Executive Summary In October 2025, Microsoft executed a significant disruption of a sophisticated ransomware campaign that exploited the trust model of code-signing by abusing over 200 Azure and third-party certificates. The campaign, orchestrated by the threat group Vanilla Tempest (also tracked as VICE SPIDER and Vice Society ), leveraged fraudulent certificates to sign malicious installers masquerading as legitimate Microsoft Teams applications. These installers deliv

Executive Summary Envoy Air, a regional airline and subsidiary of American Airlines , has confirmed a data breach resulting from the exploitation of a critical zero-day vulnerability in the Oracle E-Business Suite (EBS) application. The attack, attributed to the Clop ransomware gang, led to the compromise of a limited amount of business information and commercial contact details. No sensitive or customer data was affected, and there was no impact on flight or airport ground

Executive Summary A critical vulnerability in WatchGuard 's Fireware OS —tracked as CVE-2025-9242 and assigned a CVSS score of 9.3—has been uncovered by security researchers, enabling unauthenticated remote attackers to execute arbitrary code and potentially take full control of affected devices. The flaw resides in the IKEv2 VPN implementation and is particularly dangerous due to its pre-authentication attack vector, meaning attackers do not require valid credentials to exp

Executive Summary On October 10, 2025, European law enforcement agencies, coordinated by Europol , dismantled a sophisticated SIM box operation known as SIMCARTEL . This criminal network provided cybercriminals with access to over 40,000 phone numbers from more than 80 countries, enabling the creation of approximately 49 million fraudulent online accounts and facilitating at least 3,200 confirmed fraud cases. The operation resulted in seven arrests, the seizure of 1,200 SIM b

Executive Summary North Korean advanced persistent threat (APT) groups have significantly escalated their offensive cyber capabilities by merging the functionalities of BeaverTail and OtterCookie into a highly modular, advanced JavaScript malware suite. This new threat, observed in the "Contagious Interview" campaign, leverages sophisticated social engineering, supply chain attacks via malicious npm packages, and innovative command-and-control (C2) techniques utilizing blo

Executive Summary A newly discovered .NET-based backdoor, known as CAPI Backdoor , is actively targeting Russian automobile and e-commerce organizations through a sophisticated phishing campaign. The attack leverages ZIP archives delivered via email, containing a malicious Windows shortcut (LNK) and a decoy Russian-language document. Upon execution, the LNK file deploys a .NET stealer and backdoor, enabling credential theft, system reconnaissance, and persistent remote access

Executive Summary A critical exploitation vector has emerged targeting Zendesk customer service platforms, wherein threat actors leverage lax authentication configurations to orchestrate large-scale “email bomb” attacks. By exploiting the default or permissive settings that allow anonymous ticket creation and unverified email addresses, adversaries can automate the submission of thousands of support tickets using a victim’s email address. This results in the victim’s inbox b

Executive Summary In October 2025, Microsoft took decisive action to revoke over 200 fraudulent code-signing certificates that had been systematically abused in a sophisticated campaign orchestrated by the threat actor known as Vanilla Tempest (also tracked as Vice Society , VICE SPIDER , and Storm-0832 ). These certificates were used to sign malicious binaries, most notably trojanized installers for Microsoft Teams , which were then distributed via search engine optimizati

Executive Summary The advanced persistent threat group known as Silver Fox has significantly escalated its cyber-espionage operations by expanding the deployment of the Winos 4.0 malware platform and the HoldingHands RAT to new geographies, specifically targeting organizations in Japan and Malaysia. Previously focused on China and Taiwan, Silver Fox now leverages highly sophisticated phishing campaigns, SEO poisoning, and advanced persistence and evasion techniques to com

Executive Summary Publication Date: October 2025 Researchers have recently exposed the capabilities and attack chain of the cybercriminal group TA585 and its use of the advanced malware suite MonsterV2 . This report provides a comprehensive analysis of the technical innovations, operational risks, and security implications associated with MonsterV2 and the unique tactics employed by TA585 . The findings highlight the growing sophistication of cybercrime operations and under

Executive Summary A critical new vulnerability, designated Pixnapping (CVE-2025-48561), has been identified in the Android ecosystem, enabling malicious applications to surreptitiously capture sensitive on-screen data such as two-factor authentication (2FA) codes, private messages, and financial information. This attack leverages a sophisticated combination of Android OS features and a GPU hardware side channel, effectively bypassing the traditional sandboxing and permission

Executive Summary A sophisticated cyber-espionage campaign orchestrated by the Chinese state-sponsored threat actor Flax Typhoon (also known as Ethereal Panda ) has been uncovered, targeting organizations globally by transforming legitimate ArcGIS geo-mapping servers into persistent backdoors. By leveraging trusted Java Server Object Extensions (SOEs) and deploying a covert web shell, Flax Typhoon achieved long-term, stealthy access to critical infrastructure and governmen

Executive Summary A new wave of malicious activity has been detected targeting the developer ecosystem through the distribution of crypto-stealing and data-exfiltrating extensions on the OpenVSX registry, a popular open-source alternative to the official Visual Studio Code (VSCode) Marketplace . These extensions, often masquerading as legitimate tools for languages such as Solidity and C++ , are engineered to steal cryptocurrency, exfiltrate sensitive source code, and estab

Executive Summary In recent months, Microsoft has enacted emergency restrictions on the legacy IE Mode feature within the Microsoft Edge browser after threat actors weaponized this compatibility layer as a covert backdoor. Attackers exploited unpatched vulnerabilities in the Chakra JavaScript engine —the core of legacy Internet Explorer —to achieve remote code execution (RCE) and privilege escalation, bypassing modern browser security controls. The exploitation chain was i

Executive Summary Oracle has recently addressed a critical zero-day vulnerability in Oracle E-Business Suite (EBS) , following the public leak of an exploit by the notorious threat group ShinyHunters . This vulnerability, tracked as CVE-2025-61884 , enables unauthenticated remote attackers to perform Server-Side Request Forgery (SSRF) attacks, potentially leading to unauthorized access to internal resources and, under certain conditions, remote code execution (RCE). The expl

Executive Summary A coordinated campaign by a Chinese-speaking cybercrime group has compromised Internet Information Services (IIS) ...

Executive Summary A highly targeted cyber-espionage campaign has been uncovered leveraging a zero-day vulnerability in Zimbra...

Executive Summary In recent weeks, intelligence gathered from reputable cybersecurity sources has confirmed a series of advanced malware...

Introduction Publication Date: September 26, 2025. In today’s rapidly evolving cybersecurity landscape, the ability to validate security...

Executive Summary Publication Date: September 26, 2025 In recent weeks, a sophisticated malvertising campaign has been observed...