Collaborate Disseminate
A second wave of attacks against the hundreds of SAP NetWeaver platforms compromised via CVE-2025-31324 is underway. “[The] attacks [are] staged by follow-on, opportunistic threat actors who are leveraging previously established webshells (from t… Continue reading Compromised SAP NetWeaver instances are ushering in opportunistic threat actors
A clever malware campaign delivering the novel Noodlophile malware is targeting creators and small businesses looking to enhance their productivity with AI tools. But, in an unusual twist, the threat actors are not disguising the malware as legitimate … Continue reading Fake AI platforms deliver malware diguised as video content
The affiliate panel of the infamous LockBit Ransomware-as-a-Service (RaaS) group has been hacked and defaced, showing a link to a MySQL database dump ostensibly containing leaked data relating to the group’s operations: The defaced dark web affiliate p… Continue reading LockBit hacked: What does the leaked data show?
As new malware delivery campaigns using the ClickFix social engineering tactic are spotted nearly every month, it’s interesting to see how the various attackers are trying to refine the two main elements: the lure and the “instruction”… Continue reading The many variants of the ClickFix social engineering tactic
SonicWall has fixed multiple vulnerabilities affecting its SMA100 Series devices, one of which (CVE-2025-32819) appears to be a patch bypass for an arbitrary file delete vulnerability that was exploited in zero-day attacks in early 2021, and may have a… Continue reading Yet another SonicWall SMA100 vulnerability exploited in the wild (CVE-2025-32819)
Researchers have uncovered three serious vulnerabilities in Rack, a server interface used by most Ruby web app frameworks (Ruby on Rails, Sinatra, Hanami, Roda, and others). Two of the flaws – CVE-2025-25184 and CVE-2025-27111 – could allow… Continue reading Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610)
If your organization is using Commvault Command Center for your data protection, backup creation, configuration and restoration needs, you should check whether your on-premise installation has been upgraded to patch a critical vulnerability (CVE-2025-3… Continue reading Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028)
Mandiant has released the M-Trends 2025 report, which outlines global cyber attack trends based on their own incident response engagements from 2024. Key trends and insights In 2024, Mandiant handled more incidents in the financial sector than in any o… Continue reading Understanding 2024 cyber attack trends
MITRE has released the latest version of its ATT&CK framework, which now also includes a new section (“matrix”) to cover the tactics, techniques and procedures (TTPs) used to target VMware ESXi hypervisors. About MITRE ATT&CK MITR… Continue reading Released: MITRE ATT&CK v17.0, now with ESXi attack TTPs
Suspected Russian threat actors are using OAuth-based phishing attacks to get targets to grant them access to their Microsoft 365 (M365) accounts. “The primary tactics observed involve the attacker requesting victim’s supply Microsoft Autho… Continue reading Attackers phish OAuth codes, take over Microsoft 365 accounts