Latest Blogs

What happened Two chained vulnerabilities impacting SharePoint servers were revealed during a security conference in May 2025, patched in July 2025: these vulnerabilities enable authentication bypass and remote code execution, enabling full takeovers of Sharepoint on-premise instances. On July 18, massive exploitation campaigns were discovered by a security company. More, on July 19, Microsoft disclosed that a variant of the […]

AI pure players Anthropic and OpenAI are leading the way of automated vulnerabilty detection With the release of Claude Opus 4.7 – broadly under the radar considering the buzz surrounding Claude Mythos Preview – Anthropic is redoubling its efforts on agentic AI and vulnerability detection. Vivien Mura, Chief Technology Officer (CTO) at Orange Cyberdefense, looks

How is the current solution landscape built and the challenges that companies are facing Over the years, many companies have layered various cybersecurity tools to protect their systems and data. This typically starts with an antivirus software, firewalls, and VPNs for remote access, before moving into Mobile Device Management (MDM), email security, and application protection

What happened Cisco released a security advisory on June 15, 2025, detailing two new vulnerabilities, CVE-2025-20281 and CVE-2025-20282, in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). Both allow an unauthenticated malicious actor to achieve remote code execution on the underlying operating system as a root user. Unfortunately, Cisco has now indicated that the critical vulnerabilities in Identity Services

Overview In early July, the CyberSOC investigated a phishing incident which led to a compromised account. Fortunately, additional security measures prevented the adversary from gaining further access, minimizing the impact. However, this incident led us to delve deeper into the phishing tactics employed. In collaboration with the World Watch team, our investigation uncovered a widespread

The Importance of an Information Position As we mentioned in our first blog, this second blog is about an important – though not often heard – term in Cyber Threat Intelligence (CTI): Information Position (okay, technically two words). In intelligence, this is basically where it all starts. If you want to deliver intelligence to a

CVE-2025-41244 is a local privilege escalation vulnerability in VMware Tools and VMware Aria Operations that enable attackers to execute code with potentially root privileges. NVISO, who responsibly reported the vulnerability, claims that Chinese initial access broker tracked as UNC5174 has been exploiting the vulnerability since October 2024. Proof-of-concept exploit code that demonstrates vulnerability was made public now that there

Executive SummaryGoogle Threat Intelligence Group (GTIG) and Mandiant have published an in-depth analysis of the recent extortion campaign orchestrated by Cl0p, exploiting the critical vulnerability CVE-2025-61882 in Oracle E-Business Suite (EBS).Their investigation reveals that initial intrusions date back to August 9, 2025, with suspicious activity detected as early as July 10. The attackers leveraged multiple vulnerabilities in Oracle EBS to gain

Introduction Part 6, this blog post, will be the final blog post in this series. This blog post will explore the unique security challenges that are present in systems that rely on generative artificial intelligence (genAI) as part of its workflow. The preceding blog posts in this series are located here: Everyone is a programmer

Attackers are increasingly using sophisticated methods to bypass modern endpoint detection and response (EDR) systems. One such technique involves misusing the application lifecycle of Universal Windows Platform (UWP) applications, combined with Windows job objects, for targeted attacks. This article examines an alternative method of deliberately suspending processes early on to enable attack techniques, such as