top of page
.png){kind=logo}
Microsoft Edge IE Mode Exploited as Backdoor: Zero-Day Vulnerability Forces Emergency Restrictions
Executive Summary In recent months, Microsoft has enacted emergency restrictions on the legacy IE Mode feature within the Microsoft Edge browser after threat actors weaponized this compatibility layer as a covert backdoor. Attackers exploited unpatched vulnerabilities in the Chakra JavaScript engine —the core of legacy Internet Explorer —to achieve remote code execution (RCE) and privilege escalation, bypassing modern browser security controls. The exploitation chain was i
Oct 155 min read
Oracle E-Business Suite Zero-Day Exploit Leaked by ShinyHunters: CVE-2025-61884 Analysis and Mitigation Guide
Executive Summary Oracle has recently addressed a critical zero-day vulnerability in Oracle E-Business Suite (EBS) , following the public leak of an exploit by the notorious threat group ShinyHunters . This vulnerability, tracked as CVE-2025-61884 , enables unauthenticated remote attackers to perform Server-Side Request Forgery (SSRF) attacks, potentially leading to unauthorized access to internal resources and, under certain conditions, remote code execution (RCE). The expl
Oct 154 min read
Attackers Season Spam With a Touch of 'Salt' to Bypass Microsoft 365 and Google Workspace Email Security
Executive Summary The "Attackers Season Spam With a Touch of 'Salt'" campaign represents a sophisticated evolution in spam and phishing...
Oct 85 min read
BatShadow Group Exploits Windows Systems with New Go-Based Vampire Bot Malware Targeting Job Seekers and Digital Marketers
Rescana Threat Intelligence Report BatShadow Group Uses New Go-Based 'Vampire Bot' Malware to Hunt Job Seekers Date: October 7, 2025...
Oct 85 min read
Asahi Group Holdings Ransomware Attack 2025: Digital Order System Disrupted, Nationwide Beer Shortage in Japan
Executive Summary On September 29, 2025, Asahi Group Holdings experienced a significant ransomware attack that severely disrupted its...
Oct 86 min read
BK Technologies IT Systems Breach: Employee Data Compromised in Public Safety Communications Cyberattack (2025)
Executive Summary On September 20, 2025, BK Technologies , a provider of communications equipment for public safety and government...
Oct 86 min read
DraftKings Account Breaches: Credential Stuffing Attacks Expose Customer Data and Financial Risks
Executive Summary DraftKings, a leading sports betting and daily fantasy sports provider, has experienced multiple waves of account...
Oct 87 min read
Chinese Cybercrime Group Exploits IIS Servers Worldwide for SEO Fraud and Credential Theft
Executive Summary A coordinated campaign by a Chinese-speaking cybercrime group has compromised Internet Information Services (IIS) ...
Oct 75 min read
Zimbra CVE-2025-27915 Zero-Day Exploited via Malicious ICS Files to Breach Brazilian Military Systems
Executive Summary A highly targeted cyber-espionage campaign has been uncovered leveraging a zero-day vulnerability in Zimbra...
Oct 74 min read
SORVEPOTEL Malware: Comprehensive Analysis of Self-Spreading WhatsApp Threat Targeting Windows Systems
Executive Summary Publication Date: October 2025 Researchers have identified a sophisticated, self-propagating malware campaign named...
Oct 55 min read
Scattered Lapsus$ Hunters Launch Data Leak Site Targeting Salesforce: Massive OAuth Supply Chain Breach Exposes 1 Billion Records
Executive Summary On October 3, 2025, a coalition of threat actors known as Scattered Lapsus$ Hunters —comprising members of the...
Oct 57 min read
Discord Zendesk Data Breach 2025: Support Ticket System Compromised by Scattered Lapsus$ Hunters
Executive Summary On September 20, 2025, Discord disclosed a data breach resulting from the compromise of a third-party customer service...
Oct 56 min read
OpenSSL September 2025 Vulnerabilities: Critical CVEs Enable Private Key Recovery, Code Execution, and DoS
Executive Summary In September 2025, the OpenSSL Project disclosed three critical vulnerabilities— CVE-2025-9230 , CVE-2025-9231 , and...
Oct 15 min read
Taldor Cyber Attack : In-Depth Analysis of Advanced Malware Intrusion in Industrial Systems
Executive Summary On 30 September 2024, Taldor Cyber & Security was the target of a significant cyberattack, as reported by PC.co.il...
Sep 304 min read
China-Linked PlugX and Bookworm Attacks on Huawei U2000 Telecom Systems in ASEAN – In-Depth Cyber Threat Analysis
Executive Summary In recent weeks, intelligence gathered from reputable cybersecurity sources has confirmed a series of advanced malware...
Sep 298 min read
Crash Testing BAS: How Behavioral Analytics Security Validates Real-Time Cyber Defense
Introduction Publication Date: September 26, 2025. In today’s rapidly evolving cybersecurity landscape, the ability to validate security...
Sep 283 min read
Fake Microsoft Teams Installers Delivering Oyster Malware via Malvertising: Comprehensive Threat Analysis for Microsoft Teams
Executive Summary Publication Date: September 26, 2025 In recent weeks, a sophisticated malvertising campaign has been observed...
Sep 287 min read
Comprehensive Cybersecurity Report: Cisco ASA Firewall Zero-Day Exploits Using RayInitiator and LINE VIPER Malware
Executive Summary This advisory report details a sophisticated exploitation campaign targeting Cisco ASA Firewall systems through...
Sep 287 min read
Fortra GoAnywhere Zero-Day CVSS 10 Exploit: In-Depth Analysis and Mitigation Strategies
Executive Summary In this report, Rescana presents an in-depth analysis of the critical zero-day vulnerability known as Fortra GoAnywhere...
Sep 285 min read
New COLDRIVER Malware Campaign Targets Windows Systems: BO Team and Bearlyfy Join Russia-Focused Cyberattacks
Executive Summary In this advisory report, Rescana presents an in-depth analysis of the new malware campaign involving COLDRIVER , BO...
Sep 287 min read
bottom of page