Executive Summary In October 2025, Microsoft executed a significant disruption of a sophisticated ransomware campaign that exploited the trust model of code-signing by abusing over 200 Azure and third-party certificates. The campaign, orchestrated by the threat group Vanilla Tempest (also tracked as VICE SPIDER and Vice Society ), leveraged fraudulent certificates to sign malicious installers masquerading as legitimate Microsoft Teams applications. These installers deliv

Executive Summary Envoy Air, a regional airline and subsidiary of American Airlines , has confirmed a data breach resulting from the exploitation of a critical zero-day vulnerability in the Oracle E-Business Suite (EBS) application. The attack, attributed to the Clop ransomware gang, led to the compromise of a limited amount of business information and commercial contact details. No sensitive or customer data was affected, and there was no impact on flight or airport ground

Executive Summary A critical vulnerability in WatchGuard 's Fireware OS —tracked as CVE-2025-9242 and assigned a CVSS score of 9.3—has been uncovered by security researchers, enabling unauthenticated remote attackers to execute arbitrary code and potentially take full control of affected devices. The flaw resides in the IKEv2 VPN implementation and is particularly dangerous due to its pre-authentication attack vector, meaning attackers do not require valid credentials to exp

Executive Summary On October 10, 2025, European law enforcement agencies, coordinated by Europol , dismantled a sophisticated SIM box operation known as SIMCARTEL . This criminal network provided cybercriminals with access to over 40,000 phone numbers from more than 80 countries, enabling the creation of approximately 49 million fraudulent online accounts and facilitating at least 3,200 confirmed fraud cases. The operation resulted in seven arrests, the seizure of 1,200 SIM b

Executive Summary North Korean advanced persistent threat (APT) groups have significantly escalated their offensive cyber capabilities by merging the functionalities of BeaverTail and OtterCookie into a highly modular, advanced JavaScript malware suite. This new threat, observed in the "Contagious Interview" campaign, leverages sophisticated social engineering, supply chain attacks via malicious npm packages, and innovative command-and-control (C2) techniques utilizing blo

Executive Summary A newly discovered .NET-based backdoor, known as CAPI Backdoor , is actively targeting Russian automobile and e-commerce organizations through a sophisticated phishing campaign. The attack leverages ZIP archives delivered via email, containing a malicious Windows shortcut (LNK) and a decoy Russian-language document. Upon execution, the LNK file deploys a .NET stealer and backdoor, enabling credential theft, system reconnaissance, and persistent remote access

Executive Summary A critical exploitation vector has emerged targeting Zendesk customer service platforms, wherein threat actors leverage lax authentication configurations to orchestrate large-scale “email bomb” attacks. By exploiting the default or permissive settings that allow anonymous ticket creation and unverified email addresses, adversaries can automate the submission of thousands of support tickets using a victim’s email address. This results in the victim’s inbox b

Executive Summary In October 2025, Microsoft took decisive action to revoke over 200 fraudulent code-signing certificates that had been systematically abused in a sophisticated campaign orchestrated by the threat actor known as Vanilla Tempest (also tracked as Vice Society , VICE SPIDER , and Storm-0832 ). These certificates were used to sign malicious binaries, most notably trojanized installers for Microsoft Teams , which were then distributed via search engine optimizati

Executive Summary The advanced persistent threat group known as Silver Fox has significantly escalated its cyber-espionage operations by expanding the deployment of the Winos 4.0 malware platform and the HoldingHands RAT to new geographies, specifically targeting organizations in Japan and Malaysia. Previously focused on China and Taiwan, Silver Fox now leverages highly sophisticated phishing campaigns, SEO poisoning, and advanced persistence and evasion techniques to com

Executive Summary Publication Date: 2025 The threat landscape in South Asia has been significantly altered by the emergence and evolution of Mysterious Elephant (also known as APT-K-47 ), an advanced persistent threat group first detailed by Kaspersky in 2023. This group has rapidly moved beyond the use of recycled malware, developing custom, modular toolsets and advanced attack chains that primarily target government and diplomatic entities in Pakistan, Bangladesh, and Tur

Executive Summary Between January and May 2025, the Chinese advanced persistent threat (APT) group Jewelbug (also known as REF7707 , CL-STA-0049 , and Earth Alux ) infiltrated the network of a Russian IT service provider. The attackers maintained undetected access for approximately five months, targeting the organization’s code repositories and software build systems. This access created the potential for a software supply chain attack against the provider’s customers. Data

Executive Summary A newly disclosed critical vulnerability in SAP NetWeaver AS Java (CVE-2025-42944, CVSS 10.0) enables unauthenticated attackers to execute arbitrary operating system commands and potentially seize full control of affected servers—without requiring any login credentials. The flaw, which resides in the RMI-P4 module due to insecure deserialization, is already the subject of active discussion in the global security community. Public exploit code is available,

Executive Summary A new, highly targeted phishing campaign is exploiting the trusted reputations of LastPass and Bitwarden by distributing fraudulent breach alert emails to their user bases. These emails, crafted to appear as urgent security notifications, direct recipients to download a purportedly "secure" desktop application. In reality, the download is a legitimate but abused remote monitoring and management (RMM) tool, specifically the Syncro MSP Agent , which is then

Executive Summary Harvard University has confirmed a data breach resulting from the exploitation of a zero-day vulnerability, CVE-2025-61882 , in the Oracle E-Business Suite (EBS) . The attack, attributed to the Cl0p ransomware group , led to the exfiltration and subsequent leak of approximately 1.3 terabytes of data. The breach was limited to a small administrative unit within the university, with no evidence of compromise to other systems. The incident is part of a broader

Executive Summary The U.S. Cybersecurity and Infrastructure Security Agency ( CISA ) has issued an urgent advisory regarding a critical vulnerability in Adobe Experience Manager (AEM) Forms . This flaw, cataloged as CVE-2024-20767 and assigned a perfect CVSS score of 10.0, enables unauthenticated remote code execution (RCE) on affected systems. The vulnerability is actively being exploited in the wild, with public proof-of-concept (PoC) code available and multiple threat int

Executive Summary On October 15, 2025, F5 publicly disclosed a significant cybersecurity breach involving a nation-state actor who gained persistent access to its internal development and engineering knowledge management systems. The breach, first detected on August 9, 2025, resulted in the exfiltration of files containing portions of BIG-IP source code, information on undisclosed vulnerabilities, and configuration or implementation data for a limited number of customers. I

Executive Summary Publication Date: October 2025 Researchers have recently exposed the capabilities and attack chain of the cybercriminal group TA585 and its use of the advanced malware suite MonsterV2 . This report provides a comprehensive analysis of the technical innovations, operational risks, and security implications associated with MonsterV2 and the unique tactics employed by TA585 . The findings highlight the growing sophistication of cybercrime operations and under

Executive Summary A critical new vulnerability, designated Pixnapping (CVE-2025-48561), has been identified in the Android ecosystem, enabling malicious applications to surreptitiously capture sensitive on-screen data such as two-factor authentication (2FA) codes, private messages, and financial information. This attack leverages a sophisticated combination of Android OS features and a GPU hardware side channel, effectively bypassing the traditional sandboxing and permission

Executive Summary A sophisticated cyber-espionage campaign orchestrated by the Chinese state-sponsored threat actor Flax Typhoon (also known as Ethereal Panda ) has been uncovered, targeting organizations globally by transforming legitimate ArcGIS geo-mapping servers into persistent backdoors. By leveraging trusted Java Server Object Extensions (SOEs) and deploying a covert web shell, Flax Typhoon achieved long-term, stealthy access to critical infrastructure and governmen

Executive Summary A new wave of malicious activity has been detected targeting the developer ecosystem through the distribution of crypto-stealing and data-exfiltrating extensions on the OpenVSX registry, a popular open-source alternative to the official Visual Studio Code (VSCode) Marketplace . These extensions, often masquerading as legitimate tools for languages such as Solidity and C++ , are engineered to steal cryptocurrency, exfiltrate sensitive source code, and estab