Fortinet, Ivanti, and SAP Issue Urgent Patches for Critical Flaws
Three major enterprise vendors — Fortinet, Ivanti, and SAP — have released urgent fixes for vulnerabilities that could lead to authentication bypass and remote code […]
Month: December 2025
Malicious Developer Ecosystem Packages Found (VS Code, Go, npm, Rust)
Cybersecurity researchers have uncovered malicious packages across multiple developer ecosystems — VS Code extensions, Go libraries, npm modules, and Rust crates — all designed to […]
Shanya EXE Packer: How Ransomware Gangs Hide EDR Killers
A new packer-as-a-service platform called Shanya is being widely adopted by ransomware groups to conceal EDR (Endpoint Detection and Response) killers inside their payloads. Key […]
How Agentic BAS AI Turns Threat Headlines Into Defense Strategies
This sponsored piece from Picus Security explains how their Agentic BAS (Breach and Attack Simulation) AI transforms breaking threat intelligence into actionable defense validation — […]
Barts Health NHS Breach via Oracle Zero‑Day (CVE‑2025‑61882)
Incident overview Scope of Clop’s campaign Barts Health response Why this matters Actionable steps for organizations
CVE‑2025‑66516: Critical XXE in Apache Tika (CVSS 10.0)
A maximum‑severity XML External Entity (XXE) injection flaw has been disclosed in Apache Tika, tracked as CVE‑2025‑66516. The vulnerability affects multiple modules and can be […]
ArrayOS AG VPN Flaw Exploited to Plant Webshells
A newly disclosed command injection vulnerability in Array Networks AG Series VPN devices is being actively exploited to deploy PHP webshells and create rogue user […]
Silver Fox Campaign: Fake Microsoft Teams Installer Delivers ValleyRAT in China
A new SEO poisoning campaign attributed to the threat actor Silver Fox is targeting Chinese-speaking users and organizations operating in China. The attackers are distributing […]
GoldFactory’s Southeast Asia Campaign: Modified Banking Apps Drive 11,000+ Infections
A new Group-IB report details how the financially motivated cybercrime group GoldFactory has escalated its operations in Southeast Asia, targeting mobile users in Indonesia, Thailand, […]
WordPress Plugin Exploits: King Addons for Elementor & Advanced Custom Fields: Extended
Two critical plugin vulnerabilities are actively being exploited in the WordPress ecosystem, underscoring the ongoing risk of third‑party add‑ons. CVE‑2025‑8489 — King Addons for Elementor […]