Latest Blogs

Update 1: The threat actor that compromised the F5 environment was present for over a year in parts of F5’s environment. F5 is contacting clients whose data was stored on the development environment that was exposed to the threat actor. Consider prioritize the patching of F5 vulnerabilities with the flowing CVEs: •             CVE-2025-53868 (CVSS v3.1 […]

Introduction In Cyber Threat Intelligence (CTI), we often use certain words interchangeably. That might feel harmless, but it can blur what we’re actually doing – and sometimes even cause misunderstandings that could lead to bigger problems. One of the most common examples is the mix-up between data, information, and intelligence. These are three very different

Introduction The escalating complexity and frequency of cyber threats necessitate a more proactive stance in cybersecurity defense mechanisms. The dynamic nature of cyber threats requires continuous monitoring and analysis, a task that surpasses human capabilities alone. Crucial aspect motivating the adoption of autonomous threat hunting is the imperative need to minimize response times in cyber

Infection chain The infection chain was initiated by social engineering and a targeted WhatsApp message containing a job-related lure sent to a project engineer. This known social engineering tactic lured the victim to download and open a ZIP archive on its desktop, through the browser-based version of the WhatsApp mobile application (WhatsApp Web).  The archive contained:

A working proof of concept (PoC) code is available for the React2Shell vulnerability and active exploitation by several Chinese-nexus threat groups have been observed. More exploitation across the board is expected as all types of attackers seek to capitalize on this vulnerability.  Patching of the vulnerability must be a priority. Cloud environments such as Akamai,

Introduction For organizations navigating an increasingly complex cyber threat landscape, insight into how cybercrime is investigated, disrupted, and prosecuted provides an important perspective on evolving risk and adversary behavior.Cybercrime continues to grow in scale, sophistication, and diversification, placing sustained pressure on law enforcement agencies worldwide. In response, authorities have increased the visibility and frequency of

Two critical zero-day vulnerabilities have been disclosed in Ivanti Endpoint Manager Mobile (EPMM), (formerly known as MobileIron Core), a widely used mobile device management solution. The flaws are already being actively exploited in the wild, prompting urgent mitigation guidance from multiple authorities.  Why This Matters Ivanti EPMM sits at the heart of mobile endpoint security, managing devices, policies, certificates, and authentication mechanisms. A successful

Overview When we published our findings on Hacktivism: Victims and Impact in 2023 in our Security Navigator 2024, hacktivism was already undergoing a visible resurgence. At the time, most of the incidents we observed were not technically destructive at scale in the conventional sense. What stood out were the broader structural trends emerging across the threat landscape. Hacktivism was becoming more frequent, more coordinated, and increasingly entangled with real-world

The days of the traditional air gap are officially over. We used to think of Operational Technology as completely separate from our everyday office computers, consisting mostly of the specialized systems that control pumps and robotic arms. But today, everything is connected. While this digital shift has brought amazing efficiency to the industry, it has

For decades, the factory floor was a fortress of physical isolation. Today, that traditional “air gap” has been replaced by a sprawling digital web. As organizations race to embrace the efficiency and automation of modern industry, they are bridging the gap between Operational Technology (OT) and traditional Information Technology (IT). While this convergence has unlocked