Credential Discovery and Account Takeover Initial Access Attackers search for exposed AWS access keys and passwords in public code repositories, build environments, or data leaks. Once valid credentials are found, they log in directly to the victim's AWS account, bypassing perimeter defenses. Detection Opportunities Monitor for new API
CVE-2025-43300 High Apple iOS / iPadOS MEMORY CORRUPTION EXPLOITED IN WILD An out-of-bounds write issue in iOS and iPadOS image processing was addressed with improved bounds checking. Processing a malicious image file may result in memory corruption. Apple is aware of reports that this issue may have been exploited in an
CrowdStrike
TRENDING TOPICS OCT 09, 2025 CrowdStrike Patches Falcon Sensor Vulnerabilities on Windows CrowdStrike has released fixes for medium-level vulnerabilities in its Falcon sensor for Windows, identified as CVE-2025-42701 and CVE-2025-42706, that could allow attackers with prior code execution to delete arbitrary files and disrupt system stability. The first flaw, a
Akira March 2023 Model Ransomware-as-a-Service (RaaS) Malware Akira encryptor (Windows/Linux/Hypervisor) Primary Targets Mid-market businesses across manufacturing, construction, technology, and services sectors. Common Tactics Stolen credentials, VPN/SSL appliance exploitation (especially SonicWall), double extortion operations. Background Emerged from Conti-style frameworks, adopting double extortion and affiliate scaling. Uses retro "
Google Gemini
TRENDING TOPICS OCT 08, 2025 Gemini Exposed to ASCII Smuggling Exploit Enabling Hidden Prompt Injection FireTail researchers have discovered that Google’s Gemini AI remains vulnerable to ASCII Smuggling, an exploit that utilizes invisible Unicode control characters to conceal malicious commands within ordinary text. FireTail demonstrated that Gemini fails to
XRayC2
TRENDING TOPICS OCT 07, 2025 XRayC2 Abuses AWS X-Ray for Covert Command-and-Control Operations Researchers have identified a new command-and-control framework known as XRayC2, which exploits Amazon Web Services’ X-Ray tracing service to create hidden communication channels between attackers and compromised systems. Traditionally, threat actors rely on self-hosted servers or malicious
Initial Unauthenticated Reach Stage 1 Operators send crafted HTTP(S) requests that usually require authentication to access restricted endpoints. This stage is used to elicit application behavior, fingerprint server-side logic, expose tokens/cookies, or session metadata, and sometimes to trigger session leakage or predictable error responses that can be used
XWorm
TRENDING TOPICS OCT 06, 2025 Oracle E-Business Suite Zero-Day Exploited in Widespread Cl0p Attacks Oracle has issued an emergency security update addressing a critical vulnerability in its E-Business Suite, tracked as CVE-2025-61882, after evidence showed active exploitation by the Cl0p ransomware group. The flaw, rated 9.8 on the CVSS
UAT-8099
CVE-2025-20333 Critical Cisco ASA / FTD VPN ROOT CODE EXECUTION AUTH REQUIRED A flaw in Cisco ASA and FTD VPN web servers allows authenticated attackers with valid credentials to execute arbitrary code as root by sending crafted HTTPS requests. Exploitation could lead to complete system takeover and persistent access. Mitigation: Update
Microsoft
TRENDING TOPICS OCT 02, 2025 Microsoft Investigates Classic Outlook Bug Blocking Access to Mailboxes Microsoft is currently investigating a major issue affecting the classic Outlook desktop client on Windows, which is preventing users from accessing their email accounts. Identified in late September 2025, this issue affects individuals who encounter repeated
Monthly Wrap
MONTHLY WRAP MONTHLY WRAP Overview September 2025 reinforced a dual-track threat: commercialized crime operations scaled rapidly while state-aligned espionage refined targeted tradecraft. Attackers weaponized trusted ecosystems—search engines, CI/CD pipelines, collaboration platforms, package registries, cloud metadata
FlipSwitch
TRENDING TOPICS OCT 01, 2025 New FlipSwitch Hooking Method Overcomes Linux Kernel Defenses A newly discovered rootkit technique known as FlipSwitch has reintroduced stealthy syscall hooking on Linux systems by targeting the compiled syscall dispatcher in kernel 6.9. Unlike earlier rootkits that modified the sys_call_table, FlipSwitch scans