Incorrect permission assignment exposes an internal anomaly-detection service, enabling remote root code execution on affected PTX routers. PTX • Junos OS Evolved • Router takeover • RCE Metadata Executive Summary…
Zscaler ThreatLabz reports a December 2025 campaign it tracks as Ruby Jumper, attributed with high confidence to APT37 (aka ScarCruft, Ruby Sleet, Velvet Chollima). The infection chain begins with a…
Executive Summary UK financial stability and customer outcomes are increasingly shaped by operational cyber risk: attacks (and disruptive technology failures) that impair critical services, amplify fraud losses, and propagate quickly…
Short title: Deep dive on Explorer-native WebDAV abuse for malware deliveryWebDAV, Windows File Explorer, WebClient, TryCloudflare, Cloudflare Tunnel, phishing, .URL, .LNK, search-ms, Mark-of-the-Web, SmartScreen, RAT delivery, detection engineering Executive Summary…
Active exploitation of Cisco Catalyst SD-WAN authentication bypass (CVE-2026-20127)cisco catalyst sd-wan, vsmart, vmanage, CVE-2026-20127, UAT-8616, authentication bypass, rogue peer, NETCONF, VPN512, SD-WAN threat hunting 1. Executive Summary Cisco Talos reports…
DPRK fake interview lures and recruitment-driven malware deliverydprk, contagious interview, deceptiveDevelopment, beavertail, invisibleferret, fake recruiters, coding challenges, it worker scheme, wagemole, famous chollima, laptop farms, software supply chain 1. Executive…
We originally wanted to cover this locker in 2023 but were unable to acquire samples from the community. This profile reflects the currently available information as a resource as an…
1. Executive Summary On 24 February 2026, SolarWinds released Serv-U 15.5.4 to remediate four critical (CVSS 9.1) vulnerabilities that can enable remote code execution as root/administrator in Serv-U environments where…
Short title: SANDWORM_MODE npm worm (CI secret theft + MCP poisoning)npm supply chain attack, SANDWORM_MODE, typosquatting, GitHub Actions compromise, CI secret exfiltration, MCP server injection, AI coding assistant poisoning, Shai-Hulud,…
Targeted 2024 intrusions against high-profile TeamT5 customers, later surfaced via CISA KEV listing. 1. Executive Summary CVE-2024-7694 is a high-severity arbitrary file upload vulnerability in TeamT5’s ThreatSonar Anti-Ransomware that can…