Salesforce “Connected Apps” Supply-Chain Campaign (UNC6040 / UNC6395) — ShinyHunters & Scattered Spider Overlap
1. Executive Summary A widespread data-theft and extortion campaign has targeted organisations’ Salesforce environments by abusing trusted third-party integrations and malicious OAuth “Connected Apps”—rather than exploiting a core Salesforce software…
Notepad++ Update Channel Supply-Chain Compromise (June–December 2025): Targeted Traffic Redirection Delivering Chrysalis / Cobalt Strike
1. Executive Summary Notepad++’s update mechanism (WinGUp) was abused in a targeted supply-chain compromise in 2025, where certain users’ update traffic was selectively redirected to attacker-controlled infrastructure and served trojanised…
Microsoft January 2026 Patch Tuesday — key takeaways
Microsoft’s January 2026 Patch Tuesday security release shipped fixes for 114 vulnerabilities, including three zero-days (one actively exploited) and eight Critical issues. The bulk of the fixes land in Windows,…
SolarWinds Orion Supply-Chain Compromise (SUNBURST / “Solorigate”)
1. Executive Summary The SolarWinds breach (often tracked as SUNBURST by Mandiant/FireEye and Solorigate by Microsoft) was a landmark software supply-chain compromise in which adversaries trojanised signed SolarWinds Orion software…
Oracle E-Business Suite (EBS) Targeted in Coordinated Intrusion Campaign
ERP Systems Remain a High-Value Objective for Financially Motivated and Ransomware Operators Executive Summary In November 2025, multiple enterprise breach investigations identified Oracle E-Business Suite (EBS) as a deliberate and…
IDE Supply Chain Blind Spot: High-Impact Flaws in Popular VS Code Extensions Enable Local File Theft and Remote Code Execution
1. Executive Summary Security researchers have disclosed high-to-critical vulnerabilities across several widely used Visual Studio Code (VS Code) extensions—reported to total 128M+ installs—that could enable local file exfiltration and, in…
Cl0p Exploits Oracle E-Business Suite Zero-Day (CVE-2025-61882): What Defenders Need to Know
1. Executive Summary In October 2025, multiple threat intelligence and government sources reported active exploitation of a critical, unauthenticated remote code execution vulnerability in Oracle E-Business Suite (EBS), tracked as…
Microsoft-Observed Zero-Day Exploitation of Paragon BioNTdrv.sys (Partition/Hard Disk Manager) Driver Vulnerabilities for SYSTEM Privilege Escalation
Executive Summary Microsoft and CERT/CC have disclosed five vulnerabilities in Paragon Software’s BioNTdrv.sys kernel-mode driver used across the Hard Disk Manager / Partition Manager product line, enabling local attackers to…
Coordinated Cyber-Attack on London Borough Councils (RBKC, Westminster, H&F) — Incident Brief
1. Executive Summary On Monday 24 November 2025, multiple London borough councils—most prominently the Royal Borough of Kensington & Chelsea (RBKC), Westminster City Council, and the London Borough of Hammersmith…
Jaguar Land Rover (JLR) Cyber Incident
1. Executive Summary In late August 2025, Jaguar Land Rover (JLR) suffered a major cyber incident that triggered a precautionary shutdown of internal IT systems and a prolonged disruption to…