ShadowV2
CVE-2025-59287 Critical Windows Server Update Services UNSAFE DESERIALIZATION A critical vulnerability in Windows Server Update Services (WSUS) stems from unsafe deserialization of untrusted data over the network, allowing remote attackers to execute arbitrary code on WSUS servers without authentication. Mitigation: Immediately apply Microsoft's security update, restrict WSUS exposure
SVG Smuggling
TRENDING TOPICS JULY 16, 2025 SVG Smuggling Emerges as a Stealthy Tactic in Phishing Campaigns A newly observed phishing campaign is abusing SVG (Scalable Vector Graphics) files to execute browser-native redirects, allowing attackers to bypass traditional email security and malware detection systems. While SVGs are widely used and typically considered
China-Linked APT
TRENDING TOPICS MAY 14, 2025 Update: China-Nexus APTs Exploit SAP Zero-Day to Breach Critical Infrastructure Worldwide EclecticIQ and other security researchers have exposed a coordinated cyber-espionage campaign led by multiple China-linked APTs targeting critical infrastructure across the US, UK, and Saudi Arabia. The attackers exploited a previously unknown vulnerability in
Microsoft
TRENDING TOPICS MAY 12, 2025 Microsoft Copilot in SharePoint Exposes Sensitive Data Through AI Agent Exploits PentestPartners Security researchers have discovered multiple vulnerabilities in Microsoft’s Copilot for SharePoint, allowing attackers to access sensitive corporate data, including passwords, API keys, and confidential files. These AI-powered agents, automatically deployed with Microsoft
DKIM
TRENDING TOPICS APR 21, 2025 Sophisticated DKIM Replay Attack Exploits Google Infrastructure to Deliver Phishing Cybersecurity researchers at EasyDMARC recently uncovered an advanced phishing technique that exploits Google’s email infrastructure through a method known as a DKIM replay attack, allowing malicious emails to appear fully authenticated and sent from
Windows
TRENDING TOPICS APR 14, 2025 Microsoft Issues Critical Fixes for Active Directory Policy and Windows Server 2025 Failures Microsoft has issued out-of-band updates to address a widespread issue affecting local audit policy reporting on systems managed by Active Directory Group Policy. Admins noticed that even when logon auditing was functioning
State Sponsored
This is a detailed cybersecurity threat intelligence report providing an overview of recent cyber threats, including ransomware operations, nation-state activities, emerging attack vectors, and industry-specific targeting patterns.
Phishing
TRENDING TOPICS MAR 31, 2025 Attackers Weaponizing SVG Files for Phishing and Malware Delivery Threat actors have shifted toward using SVG files to distribute phishing malware, taking advantage of the format's ability to embed scripts while remaining visually harmless. These XML-based vector image files can contain JavaScript and