Latest Intelligence
Russian Qakbot Gang Leader Indicted in US
Rustam Gallyamov, a Russian national, has been indicted in the United States for his significant involvement in the creation and distribution of Qakbot malware. This indictment highlights ongoing efforts to combat cybercrime and holds individuals accountable for their roles in sophisticated cyber threats.
300 Servers and €3.5M Seized as Europol Strikes Ransomware Networks Worldwide
Europol's Operation Endgame has successfully dismantled approximately 300 servers and neutralized 650 domains related to ransomware networks, issuing arrest warrants for 20 individuals. This operation highlights the ongoing global effort to combat ransomware and the infrastructure supporting these criminal activities.
Companies Warned of Commvault Vulnerability Exploitation
CISA has issued a warning about a widespread campaign exploiting a vulnerability in Commvault software to compromise Azure environments. This situation highlights the critical need for companies to address security vulnerabilities to protect their cloud infrastructures.
SafeLine WAF: Open Source Web Application Firewall with Zero-Day Detection and Bot Protection
SafeLine is an open-source Web Application Firewall (WAF) that provides protection against zero-day exploits and bot attacks, addressing the increasing demand for effective web application security solutions. With over 16.4K stars on GitHub, it has gained a significant user base, highlighting its importance in the cybersecurity landscape.
Cityworks Zero-Day Exploited by Chinese Hackers in US Local Government Attacks
A zero-day vulnerability in Trimble Cityworks has been exploited by a Chinese threat actor to target local government entities in the US. This incident highlights the significant risks associated with unpatched software vulnerabilities and the potential for state-sponsored cyber attacks on critical infrastructure.
DanaBot Botnet Disrupted, 16 Suspects Charged
The DanaBot botnet, which compromised over 300,000 devices and caused damages exceeding $50 million, has been disrupted by law enforcement. Sixteen suspects have been charged in connection with this cybercrime operation, highlighting the ongoing threat of botnets in the cybersecurity landscape.
Chinese Spies Exploit Ivanti Vulnerabilities Against Critical Sectors
A Chinese espionage group is exploiting two recent vulnerabilities in Ivanti EPMM to target organizations across various critical sectors. This highlights the ongoing threat posed by state-sponsored cyber activities and the importance of addressing software vulnerabilities promptly.
U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation
The U.S. Department of Justice has disrupted the DanaBot malware network and charged 16 individuals linked to a Russia-based cybercrime organization. This operation is significant as it highlights ongoing efforts to combat global cybercrime affecting hundreds of thousands of victims.
CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs
CISA has reported that Commvault is currently monitoring cyber threats that may have compromised client secrets related to its Microsoft 365 backup SaaS solution hosted on Azure. This highlights the ongoing risks associated with cloud misconfigurations and the exploitation of application secrets by threat actors.
GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts
Researchers identified an indirect prompt injection vulnerability in GitLab's AI assistant Duo, which could allow attackers to hijack AI responses and potentially steal source code or redirect users to malicious sites. This flaw highlights significant security risks associated with AI tools in coding environments.
Akamai, Microsoft Disagree on Severity of Unpatched ‘BadSuccessor’ Flaw
Akamai has identified a privilege escalation flaw known as 'BadSuccessor' in Windows Server 2025, but Microsoft has opted not to release an immediate patch, leading to a disagreement over the flaw's severity. This situation raises concerns about the potential risks associated with unpatched vulnerabilities in critical systems.
Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks
Chinese-speaking hackers identified as UAT-6382 have exploited a recently patched vulnerability in Trimble Cityworks, allowing them to deploy malicious tools like Cobalt Strike and VShell for long-term access to U.S. government networks. This incident underscores the ongoing threat posed by state-sponsored cyber actors targeting critical infrastructure.
Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise
A critical privilege escalation vulnerability in Windows Server 2025 allows attackers to compromise any user in Active Directory by exploiting the delegated Managed Service Account (dMSA) feature. This flaw is particularly concerning as it can be executed with default configurations and is easy to implement.