Executive Summary The emergence of the Reynolds ransomware family marks a significant escalation in adversarial tradecraft, leveraging the Bring Your Own Vulnerable Driver (BYOVD) technique to systematically neutralize Endpoint Detection and Response ( EDR ) security tools. By embedding a vulnerable kernel-mode driver directly within its payload, Reynolds achieves a high degree of stealth and operational efficiency, enabling the ransomware to disable security controls and

Executive Summary The North Korea-linked threat actor UNC1069 has escalated its offensive operations against cryptocurrency organizations by integrating advanced artificial intelligence (AI) lures and multi-stage malware into its attack arsenal. Recent campaigns have demonstrated the use of AI-generated deepfake videos, sophisticated social engineering, and a modular malware framework targeting both Windows and macOS environments. The primary objective of these attacks is th

Executive Summary The Shields Up initiative, spearheaded by the Cybersecurity and Infrastructure Security Agency (CISA) , marks a pivotal shift in how organizations approach cybersecurity. As the threat landscape evolves with the proliferation of generative AI , cloud-native security platforms, and increasingly complex supply chains, both public and private sectors are urged to adopt advanced technologies and best practices. This report explores the technical and practical as

Executive Summary A sophisticated cyber espionage campaign attributed to the China-linked threat group UNC3886 has targeted Singapore’s telecommunications sector, specifically impacting major providers such as M1 , SIMBA Telecom , Singtel , and StarHub . This campaign, which persisted undetected for nearly a year, leveraged multiple zero-day vulnerabilities in Fortinet and VMware products, advanced Linux rootkits, and credential harvesting techniques to gain and maintain a

Executive Summary Exposed MongoDB instances continue to be a prime target for automated data extortion attacks, with threat actors leveraging both misconfiguration and unpatched vulnerabilities to compromise databases at scale. Despite years of industry warnings and repeated high-profile incidents, recent threat intelligence and OSINT confirm that thousands of MongoDB databases remain accessible on the public internet, often lacking authentication or running outdated, vulne

Executive Summary Japan and Britain have announced a significant expansion of their cooperation in the fields of cybersecurity and critical minerals, responding to the growing influence of China and the increasing complexity of global supply chains and cyber threats. This report provides a detailed analysis of the technical, strategic, and operational aspects of this partnership, with a focus on the implications for technology, security, and compliance. The collaboration is d

Executive Summary A critical supply chain attack has been identified targeting the Open VSX Registry , a popular repository for Visual Studio Code (VSCode) extensions. Threat actors leveraged a compromised developer account to inject malicious code into legitimate extensions, distributing the advanced GlassWorm malware. This campaign demonstrates a new level of sophistication in software supply chain attacks, with the malware exhibiting self-propagation, credential theft, an

Executive Summary A critical security incident affecting the Notepad++ text editor was identified between June and December 2025, in which the official update mechanism was hijacked to deliver malware to select users. Attackers compromised the shared hosting infrastructure of the Notepad++ website, enabling them to intercept and redirect update requests from targeted users to malicious servers. This allowed the delivery of trojanized installers that could enumerate system a

Executive Summary On January 27, 2026, NationStates , a multiplayer browser-based government simulation game, experienced a confirmed data breach following the exploitation of a critical vulnerability in its application code. The incident was initiated by a long-standing community member and bug reporter who, while testing a newly reported flaw, exceeded authorized boundaries and achieved remote code execution (RCE) on the production server. This unauthorized access resulted

Executive Summary A newly identified Iran-linked threat actor, designated RedKitten , has launched a highly targeted cyber-espionage campaign against human rights NGOs and activists, particularly those involved in documenting or supporting protests and civil unrest in Iran. This campaign, active since late 2025, leverages advanced social engineering, AI-generated malicious macros, and multi-stage malware to infiltrate organizations, exfiltrate sensitive data, and conduct pers

Executive Summary On December 29 and 30, 2025, coordinated cyberattacks targeted over 30 wind and solar farms, a major combined heat and power ( CHP ) plant, and a manufacturing company in Poland. The attacks, detailed by CERT Polska and corroborated by multiple independent sources, were destructive in nature and aimed to disrupt communications and remote control of distributed energy resources ( DERs ). Attackers exploited exposed FortiGate VPN/firewall devices, reused cre

Executive Summary Mandiant , a leading threat intelligence provider under Google Cloud , has uncovered a sophisticated campaign leveraging ShinyHunters-style vishing attacks to compromise multi-factor authentication (MFA) and breach major SaaS platforms . This campaign, attributed to the financially motivated ShinyHunters group and related clusters ( UNC6661 , UNC6671 , and UNC6240 ), employs advanced social engineering, real-time credential harvesting, and MFA bypass techni

Executive Summary Two critical zero-day vulnerabilities have been discovered and are actively exploited in Ivanti Endpoint Manager Mobile (EPMM) , formerly known as MobileIron Core . These vulnerabilities, tracked as CVE-2023-35078 and CVE-2023-35081 , enable unauthenticated remote code execution (RCE) on affected appliances. Both flaws are being leveraged in the wild by threat actors to gain full control over vulnerable systems, with the potential for lateral movement and d

Executive Summary A sophisticated and large-scale Android malware campaign has been identified leveraging the trusted Hugging Face platform to distribute thousands of polymorphic Android malware variants. This campaign, first reported by Bitdefender and widely covered by security media, exploits the public dataset hosting capabilities of Hugging Face to deliver malicious APK payloads. The primary malware, masquerading as a fake security application named TrustBastion , is

Executive Summary A sophisticated supply chain attack has recently compromised the integrity of eScan Antivirus , a flagship product of MicroWorld Technologies . Threat actors successfully infiltrated a regional update server, leveraging it to distribute a maliciously modified version of the reload.exe component to unsuspecting customers. This attack demonstrates the evolving threat landscape, where even trusted security vendors can become unwitting vectors for advanced malw

Executive Summary A critical vulnerability has been identified in the StealC malware’s web-based control panel, specifically a cross-site scripting (XSS) flaw that allowed security researchers to compromise the infrastructure of threat actors operating the malware. By exploiting this bug, researchers were able to collect system fingerprints, monitor live operator sessions, and exfiltrate session cookies directly from the adversaries’ own management interface. This incident n

Executive Summary A critical vulnerability in Fortinet 's FortiSIEM platform, tracked as CVE-2024-23108 , has been actively exploited in the wild, posing a severe risk to organizations relying on this security information and event management solution. The flaw, an unauthenticated command injection in the phMonitor component, allows remote attackers to execute arbitrary commands as the root user, leading to full system compromise. Public proof-of-concept (PoC) exploit code

Executive Summary GootLoader is a highly adaptive malware loader that has recently advanced its evasion capabilities by distributing malicious payloads within 500–1,000 concatenated ZIP archives. This sophisticated technique is engineered to bypass modern security solutions and significantly hinder manual analysis, representing a critical threat to organizations across multiple sectors. The loader is primarily used as an initial access vector, often facilitating the deployme

Executive Summary A newly disclosed critical vulnerability, WhisperPair (CVE-2025-36911), exposes hundreds of millions of Bluetooth audio accessories to remote hijacking, eavesdropping, and location tracking. The flaw resides in the implementation of the Google Fast Pair protocol across a wide range of devices from leading vendors including Sony , Jabra , JBL , Marshall , Xiaomi , Nothing , OnePlus , Soundcore , Logitech , and Google itself. Attackers can exploit this vuln

Executive Summary A critical zero-day remote code execution (RCE) vulnerability in Cisco 's Secure Email Gateway and Secure Email and Web Manager appliances has been actively exploited by a China-linked advanced persistent threat (APT) group. The vulnerability, tracked as CVE-2024-20353 with a CVSS score of 10.0, allows unauthenticated attackers to execute arbitrary commands as root on affected systems. The exploitation campaign leverages the Spam Quarantine feature, whic