Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet for internal review. Every Friday we publish the top 10 which are culled from the 40+ relevant stories we review every week.
Weekly Top 10: 09.08.2025: ViewState Zero-Day in Sitecore (CVE-2025-53690); Debunking Microsoft 365 & Identity Myths; New AI-Powered HexStrike-AI Tool Exploits Citrix Flaws, and More.
ViewState Zero-Day in Sitecore (CVE-2025-53690); Debunking Microsoft 365 & Identity Myths; New AI-Powered HexStrike-AI Tool Exploits Citrix…
Weekly Top 10: 09.01.2025: Attackers Abuse Velociraptor IR Tool; npm ‘Nx’ Supply-Chain Attack Leaks ~20K Sensitive Files; TransUnion Breach Hits 4.4M People, and More.
Attackers Abuse Velociraptor IR Tool; npm ‘Nx’ Supply-Chain Attack Leaks ~20K Sensitive Files; Transunion Breach Hits 4.4M People; and 7 More.
Weekly Top 10: 08.25.2025: ChatGPT Downgrade Attack Highlights GPT-5 Security Risks; 15,000 Jenkins Servers at Risk from RCE Vulnerability; Cybercriminals Abuse AI Website Creation App for Phishing, and More.
ChatGPT Downgrade Attack Highlights GPT-5 Security Risks; 15,000 Jenkins Servers at Risk from RCE Vulnerability; Cybercriminals Abuse AI Website…
Weekly Top 10: 08.18.2025: The Rise of Native Phishing: Microsoft 365 Apps Abused in Attacks; WinRAR Vulnerability Exploited by Two Different Groups; Cisco Warns of CVSS 10.0 FMC RADIUS Flaw, and More.
The Rise of Native Phishing: Microsoft 365 Apps Abused in Attacks; WinRAR Vulnerability Exploited by Two Different Groups; Cisco Warns of CVSS…
Weekly Top 10: 08.04.2025: ShinyHunters Behind Major Salesforce Data Theft; SafePay Ransomware Threatens to Leak 35TB from Ingram Micro; Shade BIOS Attack Defeats Endpoint Security Measures, and More.
ShinyHunters Behind Major Salesforce Data Theft; SafePay Ransomware Threatens to Leak 35TB from Ingram Micro; Shade BIOS Attack Defeats Endpoint…
Weekly Top 10: 07.28.2025: CryptoJacking is Dead; Coyote in the Wild: First-Ever Malware That Abuses UI Automation; SharePoint Under Siege, and More.
CryptoJacking is Dead; Coyote in the Wild: First-Ever Malware That Abuses UI Automation; SharePoint Under Siege
Weekly Top 10: 07.21.2025: Hackers Use GitHub to Host Malware Payload; Critical Cisco Zero-Day Allows Root Access Without Password; Google Patches Chrome Zero-Day Used for Sandbox Escape, and More.
Hackers Use GitHub to Host Malware Payload; Critical Cisco Zero-Day Allows Root Access Without Password; Google Patches Chrome Zero-Day Used for…
Weekly Top 10: 07.14.2025: DoNot APT Group Targets European Government Entities; McDonald’s AI Hiring System Exposed 64 Million Applicants; Malicious Browser Extensions Infect 2.3 Million Users, and More.
DoNot APT Group Targets European Government Entities; McDonald's AI Hiring System Exposed 64 Million Applicants; Malicious Browser Extensions…
Weekly Top 10: 07.07.2025: 600,000 WordPress Sites Affected by Arbitrary File Deletion Vulnerability; FoxyWallet: 40+ Malicious Firefox Extensions Exposed; Filefix Part 2: Social Engineering via HTML Applications, and More.
600,000 WordPress Sites Affected by Arbitrary File Deletion Vulnerability; FoxyWallet: 40+ Malicious Firefox Extensions Exposed; Filefix Part 2:…
Weekly Top 10: 06.30.2025: Cybercrime Surging Across Africa; New Exploits Target CitrixBleed-2 Vulnerability; Microsoft 365 Abuse Enables Phishing from Trusted Sources, and More.
Cybercrime Surging Across Africa; New Exploits Target CitrixBleed-2 Vulnerability; Microsoft 365 Abuse Enables Phishing from Trusted Sources,…
Weekly Top 10: 06.23.2025: Initial Access Broker of Ransomware Group Ryuk Extradited to the U.S.; Cloudflare Blocked a Record 7.3 Tbps DDoS Attack; Record 16 Billion Credentials Leaked on Hacking Forum, and More.
Initial Access Broker of Ransomware Group Ryuk Extradited to the U.S.; Cloudflare Blocked a Record 7.3 Tbps DDoS Attack; Record 16 Billion…
Weekly Top 10: 06.16.2025: Fog Ransomware: Unusual Toolset Used in Recent Attack; EchoLeak: Critical Zero-Click AI Vulnerability in Microsoft 365 Copilot; Stealth Falcon’s Exploit of Microsoft Zero-Day Vulnerability, and More.
Fog Ransomware: Unusual Toolset Used in Recent Attack; EchoLeak: Critical Zero-Click AI Vulnerability in Microsoft 365 Copilot; Stealth Falcon's…