Critical Juniper PTX Junos OS Evolved flaw enables unauthenticated root takeover (CVE-2026-21902)
Incorrect permission assignment exposes an internal anomaly-detection service, enabling remote root code execution on affected PTX routers. PTX • Junos OS Evolved • Router takeover • RCE Metadata Executive Summary…
APT37 “Ruby Jumper” campaign bridges air-gapped networks using USB and a portable Ruby runtime
Zscaler ThreatLabz reports a December 2025 campaign it tracks as Ruby Jumper, attributed with high confidence to APT37 (aka ScarCruft, Ruby Sleet, Velvet Chollima). The infection chain begins with a…
Cyber Threats to the UK Financial System: Banking, Capital Markets, Asset Management and Central Banking (Transatlantic & Geopolitical Drivers, 2024–2026 Incident Case Studies)
Executive Summary UK financial stability and customer outcomes are increasingly shaped by operational cyber risk: attacks (and disruptive technology failures) that impair critical services, amplify fraud losses, and propagate quickly…
WebDAV Delivery via Windows File Explorer: How .URL and .LNK Shortcuts Stage Malware Outside the Browser
Short title: Deep dive on Explorer-native WebDAV abuse for malware deliveryWebDAV, Windows File Explorer, WebClient, TryCloudflare, Cloudflare Tunnel, phishing, .URL, .LNK, search-ms, Mark-of-the-Web, SmartScreen, RAT delivery, detection engineering Executive Summary…
Active exploitation of Cisco Catalyst SD-WAN via UAT-8616 (CVE-2026-20127)
Active exploitation of Cisco Catalyst SD-WAN authentication bypass (CVE-2026-20127)cisco catalyst sd-wan, vsmart, vmanage, CVE-2026-20127, UAT-8616, authentication bypass, rogue peer, NETCONF, VPN512, SD-WAN threat hunting 1. Executive Summary Cisco Talos reports…
DPRK fake interview lures and recruitment-driven access operations summary
DPRK fake interview lures and recruitment-driven malware deliverydprk, contagious interview, deceptiveDevelopment, beavertail, invisibleferret, fake recruiters, coding challenges, it worker scheme, wagemole, famous chollima, laptop farms, software supply chain 1. Executive…
Abyss Locker Ransomware – Updated Profile
We originally wanted to cover this locker in 2023 but were unable to acquire samples from the community. This profile reflects the currently available information as a resource as an…
SolarWinds Serv-U: Privileged RCE flaws patched in 15.5.4
1. Executive Summary On 24 February 2026, SolarWinds released Serv-U 15.5.4 to remediate four critical (CVSS 9.1) vulnerabilities that can enable remote code execution as root/administrator in Serv-U environments where…
SANDWORM_MODE: npm supply-chain worm poisons CI workflows and AI coding assistants
Short title: SANDWORM_MODE npm worm (CI secret theft + MCP poisoning)npm supply chain attack, SANDWORM_MODE, typosquatting, GitHub Actions compromise, CI secret exfiltration, MCP server injection, AI coding assistant poisoning, Shai-Hulud,…
Chinese APT-linked exploitation of TeamT5 ThreatSonar (CVE-2024-7694)
Targeted 2024 intrusions against high-profile TeamT5 customers, later surfaced via CISA KEV listing. 1. Executive Summary CVE-2024-7694 is a high-severity arbitrary file upload vulnerability in TeamT5’s ThreatSonar Anti-Ransomware that can…