Executive SummaryGoogle Threat Intelligence Group (GTIG) and Mandiant have published an in-depth analysis of the recent extortion campaign orchestrated by Cl0p, exploiting the critical vulnerability CVE-2025-61882 in Oracle E-Business Suite (EBS).Their investigation reveals that initial intrusions date back to August 9, 2025, with suspicious activity detected as early as July 10. The attackers leveraged multiple vulnerabilities in Oracle EBS to gain […]

Introduction Part 6, this blog post, will be the final blog post in this series. This blog post will explore the unique security challenges that are present in systems that rely on generative artificial intelligence (genAI) as part of its workflow. The preceding blog posts in this series are located here: Everyone is a programmer

Attackers are increasingly using sophisticated methods to bypass modern endpoint detection and response (EDR) systems. One such technique involves misusing the application lifecycle of Universal Windows Platform (UWP) applications, combined with Windows job objects, for targeted attacks. This article examines an alternative method of deliberately suspending processes early on to enable attack techniques, such as

Update 1: The threat actor that compromised the F5 environment was present for over a year in parts of F5’s environment. F5 is contacting clients whose data was stored on the development environment that was exposed to the threat actor. Consider prioritize the patching of F5 vulnerabilities with the flowing CVEs: •             CVE-2025-53868 (CVSS v3.1

Introduction In Cyber Threat Intelligence (CTI), we often use certain words interchangeably. That might feel harmless, but it can blur what we’re actually doing – and sometimes even cause misunderstandings that could lead to bigger problems. One of the most common examples is the mix-up between data, information, and intelligence. These are three very different

Introduction The escalating complexity and frequency of cyber threats necessitate a more proactive stance in cybersecurity defense mechanisms. The dynamic nature of cyber threats requires continuous monitoring and analysis, a task that surpasses human capabilities alone. Crucial aspect motivating the adoption of autonomous threat hunting is the imperative need to minimize response times in cyber

Infection chain The infection chain was initiated by social engineering and a targeted WhatsApp message containing a job-related lure sent to a project engineer. This known social engineering tactic lured the victim to download and open a ZIP archive on its desktop, through the browser-based version of the WhatsApp mobile application (WhatsApp Web).  The archive contained:

A working proof of concept (PoC) code is available for the React2Shell vulnerability and active exploitation by several Chinese-nexus threat groups have been observed. More exploitation across the board is expected as all types of attackers seek to capitalize on this vulnerability.  Patching of the vulnerability must be a priority. Cloud environments such as Akamai,

Introduction For organizations navigating an increasingly complex cyber threat landscape, insight into how cybercrime is investigated, disrupted, and prosecuted provides an important perspective on evolving risk and adversary behavior.Cybercrime continues to grow in scale, sophistication, and diversification, placing sustained pressure on law enforcement agencies worldwide. In response, authorities have increased the visibility and frequency of

Two critical zero-day vulnerabilities have been disclosed in Ivanti Endpoint Manager Mobile (EPMM), (formerly known as MobileIron Core), a widely used mobile device management solution. The flaws are already being actively exploited in the wild, prompting urgent mitigation guidance from multiple authorities.  Why This Matters Ivanti EPMM sits at the heart of mobile endpoint security, managing devices, policies, certificates, and authentication mechanisms. A successful