ISPsystem
CVE-2026-25049 Critical n8n Workflow Automation COMMAND EXECUTION AUTH REQUIRED Critical vulnerability in the n8n workflow automation platform that allows authenticated users with workflow-editing permissions to trigger unintended system command execution through crafted expressions, potentially compromising the underlying server infrastructure. Mitigation: Update n8n to versions 1.123.17 or 2.5.
LockBit
TRENDING TOPICS FEB 05, 2026 Update: LockBit 5.0 Emerges as Cross-Platform Ransomware Targeting Windows, Linux, and ESXi Environments Kaspersky has identified a new wave of LockBit 5.0 ransomware samples designed to operate across Windows, Linux, and VMware ESXi environments, reflecting a continued shift toward highly scalable, multi-platform ransomware
Spiderman Phishing
TRENDING TOPICS DEC 11, 2025 Spiderman Phishing Toolkit Expands into High-Volume Bank Fraud The Spiderman phishing framework represents a major escalation in phishing-as-a-service activity targeting European financial institutions. It offers an integrated platform that allows criminal operators to generate precise replicas of dozens of bank portals with minimal effort, enabling
SmudgedSerpent
TRENDING TOPICS NOV 05, 2025 SmudgedSerpent Hackers Target U.S. Policy Experts with Iranian-Themed Phishing Lures A newly identified threat cluster dubbed UNK_SmudgedSerpent has launched a series of espionage-driven phishing attacks against U.S.-based academics and foreign policy experts focusing on Iran. According to Proofpoint researchers, the campaign
Storm-0501
TRENDING TOPICS AUG 28, 2025 Update: Storm-0501 Shifts to Cloud-Based Ransomware and Data Extortion Storm-0501, a financially motivated threat actor active since at least 2021, has shifted from traditional on-premises ransomware to a new model centered on cloud-based data theft, encryption, and extortion. Historically tied to Sabbath, Hive, BlackCat, LockBit,
ECScape
CVE-2025-20281 Critical Cisco ISE / ISE-PIC NO AUTHENTICATION REQUIRED A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is due to insufficient validation of user-supplied input. Impact: An attacker
COLDRIVER
TRENDING TOPICS MAY 08, 2025 COLDRIVER Deploys LOSTKEYS Malware in Targeted Espionage Campaign Using ClickFix COLDRIVER, a Russian state-aligned threat group also tracked as Callisto and Star Blizzard, has shifted tactics by deploying a new custom malware called LOSTKEYS. This marks a notable evolution from their typical credential phishing operations
State Sponsored
This is a detailed cybersecurity threat intelligence report providing an overview of recent cyber threats, including ransomware operations, nation-state activities, emerging attack vectors, and industry-specific targeting patterns.
State Sponsored
MONTHLY WRAP MONTHLY WRAP Overview The cybersecurity landscape in February 2025 saw a surge in sophisticated cyber threats, with a continued evolution in attack methodologies, increased exploitation of zero-day vulnerabilities, and a notable escalation in botnet and ransomware activities. State-sponsored actors from Ch