Qilin Ransomware Attack on Lee Enterprises: Operational Disruption at a Major US Newspaper Publisher
1. Executive Summary In February 2025, Lee Enterprises disclosed a material cybersecurity incident that disrupted distribution, billing, collections, and vendor payments across its newspaper portfolio. In a regulatory filing, the…
Microsoft February 2025 Patch Tuesday: 55 CVEs Fixed, 4 Zero-Days (2 Exploited In-The-Wild)
1. Executive Summary On 11 February 2025, Microsoft released Patch Tuesday security updates addressing 55 CVEs, including three Critical remote code execution (RCE) vulnerabilities and four zero-days. Two of the…
Finastra Secure File Transfer Platform
1. Executive Summary On 19 November 2024, reporting indicated that financial software provider Finastra was investigating an alleged data breach involving its secure file transfer capability used for transmitting sensitive…
Nation-State Cyberattacks Escalate: Indian Government Systems and Romanian Elections Under Coordinated Digital Siege
Introduction December 2024 marked a sharp escalation in nation-state cyber activity targeting democratic institutions and government infrastructure. Two developments stand out: a sustained rise in cyberattacks against Indian government entities…
Microsoft December Patch Tuesday: 71 Vulnerabilities Patched, Including Actively Exploited CLFS Zero-Day (CVE-2024-49138)
Microsoft has released its December Patch Tuesday security updates, addressing 71 vulnerabilities across its product ecosystem. The release includes 16 Critical-rated flaws and one actively exploited zero-day vulnerability: CVE-2024-49138, affecting…
SRP Federal Credit Union Data Breach: Nitrogen Ransomware Claims Compromise of 240,742 Member Records
The Nitrogen ransomware group has claimed responsibility for a significant data breach affecting SRP Federal Credit Union, resulting in the exposure of sensitive personal and financial information belonging to 240,742…
Change Healthcare Ransomware Attack (UnitedHealth / Optum): ALPHV/BlackCat Disruption and Mass PHI Exposure
Note on timing: Public reporting and official disclosures indicate the intrusion began in February 2024, while October 2024 is significant because Change Healthcare informed HHS OCR that ~100 million individual…
CVE-2024-38094: Microsoft SharePoint Deserialisation RCE — Active Exploitation, Detection Tips, and Mitigation
1. Executive Summary CVE-2024-38094 is a Microsoft SharePoint Server remote code execution (RCE) vulnerability rooted in unsafe deserialisation (CWE-502) and scored 7.2 (High) under CVSS v3.1 by Microsoft. (NVD) It…
Internet Archive Under Fire: 31 Million-Account Breach and Zendesk Token Exposure Amid Sustained DDoS Disruption
1. Executive Summary In October 2024, the Internet Archive (IA) faced a compound cyber incident combining service-disrupting DDoS activity with a major compromise of user authentication data (31 million records)…
GeoVision EOL Devices Under Active Exploitation: CVE-2024-11120 Pre-Auth OS Command Injection Enables Remote Command Execution (CVSS 9.8)
1. Executive Summary CVE-2024-11120 is a critical OS command injection vulnerability affecting certain end-of-life (EOL) GeoVision video server/DVR and licence-plate-recognition device lines, enabling unauthenticated remote attackers to execute arbitrary system…