Browsing Category

Threat Advisories

190 posts

Briefings on the latest cybersecurity threats, vulnerabilities, and critical action items for security practitioners.

Weekly Top 10: 02.17.2025: DragonRank Seen Exploiting IIS Servers Across Asia; PostgreSQL Vulnerabilities Used to Breach BeyondTrust; Sarcoma Ransomware Operation Breached Unimicron, and More.

Weekly Top 10: 02.17.2025: DragonRank Seen Exploiting IIS Servers Across Asia; PostgreSQL Vulnerabilities Used to Breach BeyondTrust; Sarcoma ransomware Operation Breached Unimicron, and 7 More

February 17, 2025 16:00 GMT

Weekly Top 10: 02.10.2025: PyPI Now Supports Project Archival; Critical RCE Bug in Microsoft Outlook; Stealers on the Rise: A Closer Look at a Growing macOS Threat, and More.

Weekly Top 10: 02.10.2025: PyPI Now Supports Project Archival; Critical Rce Bug in Microsoft Outlook Now Exploited in Attacks; Stealers on the Rise: A Closer Look at a Growing macOS Threat, and 7 More

February 10, 2025 16:00 GMT

Weekly Top 10: 02.03.2025: Israeli Spyware Firm Linked to WhatsApp Zero Click Vulnerability; Community Health Center Suffers Large Data Breach; New Mirai Botnet Variant Discovered, and More.

Weekly Top 10: 02.03.2025: Israeli Spyware Firm Linked to WhatsApp Zero Click Vulnerability; Community Health Center Suffers Large Data Breach ; New Mirai Botnet Variant Discovered, and 7 More

February 3, 2025 16:00 GMT

Weekly Top 10: 01.27.2025: 7-Zip Bug That Bypasses MoTW Now Patched; Critical Vulnerability in Cisco Meeting Management Patched; Threat Group ‘DONOT Team’ Targets Android Users in India, and More.

Weekly Top 10: 01.27.2025: 7-Zip Bug That Bypasses MoTW Now Patched; Critical Vulnerability in Cisco Meeting Management Patched; Threat Group 'DONOT Team' Targets Android Users in India, and 7 More

January 27, 2025 16:00 GMT

Weekly Top 10: 01.20.2025: fasthttp Used in New Bruteforce Campaign; Millions of Accounts Vulnerable Due to Google’s OAuth Flaw; The Great Google Ads Heist, and More.

Weekly Top 10: 01.20.2025: fasthttp Used in New Bruteforce Campaign; Millions of Accounts Vulnerable Due to Google’s OAuth Flaw; The Great Google Ads Heist, and 7 More

January 20, 2025 16:00 GMT

Weekly Top 10: 01.06.2025: Brain Cipher Ransomware Gang Leaked Data from Rhode Island’s RIBrides Platform; Salt Typhoon Targets U.S. Treasury Department OFAC; Microsoft Issues Warning to .NET Developers, and More.

Weekly Top 10: 01.06.2025: Brain Cipher Ransomware Gang Leaked Data from Rhode Island's RIBrides Platform; Salt Typhoon Targets U.S. Treasury Department OFAC; Microsoft Issues Warning to .NET Developers, and 7 More

January 6, 2025 16:00 GMT

Weekly Top 10: 12.30.2024: Cybersecurity Firm’s Chrome Extension Hijacked to Steal Users’ Data; New ‘Ottercookie’ Malware Used to Backdoor Devs in Fake Job Offers; White House Links Ninth Telecom Breach to Chinese Hackers, and More.

Weekly Top 10: 12.30.2024: Cybersecurity Firm’s Chrome Extension Hijacked to Steal Users’ Data; New ‘Ottercookie’ Malware Used to Backdoor Devs in Fake Job Offers; White House Links Ninth Telecom Breach to Chinese Hackers, and 7 More

December 30, 2024 16:00 GMT

Weekly Top 10: 12.23.2024: Android Malware Delivered via the Amazon Appstore; TP-Link Network Devices Under Investigation by the US DoJ; Play Ransomware Group Takes Credit for Attack on Krispy Kreme, and More.

Weekly Top 10: 12.23.2024: Android Malware Delivered via the Amazon Appstore; TP-Link Network Devices Under Investigation by the US DoJ; Play Ransomware Group Takes Credit for Attack on Krispy Kreme, and 7 More

December 23, 2024 16:00 GMT

Weekly Top 10: 12.16.2024: OpenWrt Flaw Allows Distribution of Malicious Firmware; Vulnerability in WPForms Allows for Arbitrary Stripe Refunds; AuthQuake Attack Allows MFA Bypass for Microsoft Accounts, and More.

Weekly Top 10: 12.16.2024: OpenWrt Flaw Allows Distribution of Malicious Firmware; Vulnerability in WPForms Allows for Arbitrary Stripe Refunds; AuthQuake Attack Allows MFA Bypass for Microsoft Accounts, and 7 More

December 16, 2024 16:00 GMT

Weekly Top 10: 12.9.2024: New Windows Zero-Day Exposes NTLM Credentials, Gets Unofficial Patch; Supply Chain Attack Detected in Solana’s web3.js Library; Snowblind: The Invisible Hand of Secret Blizzard, and More.

Weekly Top 10: 12.9.2024: New Windows Zero-Day Exposes NTLM Credentials, Gets Unofficial Patch; Supply Chain Attack Detected in Solana’s web3.js Library; Snowblind: The Invisible Hand of Secret Blizzard, and 7 More

December 9, 2024 16:00 GMT

Hand-Picked Top-Read Stories

Weekly Top 10: 02.17.2025: DragonRank Seen Exploiting IIS Servers Across Asia; PostgreSQL Vulnerabilities Used to Breach BeyondTrust; Sarcoma Ransomware Operation Breached Unimicron, and More.

FunkSec – Emergent AI-Coded Ransomware on the Rise

Weekly Top 10: 02.10.2025: PyPI Now Supports Project Archival; Critical RCE Bug in Microsoft Outlook; Stealers on the Rise: A Closer Look at a Growing macOS Threat, and More.

Trending Tags

Threat Advisories

Weekly Top 10: 02.17.2025: DragonRank Seen Exploiting IIS Servers Across Asia; PostgreSQL Vulnerabilities Used to Breach BeyondTrust; Sarcoma Ransomware Operation Breached Unimicron, and More.

Weekly Top 10: 02.10.2025: PyPI Now Supports Project Archival; Critical RCE Bug in Microsoft Outlook; Stealers on the Rise: A Closer Look at a Growing macOS Threat, and More.

Weekly Top 10: 02.03.2025: Israeli Spyware Firm Linked to WhatsApp Zero Click Vulnerability; Community Health Center Suffers Large Data Breach; New Mirai Botnet Variant Discovered, and More.

Weekly Top 10: 01.27.2025: 7-Zip Bug That Bypasses MoTW Now Patched; Critical Vulnerability in Cisco Meeting Management Patched; Threat Group ‘DONOT Team’ Targets Android Users in India, and More.

Weekly Top 10: 01.20.2025: fasthttp Used in New Bruteforce Campaign; Millions of Accounts Vulnerable Due to Google’s OAuth Flaw; The Great Google Ads Heist, and More.

Weekly Top 10: 01.06.2025: Brain Cipher Ransomware Gang Leaked Data from Rhode Island’s RIBrides Platform; Salt Typhoon Targets U.S. Treasury Department OFAC; Microsoft Issues Warning to .NET Developers, and More.

Weekly Top 10: 12.30.2024: Cybersecurity Firm’s Chrome Extension Hijacked to Steal Users’ Data; New ‘Ottercookie’ Malware Used to Backdoor Devs in Fake Job Offers; White House Links Ninth Telecom Breach to Chinese Hackers, and More.

Weekly Top 10: 12.23.2024: Android Malware Delivered via the Amazon Appstore; TP-Link Network Devices Under Investigation by the US DoJ; Play Ransomware Group Takes Credit for Attack on Krispy Kreme, and More.

Weekly Top 10: 12.16.2024: OpenWrt Flaw Allows Distribution of Malicious Firmware; Vulnerability in WPForms Allows for Arbitrary Stripe Refunds; AuthQuake Attack Allows MFA Bypass for Microsoft Accounts, and More.

Weekly Top 10: 12.9.2024: New Windows Zero-Day Exposes NTLM Credentials, Gets Unofficial Patch; Supply Chain Attack Detected in Solana’s web3.js Library; Snowblind: The Invisible Hand of Secret Blizzard, and More.

Threat Advisories

Weekly Top 10: 11.25.2024: Critical Flaw in End-of-Life D-Link VPN Routers; Actively Exploited RCE Flaw Impacting VMware vCenter; Russian Linked Threat Actor Linked in Cyber Espionage Campaign, and More.

Palo Alto Recommends Urgent Mitigation For Authentication Bypass Vulnerability in PAN-OS

Weekly Top 10: 11.18.2024: Microsoft Exchange Adds Warning to Emails Abusing Spoofing Flaw; Evasive ZIP Concatenation: Trojan Targets Windows Users; Microsoft November 2024 Patch Tuesday Fixes 4 Zero-Days, 89 Flaws, and More.

Weekly Top 10: 11.11.2024: Veeam Backup Exploit Used by Frag Ransomware; North Korean Hackers Use macOS Malware to Steal Crypto; Palo Alto PAN-OS May be Vulnerable to RCE, and More.

Weekly Top 10: 11.04.2024: Android Malware ‘FakeCall’ Hijacks Outgoing Calls; PTZ Cameras Being Targeted Using Two Zero-Days; Hacker Group TeamTNT Targets Docker Environments, and More.

Education

Protecting Microsoft Teams From Data Exfiltration – A Tactical DLP Rule

Anatomy of a Data Breach

OpenAI Cybersecurity Research

Breach Report: Healthcare

Analysis of GalComm Chrome Extension Malware