ALL POSTS

Key Findings North Korean IT operatives are applying to remote positions using real LinkedIn accounts of individuals they are impersonating The goal is to secure jobs at Western companies and conduct espionage, data theft, and ransomware attacks The threat is tracked by the cybersecurity community as Jasper Sleet, PurpleDelta, and Wagemole The impersonated LinkedIn profiles often have verified workplace emails and identity badges to appear legitimate Once employed, the DPRK w

Key Findings Attackers are impersonating LastPass in an active phishing campaign that aims to steal users' master passwords. The phishing emails claim there is urgent LastPass maintenance and urge users to back up their password vaults within 24 hours. The malicious emails use subject lines referencing infrastructure updates, vault security, and missed deadlines to trick victims. The phishing links lead to an Amazon S3–hosted page that redirects to a fake LastPass site design

Key Findings A critical vulnerability (CVE-2025-12420) has been discovered in the ServiceNow AI Platform, allowing unauthenticated attackers to impersonate legitimate users. The vulnerability has a severity score of 9.3 out of 10 and poses a significant risk of privilege escalation. ServiceNow has released security updates to address the flaw, but self-hosted customers and partners need to take immediate action. Background The vulnerability, dubbed CVE-2025-12420, is a failur

Key Findings Threat actors are exploiting misconfigured email routing and spoof protection to impersonate organizations' internal domains and distribute phishing emails. These phishing campaigns leverage phishing-as-a-service (PhaaS) platforms like Tycoon 2FA, delivering a variety of lures related to voicemails, shared documents, HR communications, and password resets. The attack vector is not new, but Microsoft has observed a surge in its usage since May 2025, targeting a wi

Key Findings Cybersecurity researchers have uncovered a phishing campaign that abuses Google Cloud Application Integration to send emails impersonating legitimate Google messages. The campaign used layered redirection, trusted cloud services, user validation checks, and brand impersonation to evade detection and increase phishing success. Over a two-week period, the researchers observed nearly 9,400 phishing emails targeting approximately 3,200 customers across various indust

Key Findings Grafana has patched a critical vulnerability (CVE-2025-41115) in its SCIM (System for Cross-domain Identity Management) implementation with a CVSS score of 10.0. The flaw could allow a malicious or compromised SCIM client to provision a user with a numeric `externalId`, enabling potential impersonation or privilege escalation under certain configurations. The vulnerability affects Grafana Enterprise versions from 12.0.0 to 12.2.1 and has been addressed in Grafana

Key Findings: CVE-2025-12485 is a critical vulnerability (CVSS 9.4) in Devolutions Server that allows a low-privileged authenticated user to impersonate another account by replaying a pre-MFA cookie. CVE-2025-12808 is a high-severity vulnerability (CVSS 7.1) that allows a View-only user to retrieve sensitive third-level nested fields, potentially exposing stored passwords or configuration secrets. Both vulnerabilities affect multiple versions of Devolutions Server 2025 and re