Executive Summary The “Jingle Thief” campaign represents a highly sophisticated, financially motivated cybercrime operation that leverages cloud-native attack vectors to compromise enterprise environments, specifically targeting global retail and consumer services organizations with significant gift card operations. Attributed to Morocco-based threat actors tracked as CL-CRI-1032 (overlapping with Atlas Lion and STORM-0539 ), this campaign exploits weaknesses in Microsoft

Executive Summary A critical vulnerability has been identified in LANSCOPE Endpoint Manager by Motex , tracked as CVE-2025-61932 , which is currently being exploited in active cyberattacks. The U.S. Cybersecurity and Infrastructure Security Agency ( CISA ) has confirmed ongoing exploitation and added this flaw to its Known Exploited Vulnerabilities (KEV) catalog, underscoring the urgent need for immediate remediation. This vulnerability enables unauthenticated remote code ex

Executive Summary The "Too Many Secrets: Attackers Pounce on Sensitive Data Sprawl" incident, as analyzed by Huntress , provides an unprecedented, evidence-based view into the operational methods of a sophisticated threat actor. The incident began when a threat actor inadvertently installed the Huntress agent on their own operational machine after discovering the product via a Google advertisement while researching other security solutions, including Bitdefender . This mista

Executive Summary A critical zero-day vulnerability in Lanscope Endpoint Manager (CVE-2025-61932) is being actively exploited in the wild, posing a severe risk to organizations utilizing this endpoint management solution. The flaw, which affects all on-premises deployments of Lanscope Endpoint Manager version 9.4.7.1 and earlier, enables unauthenticated remote code execution (RCE) due to improper verification of the source of incoming network requests. Public proof-of-conce

Executive Summary A sophisticated Iranian state-sponsored threat actor, widely tracked as MuddyWater (also known as Static Kitten , Mercury , and Seedworm ), has orchestrated a large-scale cyber-espionage campaign targeting over 100 government organizations across the Middle East, North Africa, and select international regions. The campaign, active since at least August 2025, leverages highly targeted phishing emails to deliver the latest iteration of the Phoenix backdoor (

Executive Summary A critical remote code execution (RCE) vulnerability, known as TARmageddon (CVE-2025-62518), has been identified in the widely used Rust async-tar library and its derivatives, most notably tokio-tar . This flaw enables attackers to inject additional files during TAR archive extraction, leading to file overwrites, supply chain attacks, and the circumvention of security controls. With a CVSS score of 8.1 (High), the vulnerability poses a significant risk to

Executive Summary On October 16, 2025, the Financial Transactions and Reports Analysis Centre of Canada ( FINTRAC ) levied a record-breaking administrative monetary penalty of $176,960,190 against Xeltox Enterprises Ltd. , operating as Cryptomus , for 2,593 violations of Canada’s Proceeds of Crime (Money Laundering) and Terrorist Financing Act. Cryptomus , a digital payments platform, was found to have systematically enabled and facilitated cybercrime by supporting dozens of

Executive Summary The Middle East and Africa (MENA) regions are experiencing a significant escalation in cyberattacks targeting government entities, financial institutions, and small retailers. Threat actors, including both advanced persistent threat (APT) groups and hacktivist collectives, are leveraging sophisticated malware, ransomware-as-a-service (RaaS) platforms, and distributed denial-of-service (DDoS) campaigns. These attacks exploit both zero-day and well-known vulne

Executive Summary Over the course of a single night, more than 250 e-commerce sites running Magento and Adobe Commerce were compromised by threat actors exploiting a newly disclosed critical vulnerability, CVE-2025-54236 (dubbed " SessionReaper "). This flaw, which resides in the Adobe Commerce REST API , enables unauthenticated remote code execution and account takeover. Despite the release of a security patch by Adobe over six weeks ago, a significant portion of the glo

Executive Summary A critical vulnerability, designated as SessionReaper (CVE-2024-34102), has been identified in Adobe Magento (also known as Adobe Commerce ), a leading e-commerce platform. This flaw enables unauthenticated remote attackers to hijack active user sessions and, in many cases, achieve full account takeover or remote code execution (RCE) on vulnerable servers. Since the public disclosure and release of proof-of-concept (POC) exploit code, threat actors have ra

Executive Summary A critical supply chain attack has recently targeted the .NET development community through the NuGet package ecosystem. Malicious actors published a counterfeit version of the widely used Nethereum library, leveraging a homoglyph attack by substituting the Latin "e" with a visually identical Cyrillic "е" (Unicode U+0435) in the package name, resulting in Netherеum.All . This subtle manipulation enabled the attackers to deceive developers into integrating

Executive Summary Publication Date: 2025 The threat landscape in South Asia has been significantly altered by the emergence and evolution of Mysterious Elephant (also known as APT-K-47 ), an advanced persistent threat group first detailed by Kaspersky in 2023. This group has rapidly moved beyond the use of recycled malware, developing custom, modular toolsets and advanced attack chains that primarily target government and diplomatic entities in Pakistan, Bangladesh, and Tur

Executive Summary Between January and May 2025, the Chinese advanced persistent threat (APT) group Jewelbug (also known as REF7707 , CL-STA-0049 , and Earth Alux ) infiltrated the network of a Russian IT service provider. The attackers maintained undetected access for approximately five months, targeting the organization’s code repositories and software build systems. This access created the potential for a software supply chain attack against the provider’s customers. Data

Executive Summary A newly disclosed critical vulnerability in SAP NetWeaver AS Java (CVE-2025-42944, CVSS 10.0) enables unauthenticated attackers to execute arbitrary operating system commands and potentially seize full control of affected servers—without requiring any login credentials. The flaw, which resides in the RMI-P4 module due to insecure deserialization, is already the subject of active discussion in the global security community. Public exploit code is available,

Executive Summary A new, highly targeted phishing campaign is exploiting the trusted reputations of LastPass and Bitwarden by distributing fraudulent breach alert emails to their user bases. These emails, crafted to appear as urgent security notifications, direct recipients to download a purportedly "secure" desktop application. In reality, the download is a legitimate but abused remote monitoring and management (RMM) tool, specifically the Syncro MSP Agent , which is then

Executive Summary Harvard University has confirmed a data breach resulting from the exploitation of a zero-day vulnerability, CVE-2025-61882 , in the Oracle E-Business Suite (EBS) . The attack, attributed to the Cl0p ransomware group , led to the exfiltration and subsequent leak of approximately 1.3 terabytes of data. The breach was limited to a small administrative unit within the university, with no evidence of compromise to other systems. The incident is part of a broader

Executive Summary The U.S. Cybersecurity and Infrastructure Security Agency ( CISA ) has issued an urgent advisory regarding a critical vulnerability in Adobe Experience Manager (AEM) Forms . This flaw, cataloged as CVE-2024-20767 and assigned a perfect CVSS score of 10.0, enables unauthenticated remote code execution (RCE) on affected systems. The vulnerability is actively being exploited in the wild, with public proof-of-concept (PoC) code available and multiple threat int

Executive Summary In September 2025, the OpenSSL Project disclosed three critical vulnerabilities— CVE-2025-9230 , CVE-2025-9231 , and...

Executive Summary Publication Date: 15 September 2025 On 15 September 2025, a prominent Brazilian healthcare software provider confirmed...

Executive Summary Publication Date: September 16, 2025. On September 16, 2025, FinWise Bank experienced an insider breach affecting...