Executive Summary In mid-October 2025, a sophisticated phishing campaign targeting users of the LastPass password manager was identified and publicly disclosed by multiple security sources. The campaign, attributed to the financially motivated threat group CryptoChameleon (UNC5356), exploits the LastPass inheritance (emergency access) feature by sending fraudulent emails that claim a family member has requested access to the recipient’s password vault due to a supposed dea

Executive Summary Between September and October 2025, the United States government experienced a significant surge in cyberattacks, with multiple sources referencing an 85% increase in incidents targeting federal agencies and critical infrastructure during the government shutdown. This escalation coincided with the expiration of the Cybersecurity Information Sharing Act of 2015 on September 30, 2025, and the onset of a government shutdown on October 1, 2025, which resulted in

Rescana Cyber Threat Intelligence Executive Summary A sophisticated and large-scale malware distribution campaign, identified as the YouTube Ghost Network , has been exposed by Check Point Research. This operation weaponized over 3,000 YouTube videos, leveraging both fake and compromised accounts to disseminate a range of infostealer malware families. The campaign exploited YouTube’s inherent trust signals—such as high view counts, likes, and positive comments—to lure unsuspe

Executive Summary The latest campaign attributed to APT36 (also known as Transparent Tribe , Mythic Leopard , and EarthKarkaddan ) demonstrates a significant escalation in the group’s technical sophistication and operational focus. Leveraging a custom Golang-based DeskRAT malware, the threat actor has targeted Indian government and defense entities, specifically those operating Linux-based infrastructure. The infection vector is a highly convincing spearphishing email conta

Executive Summary The “Jingle Thief” campaign represents a highly sophisticated, financially motivated cybercrime operation that leverages cloud-native attack vectors to compromise enterprise environments, specifically targeting global retail and consumer services organizations with significant gift card operations. Attributed to Morocco-based threat actors tracked as CL-CRI-1032 (overlapping with Atlas Lion and STORM-0539 ), this campaign exploits weaknesses in Microsoft

Executive Summary A critical vulnerability has been identified in LANSCOPE Endpoint Manager by Motex , tracked as CVE-2025-61932 , which is currently being exploited in active cyberattacks. The U.S. Cybersecurity and Infrastructure Security Agency ( CISA ) has confirmed ongoing exploitation and added this flaw to its Known Exploited Vulnerabilities (KEV) catalog, underscoring the urgent need for immediate remediation. This vulnerability enables unauthenticated remote code ex

Executive Summary The "Too Many Secrets: Attackers Pounce on Sensitive Data Sprawl" incident, as analyzed by Huntress , provides an unprecedented, evidence-based view into the operational methods of a sophisticated threat actor. The incident began when a threat actor inadvertently installed the Huntress agent on their own operational machine after discovering the product via a Google advertisement while researching other security solutions, including Bitdefender . This mista

Executive Summary A critical zero-day vulnerability in Lanscope Endpoint Manager (CVE-2025-61932) is being actively exploited in the wild, posing a severe risk to organizations utilizing this endpoint management solution. The flaw, which affects all on-premises deployments of Lanscope Endpoint Manager version 9.4.7.1 and earlier, enables unauthenticated remote code execution (RCE) due to improper verification of the source of incoming network requests. Public proof-of-conce

Executive Summary A sophisticated Iranian state-sponsored threat actor, widely tracked as MuddyWater (also known as Static Kitten , Mercury , and Seedworm ), has orchestrated a large-scale cyber-espionage campaign targeting over 100 government organizations across the Middle East, North Africa, and select international regions. The campaign, active since at least August 2025, leverages highly targeted phishing emails to deliver the latest iteration of the Phoenix backdoor (

Executive Summary A critical remote code execution (RCE) vulnerability, known as TARmageddon (CVE-2025-62518), has been identified in the widely used Rust async-tar library and its derivatives, most notably tokio-tar . This flaw enables attackers to inject additional files during TAR archive extraction, leading to file overwrites, supply chain attacks, and the circumvention of security controls. With a CVSS score of 8.1 (High), the vulnerability poses a significant risk to

Executive Summary On October 16, 2025, the Financial Transactions and Reports Analysis Centre of Canada ( FINTRAC ) levied a record-breaking administrative monetary penalty of $176,960,190 against Xeltox Enterprises Ltd. , operating as Cryptomus , for 2,593 violations of Canada’s Proceeds of Crime (Money Laundering) and Terrorist Financing Act. Cryptomus , a digital payments platform, was found to have systematically enabled and facilitated cybercrime by supporting dozens of

Executive Summary The Middle East and Africa (MENA) regions are experiencing a significant escalation in cyberattacks targeting government entities, financial institutions, and small retailers. Threat actors, including both advanced persistent threat (APT) groups and hacktivist collectives, are leveraging sophisticated malware, ransomware-as-a-service (RaaS) platforms, and distributed denial-of-service (DDoS) campaigns. These attacks exploit both zero-day and well-known vulne

Executive Summary Over the course of a single night, more than 250 e-commerce sites running Magento and Adobe Commerce were compromised by threat actors exploiting a newly disclosed critical vulnerability, CVE-2025-54236 (dubbed " SessionReaper "). This flaw, which resides in the Adobe Commerce REST API , enables unauthenticated remote code execution and account takeover. Despite the release of a security patch by Adobe over six weeks ago, a significant portion of the glo

Executive Summary A critical vulnerability, designated as SessionReaper (CVE-2024-34102), has been identified in Adobe Magento (also known as Adobe Commerce ), a leading e-commerce platform. This flaw enables unauthenticated remote attackers to hijack active user sessions and, in many cases, achieve full account takeover or remote code execution (RCE) on vulnerable servers. Since the public disclosure and release of proof-of-concept (POC) exploit code, threat actors have ra

Executive Summary A critical supply chain attack has recently targeted the .NET development community through the NuGet package ecosystem. Malicious actors published a counterfeit version of the widely used Nethereum library, leveraging a homoglyph attack by substituting the Latin "e" with a visually identical Cyrillic "е" (Unicode U+0435) in the package name, resulting in Netherеum.All . This subtle manipulation enabled the attackers to deceive developers into integrating

Executive Summary Between 2022 and 2024, the Chinese Ministry of State Security publicly accused the US National Security Agency (NSA) of conducting a series of cyberattacks against China’s National Time Service Center . According to official statements released on October 19-20, 2025, the attacks allegedly began with the exploitation of vulnerabilities in the messaging service of a foreign mobile phone brand used by staff at the center, resulting in the theft of sensitive i

Executive Summary On October 19 and 20, 2025, the Chinese Ministry of State Security ( MSS ) publicly accused the U.S. National Security Agency ( NSA ) of conducting a sophisticated, multi-stage cyberattack against the National Time Service Center ( NTSC ) in Xi’an, China. The NTSC is responsible for generating, maintaining, and distributing the national standard of time, known as Beijing Time , which underpins critical sectors including communications, finance, power, transp

Executive Summary A critical vulnerability, CVE-2025-54957 , has been identified in the Dolby DDPlus Unified Decoder that enables zero-click remote code execution (RCE) attacks, with the most severe impact observed on Android devices. This flaw, discovered by Google Project Zero , can be exploited by sending a specially crafted audio file through messaging applications that support RCS (Rich Communication Services) . The vulnerability is present in the Dolby decoder librar

Executive Summary The proliferation of TikTok as a global social media platform has introduced a new and highly effective vector for cybercriminals to distribute information-stealing malware, commonly referred to as infostealers. Recent intelligence has identified a surge in the use of the so-called ClickFix attack technique, wherein threat actors publish short, engaging TikTok videos that purport to offer free activation or cracked versions of popular software such as Wind

Executive Summary ConnectWise has issued urgent security updates for its Automate remote monitoring and management (RMM) platform, remediating two critical vulnerabilities— CVE-2025-11492 and CVE-2025-11493 —that enable adversary-in-the-middle (AiTM) update attacks. These flaws allow attackers to intercept, manipulate, and inject malicious updates into agent communications, potentially resulting in full compromise of managed endpoints. The vulnerabilities are especially da