Executive Summary On December 3, 2025, Leroy Merlin , a leading French home improvement and gardening retailer, disclosed a data breach affecting its customers in France. The breach resulted in the exposure of personal information, including full names, phone numbers, email addresses, postal addresses, dates of birth, and loyalty program-related data. No financial information or account passwords were compromised. The company responded by blocking unauthorized access, notifyi

Executive Summary A critical vulnerability, codenamed React2shell , has been identified in React Server Components (RSC) and Next.js , tracked as CVE-2025-55182 for React and CVE-2025-66478 for Next.js. This flaw enables unauthenticated remote code execution (RCE) on affected servers, allowing attackers to execute arbitrary code without any authentication or prior access. The vulnerability is rated with a maximum CVSS score of 10.0, reflecting its severity and the ease wit

Executive Summary The ShadyPanda threat actor has orchestrated one of the most significant browser-based supply chain attacks in recent years, weaponizing millions of browsers through malicious extensions on both Google Chrome and Microsoft Edge . This campaign, active since at least 2018, has resulted in the compromise of over 4.3 million users worldwide. By leveraging the trust associated with “verified” and “featured” browser extensions, ShadyPanda was able to deliver

Executive Summary A highly sophisticated supply chain attack has been uncovered targeting the Web3 development ecosystem through the deployment of a malicious Rust crate, evm-units , on the official crates.io repository. This crate, along with a secondary package, uniswap-utils , was designed to masquerade as a legitimate Ethereum Virtual Machine (EVM) utility, enticing unsuspecting developers to incorporate it into their projects. Once integrated, the crate delivered OS-spe

Executive Summary Marquis Software Solutions, a Texas-based provider of data analytics, compliance, and marketing services to the financial sector, experienced a significant data breach following a ransomware attack on August 14, 2025. The incident, attributed to exploitation of a vulnerability in the SonicWall firewall, resulted in unauthorized access to sensitive personal information belonging to customers of over 74 US banks and credit unions. More than 400,000 individual

Executive Summary A critical security vulnerability, CVE-2025-55182 , has been identified in React Server Components (RSC), a core technology underpinning modern web frameworks such as Next.js , React Router , Waku , Parcel RSC plugin , and Vite RSC plugin . This vulnerability, rated CVSS 10.0 (Critical), enables unauthenticated remote code execution (RCE) on affected servers by exploiting unsafe deserialization in the RSC protocol. The flaw allows attackers to execute arbit

Executive Summary The emergence of the Albiriox Malware-as-a-Service ( MaaS ) platform marks a significant escalation in the threat landscape for mobile banking, fintech, and cryptocurrency applications. First observed in September 2025, Albiriox is a rapidly evolving Android malware family engineered for On-Device Fraud ( ODF ), enabling attackers to take full control of infected devices, perform real-time fraudulent transactions, and harvest credentials from over 400 targ

Executive Summary The U.S. Cybersecurity and Infrastructure Security Agency ( CISA ) has issued a critical advisory regarding a newly exploited vulnerability in ScadaBR , an open-source Supervisory Control and Data Acquisition (SCADA) platform widely used in industrial control systems (ICS) and operational technology (OT) environments. The vulnerability, tracked as CVE-2021-26829 , is a stored cross-site scripting (XSS) flaw that allows authenticated attackers to inject arbit

Executive Summary This advisory report provides a comprehensive technical analysis of recent high-severity vulnerabilities patched by Ivanti and Zoom . The vulnerabilities affect Ivanti Endpoint Manager and the Zoom Workplace VDI Client for Windows , both of which are widely deployed in enterprise environments. The most critical issues allow authenticated local attackers to escalate privileges, write arbitrary files, and potentially compromise entire systems. While there is

Executive Summary Recent media reports claimed a massive data breach affecting millions of Gmail accounts, suggesting a direct compromise of Google infrastructure. However, after thorough analysis of official statements, technical evidence, and independent news coverage, there is no substantiated evidence of a direct breach of Gmail or Google systems. The data in question originated from infostealer malware logs and credential stuffing lists, which aggregate credentials s

Executive Summary A highly sophisticated cyber-espionage campaign has been identified leveraging a previously unknown zero-day vulnerability in Google Chrome (CVE-2025-2783) to deliver advanced spyware attributed to Memento Labs (formerly known as Hacking Team ). This operation, tracked as Operation ForumTroll , has primarily targeted organizations in Russia and Belarus, including media, academic, governmental, and financial sectors. The attack chain utilizes spear-phishing

Executive Summary A critical security vulnerability, TARmageddon (CVE-2025-62518, CVSS 8.1), has been identified in the widely used Rust library async-tar and its derivatives, most notably the now-abandoned tokio-tar . This flaw enables attackers to "smuggle" additional archive entries during TAR extraction, resulting in file overwrites and the potential for remote code execution (RCE). The vulnerability has a broad impact, affecting major projects such as uv (Astral's Pyt

Executive Summary A newly uncovered cyber-espionage campaign has been attributed to the Italian spyware vendor Memento Labs (formerly known as Hacking Team and InTheCyber Group ), leveraging a critical Google Chrome zero-day vulnerability, CVE-2025-2783 , to deliver advanced surveillance malware. This campaign, tracked as Operation ForumTroll , has been active since at least February 2024 and is characterized by highly targeted spear-phishing attacks against organizations i

Executive Summary The SideWinder advanced persistent threat (APT) group has recently demonstrated a significant evolution in its cyber-espionage operations, targeting South Asian diplomatic and governmental entities with a novel attack chain leveraging the ClickOnce deployment technology. This campaign, active throughout 2024 and into 2025, marks a departure from SideWinder’s traditional reliance on Microsoft Office exploits, instead utilizing malicious PDF lures that dire

Executive Summary The “Jingle Thief” campaign represents a highly sophisticated, financially motivated cybercrime operation that leverages cloud-native attack vectors to compromise enterprise environments, specifically targeting global retail and consumer services organizations with significant gift card operations. Attributed to Morocco-based threat actors tracked as CL-CRI-1032 (overlapping with Atlas Lion and STORM-0539 ), this campaign exploits weaknesses in Microsoft

Executive Summary A critical vulnerability has been identified in LANSCOPE Endpoint Manager by Motex , tracked as CVE-2025-61932 , which is currently being exploited in active cyberattacks. The U.S. Cybersecurity and Infrastructure Security Agency ( CISA ) has confirmed ongoing exploitation and added this flaw to its Known Exploited Vulnerabilities (KEV) catalog, underscoring the urgent need for immediate remediation. This vulnerability enables unauthenticated remote code ex

Executive Summary The "Too Many Secrets: Attackers Pounce on Sensitive Data Sprawl" incident, as analyzed by Huntress , provides an unprecedented, evidence-based view into the operational methods of a sophisticated threat actor. The incident began when a threat actor inadvertently installed the Huntress agent on their own operational machine after discovering the product via a Google advertisement while researching other security solutions, including Bitdefender . This mista

Executive Summary A critical zero-day vulnerability in Lanscope Endpoint Manager (CVE-2025-61932) is being actively exploited in the wild, posing a severe risk to organizations utilizing this endpoint management solution. The flaw, which affects all on-premises deployments of Lanscope Endpoint Manager version 9.4.7.1 and earlier, enables unauthenticated remote code execution (RCE) due to improper verification of the source of incoming network requests. Public proof-of-conce

Executive Summary A sophisticated Iranian state-sponsored threat actor, widely tracked as MuddyWater (also known as Static Kitten , Mercury , and Seedworm ), has orchestrated a large-scale cyber-espionage campaign targeting over 100 government organizations across the Middle East, North Africa, and select international regions. The campaign, active since at least August 2025, leverages highly targeted phishing emails to deliver the latest iteration of the Phoenix backdoor (

Executive Summary A critical remote code execution (RCE) vulnerability, known as TARmageddon (CVE-2025-62518), has been identified in the widely used Rust async-tar library and its derivatives, most notably tokio-tar . This flaw enables attackers to inject additional files during TAR archive extraction, leading to file overwrites, supply chain attacks, and the circumvention of security controls. With a CVSS score of 8.1 (High), the vulnerability poses a significant risk to