Executive Summary The Canadian Centre for Cyber Security has confirmed that multiple critical infrastructure facilities in Canada, including a water treatment plant, an oil and gas company, and an agricultural operation, were targeted by hacktivists who successfully tampered with Industrial Control Systems ( ICS ). These incidents resulted in operational disruptions such as degraded water service, false alarms in oil storage systems, and unsafe environmental conditions in agr

Executive Summary Russian ransomware gangs have recently escalated their operational sophistication by weaponizing the open-source AdaptixC2 command-and-control (C2) framework. Originally developed for legitimate red teaming and adversarial simulation, AdaptixC2 is now being actively abused to orchestrate advanced ransomware campaigns, facilitate initial access, maintain persistence, and deploy secondary payloads such as CountLoader . This development marks a significant ev

Executive Summary A newly disclosed vulnerability, designated as Brash , has emerged as a critical threat to all Chromium-based browsers . This exploit leverages a flaw in the Blink rendering engine ’s handling of the document.title API, enabling a remote attacker to crash the browser instantly with a single malicious URL. The exploit is trivial to weaponize, requires no user interaction beyond visiting a crafted web page, and is already being observed in the wild. Public pr

Executive Summary A highly sophisticated supply chain attack, designated as PhantomRaven , has been uncovered within the npm ecosystem, representing a significant escalation in the threat landscape for software development organizations and open-source contributors. This campaign involves at least 126 malicious npm packages that have been collectively downloaded over 86,000 times . The primary objective of PhantomRaven is the exfiltration of GitHub tokens , CI/CD secrets ,

Executive Summary The cyber threat landscape has entered a new era of sophistication and scale, as evidenced by four critical developments: the BIND 9 DNS poisoning flaw (CVE-2025-40778) , the unprecedented JavaScript NPM supply-chain heist , the emergence of Rust-based malware such as EDDIESTEALER , and a surge in new Remote Access Trojans (RATs) leveraging modern programming languages and cross-platform capabilities. These threats collectively target the foundational layer

Executive Summary Date: October 30, 2025 A highly sophisticated phishing campaign is currently targeting finance executives through LinkedIn direct messages, leveraging fake board invitations as a lure. The attackers impersonate reputable investment funds and asset management branches, enticing high-value targets such as CFOs, VPs, and directors to engage with malicious links. The primary objective is to harvest Microsoft credentials and session cookies using advanced...

Executive Summary Between October 21, 2024, and January 13, 2025, Conduent Business Solutions LLC experienced a significant data breach that resulted in unauthorized access to sensitive information belonging to over 10.5 million individuals. The breach was first discovered in January 2025 following service disruptions reported by state agencies, including the Wisconsin Child Support Trust Fund. Subsequent forensic investigations traced the initial intrusion to October 2024.

Executive Summary This advisory report presents a comprehensive technical analysis of the critical vulnerability discovered in SonicWall...

1. Executive Summary Recent security bulletins have drawn attention to a critical zero-day vulnerability affecting FreePBX servers, which...

Executive Summary Publication Date: October 03, 2025. The incident involving the breach of Zscaler and Palo Alto Networks via the...

Executive Summary Publication Date: August 21, 2025. On August 21, 2025, Cloudflare confirmed that it had experienced a supply chain...

Executive Summary Recent research conducted by our Rescana Cyber Security Research Team has revealed that the sophisticated MystRodX ...

Executive Summary In September 2025, the Cybersecurity and Infrastructure Security Agency (CISA) expanded its Known Exploited...

Executive Summary Publication Date: September 03, 2025 This advisory report addresses the recent expansion of the malware arsenal by the...

Executive Summary Publication Date: August 28, 2025 The cybersecurity landscape encounters an ever-evolving threat environment as threat...

Executive Summary This advisory report delves into the recent security incident titled Google: Salesforce Attacks Stemmed From...

Executive Summary Publication Date: August 28, 2025 The recent research detailed by Wiz on the S1ngularity supply chain attack reveals a...

Executive Summary Publication Date: August 21, 2025 In recent developments that have significant implications for geopolitical...

Executive Summary The advisory report details the critical vulnerability CVE-2025-43300 , a zero-day exploit affecting Apple products...

Executive Summary Publication Date: August 17, 2025 In a decisive legal and forensic maneuver, U.S. authorities have successfully seized...