiple crimes stemming from his involvement in a string of ransomware attacks targeting U.S. and Europe-based organizations from mid 2018 to late 2021. Stryzhak faces up to 10 years in jail for conspiracy to commit fraud, including extortion. Authorities are still looking for Stryzhak's alleged co-conspirator Volodymyr Tymoshchuk and announced a $11 million reward for informatio

Key Findings: A massive network of compromised YouTube accounts is being weaponized to spread a sophisticated new threat, turning the popular video platform into a launchpad for data theft. The campaign, dubbed the "YouTube Ghost Network," leverages malicious videos promoting "cracked" software, trainers, or cheats to lure users into downloading a new, heavily obfuscated JavaScript malware loader called GachiLoader. GachiLoader is written in Node.js and deploys a second-stage

Key Findings A fundamental vulnerability in the UEFI firmware implementations of certain motherboards from ASRock, ASUS, GIGABYTE, and MSI allows attackers with physical access to bypass operating system security controls. The flaw, which is tracked as CVE-2025-14304, CVE-2025-11901, CVE-2025-14302, and CVE-2025-14303, stems from a discrepancy between what the firmware reports and what it actually does in terms of enabling the Input-Output Memory Management Unit (IOMMU). Desp

Key Findings: Russian state-sponsored threat actors linked to the GRU are increasingly breaching critical infrastructure networks by exploiting basic configuration mistakes rather than software vulnerabilities. The campaign has targeted energy providers and other critical infrastructure organizations across North America and Europe since at least 2021. The attackers focused on enterprise routers, VPN gateways, and network management appliances with exposed or poorly secured m

Key Findings The original founder of the BreachForums hacking forum has been arrested and sentenced to prison. Numerous reincarnations of BreachForums have continued to surface, despite several being shut down. Users who had previously registered on BreachForums recently received emails claiming the forum had reopened. The emails were sent from the domain pppj-sdpj92-ger2@interieur.gouv.fr, which belongs to the French Ministry of the Interior. This incident coincides with a r

Key Findings DDoS attacks will increasingly be used as diversion tactics to draw attention away from more damaging activities API-first architectures will increase exposure to misconfigurations and business logic abuse Integrated WAAP platforms will overtake fragmented web security architectures AI-driven DDoS mitigation will become essential against hyper-scale attacks Regulatory pressure will intensify as cybersecurity oversight expands across Europe Background Cybersecurit

Key Findings Threat actors have begun exploiting two newly disclosed security flaws in Fortinet FortiGate devices, less than a week after public disclosure. The attacks exploit two critical authentication bypasses (CVE-2025-59718 and CVE-2025-59719, CVSS scores: 9.8). The vulnerabilities allow unauthenticated bypass of SSO login authentication via crafted SAML messages if the FortiCloud SSO feature is enabled. Fortinet has released patches for the flaws in FortiOS, FortiWeb,

Key Findings In August 2025, Kaspersky researchers discovered a new Android banking Trojan dubbed "Frogblight" targeting individuals in Turkey. The malware initially disguised itself as an app for accessing court case files via an official government webpage, but later adopted more universal disguises like the Chrome browser. Frogblight can use official government websites as an intermediary step to steal banking credentials and has spyware capabilities to collect SMS message

Key Findings A 16TB unsecured MongoDB database exposed about 4.3 billion professional records, mainly LinkedIn-style data The database was discovered by researchers Bob Diachenko and nexos.ai on November 23, 2025 and secured two days later The database contained 9 collections with at least 3 exposing nearly 2 billion personal records including names, emails, phone numbers, LinkedIn links, job roles, employers, work history, education, locations, skills, languages, and social

Key Findings The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2025-14174: Google Chromium Out-of-Bounds Memory Access Vulnerability CVE-2018-4063: Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability Background CVE-2025-14174 is an out-of-bounds memory access flaw in the ANGLE graphics library of Google Chrome on Mac, which can be expl