As cyber threats evolve, so must the Security Operations Center (SOC). In this third installment of the Modern SOC Series, Nicholas King, Global Product Manager at Orange Cyberdefense, shares how External Attack Surface Management (EASM) is transforming the way modern SOCs operate. From continuous discovery of unknown assets to reducing blind spots and enabling proactive […]

In case you missed it: Read blog #1,  blog #2  and blog #3 of the Modern SOC Series.As cyber regulations tighten, compliance becomes a core pillar of the modern Security Operations Center (SOC). In this final installment of the Modern SOC Series, Markus Thiel, Senior Business Manager at Orange Cyberdefense, shares how frameworks like DORA, NIS2, and the ISO 27001-aligned ISMS are reshaping

What happened Two chained vulnerabilities impacting SharePoint servers were revealed during a security conference in May 2025, patched in July 2025: these vulnerabilities enable authentication bypass and remote code execution, enabling full takeovers of Sharepoint on-premise instances. On July 18, massive exploitation campaigns were discovered by a security company. More, on July 19, Microsoft disclosed that a variant of the

AI pure players Anthropic and OpenAI are leading the way of automated vulnerabilty detection With the release of Claude Opus 4.7 – broadly under the radar considering the buzz surrounding Claude Mythos Preview – Anthropic is redoubling its efforts on agentic AI and vulnerability detection. Vivien Mura, Chief Technology Officer (CTO) at Orange Cyberdefense, looks

How is the current solution landscape built and the challenges that companies are facing Over the years, many companies have layered various cybersecurity tools to protect their systems and data. This typically starts with an antivirus software, firewalls, and VPNs for remote access, before moving into Mobile Device Management (MDM), email security, and application protection

What happened Cisco released a security advisory on June 15, 2025, detailing two new vulnerabilities, CVE-2025-20281 and CVE-2025-20282, in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). Both allow an unauthenticated malicious actor to achieve remote code execution on the underlying operating system as a root user. Unfortunately, Cisco has now indicated that the critical vulnerabilities in Identity Services

Overview In early July, the CyberSOC investigated a phishing incident which led to a compromised account. Fortunately, additional security measures prevented the adversary from gaining further access, minimizing the impact. However, this incident led us to delve deeper into the phishing tactics employed. In collaboration with the World Watch team, our investigation uncovered a widespread

The Importance of an Information Position As we mentioned in our first blog, this second blog is about an important – though not often heard – term in Cyber Threat Intelligence (CTI): Information Position (okay, technically two words). In intelligence, this is basically where it all starts. If you want to deliver intelligence to a

CVE-2025-41244 is a local privilege escalation vulnerability in VMware Tools and VMware Aria Operations that enable attackers to execute code with potentially root privileges. NVISO, who responsibly reported the vulnerability, claims that Chinese initial access broker tracked as UNC5174 has been exploiting the vulnerability since October 2024. Proof-of-concept exploit code that demonstrates vulnerability was made public now that there

Executive SummaryGoogle Threat Intelligence Group (GTIG) and Mandiant have published an in-depth analysis of the recent extortion campaign orchestrated by Cl0p, exploiting the critical vulnerability CVE-2025-61882 in Oracle E-Business Suite (EBS).Their investigation reveals that initial intrusions date back to August 9, 2025, with suspicious activity detected as early as July 10. The attackers leveraged multiple vulnerabilities in Oracle EBS to gain