Latest Intelligence
Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks
Recent research has identified Docker images on Docker Hub that contain the XZ Utils backdoor, highlighting ongoing supply chain risks. The issue is exacerbated by the fact that other images have been built on these compromised base images, leading to further propagation of the infection. Read Original »
Fortinet SSL VPNs Hit by Global Brute-Force Wave Before Attackers Shift to FortiManager
Cybersecurity researchers have reported a significant increase in brute-force attacks targeting Fortinet SSL VPN devices, with over 780 unique IP addresses involved in the activity. The attacks were first observed on August 3, 2025, indicating a coordinated effort against these devices. Read Original »
Cybercrime Groups ShinyHunters, Scattered Spider Join Forces in Extortion Attacks on Businesses
ShinyHunters and Scattered Spider are collaborating in a data extortion campaign targeting Salesforce customers, with plans to expand their efforts to financial services and technology providers. This marks a significant change in ShinyHunters' tactics, moving beyond their previous focus on credential theft and database attacks. Read Original »
Inside the Dark Web’s Access Economy: How Hackers Sell the Keys to Enterprise Networks
The article discusses a flourishing market on the dark web where elite hackers are selling access to corporate networks, effectively transforming cybercrime into a business model. This analysis highlights the organized nature of cybercriminal activities and the implications for enterprise security. Read Original »
Charon Ransomware Emerges With APT-Style Tactics
Charon ransomware has been identified as a new malware targeting the Middle Eastern public sector and aviation industry, potentially linked to a Chinese state-sponsored group known as Earth Baxia. This deployment reflects advanced persistent threat (APT) tactics commonly used in cyber espionage. Read Original »
How to Stay a Step Ahead of a Non-Obvious Threat
The article emphasizes the importance of securing business logic as a critical aspect of cybersecurity, highlighting that it is not merely a technical necessity but a vital business concern. Organizations must prioritize this to stay ahead of potential threats. Read Original »
New ‘Curly COMrades’ APT Using NGEN COM Hijacking in Georgia, Moldova Attacks
The newly identified threat actor, Curly COMrades, is conducting cyber espionage campaigns against entities in Georgia and Moldova, aiming for long-term access to their networks. Their activities include attempts to extract sensitive data from domain controllers, specifically targeting the NTDS database that holds user authentication information. Read Original »
1Kosmos Raises $57 Million for Identity Verification and Authentication Platform
1Kosmos has successfully raised $57 million in Series B funding, increasing its total funding to $72 million. This capital will support the company's efforts in developing its identity verification and authentication platform. Read Original »
CodeSecCon Is Today: Where Software Security’s Next Chapter Unfolds (Virtual Event)
CodeSecCon is a virtual event occurring on August 12-13, aimed at uniting developers and cybersecurity professionals to innovate in application security. The event focuses on transforming how applications are developed, secured, and maintained. Read Original »
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, highlighting their active exploitation and significant risks to federal networks. The vulnerabilities include issues in Microsoft Internet Explorer, Microsoft Office Excel, and RARLAB WinRAR, emphasizing the need for timely remediation by federal agencies and urging all organizations to prioritize these vulnerabilities in their cybersecurity practices. Read Original »
Schneider Electric EcoStruxure Power Monitoring Expert
Schneider Electric's EcoStruxure Power Monitoring Expert has multiple vulnerabilities, including path traversal, deserialization of untrusted data, and server-side request forgery, which could allow remote attackers to access sensitive files or internal services. These vulnerabilities require authentication to exploit and have been assigned various CVEs with high CVSS scores indicating significant risk. Read Original »
Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share
The article discusses multiple vulnerabilities in Ashlar-Vellum products, including Cobalt, Xenon, Argon, Lithium, and Cobalt Share, which could allow attackers to execute arbitrary code and disclose information. These vulnerabilities stem from improper validation of user-supplied data in various file parsing processes, necessitating updates to the latest versions to mitigate risks. Read Original »
AVEVA PI Integrator
The AVEVA PI Integrator has been identified with two significant vulnerabilities that could allow attackers to upload malicious files and access sensitive information. These vulnerabilities affect versions 2020 R2 SP1 and prior, posing a risk to users who have not updated their systems. Read Original »
Santesoft Sante PACS Server
The Sante PACS Server by Santesoft has multiple vulnerabilities, including path traversal, double free, cleartext transmission of sensitive information, and cross-site scripting, which could lead to arbitrary file creation, denial-of-service, and sensitive data exposure. Users are urged to update to version 4.2.3 or later to mitigate these risks. Read Original »
Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2
Johnson Controls has identified multiple vulnerabilities in their iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, and Edge G2 door controllers, including OS command injection and insecure storage of sensitive information. Successful exploitation of these vulnerabilities could allow attackers to modify firmware and gain unauthorized access to protected spaces. Read Original »