Latest Intelligence
Companies Warned of Commvault Vulnerability Exploitation
CISA has issued a warning about a widespread campaign exploiting a vulnerability in Commvault software to compromise Azure environments. This situation highlights the critical need for companies to address security vulnerabilities to protect their cloud infrastructures.
SafeLine WAF: Open Source Web Application Firewall with Zero-Day Detection and Bot Protection
SafeLine is an open-source Web Application Firewall (WAF) that provides protection against zero-day exploits and bot attacks, addressing the increasing demand for effective web application security solutions. With over 16.4K stars on GitHub, it has gained a significant user base, highlighting its importance in the cybersecurity landscape.
Cityworks Zero-Day Exploited by Chinese Hackers in US Local Government Attacks
A zero-day vulnerability in Trimble Cityworks has been exploited by a Chinese threat actor to target local government entities in the US. This incident highlights the significant risks associated with unpatched software vulnerabilities and the potential for state-sponsored cyber attacks on critical infrastructure.
DanaBot Botnet Disrupted, 16 Suspects Charged
The DanaBot botnet, which compromised over 300,000 devices and caused damages exceeding $50 million, has been disrupted by law enforcement. Sixteen suspects have been charged in connection with this cybercrime operation, highlighting the ongoing threat of botnets in the cybersecurity landscape.
Chinese Spies Exploit Ivanti Vulnerabilities Against Critical Sectors
A Chinese espionage group is exploiting two recent vulnerabilities in Ivanti EPMM to target organizations across various critical sectors. This highlights the ongoing threat posed by state-sponsored cyber activities and the importance of addressing software vulnerabilities promptly.
U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation
The U.S. Department of Justice has disrupted the DanaBot malware network and charged 16 individuals linked to a Russia-based cybercrime organization. This operation is significant as it highlights ongoing efforts to combat global cybercrime affecting hundreds of thousands of victims.
CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs
CISA has reported that Commvault is currently monitoring cyber threats that may have compromised client secrets related to its Microsoft 365 backup SaaS solution hosted on Azure. This highlights the ongoing risks associated with cloud misconfigurations and the exploitation of application secrets by threat actors.
GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts
Researchers identified an indirect prompt injection vulnerability in GitLab's AI assistant Duo, which could allow attackers to hijack AI responses and potentially steal source code or redirect users to malicious sites. This flaw highlights significant security risks associated with AI tools in coding environments.
Akamai, Microsoft Disagree on Severity of Unpatched ‘BadSuccessor’ Flaw
Akamai has identified a privilege escalation flaw known as 'BadSuccessor' in Windows Server 2025, but Microsoft has opted not to release an immediate patch, leading to a disagreement over the flaw's severity. This situation raises concerns about the potential risks associated with unpatched vulnerabilities in critical systems.
Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks
Chinese-speaking hackers identified as UAT-6382 have exploited a recently patched vulnerability in Trimble Cityworks, allowing them to deploy malicious tools like Cobalt Strike and VShell for long-term access to U.S. government networks. This incident underscores the ongoing threat posed by state-sponsored cyber actors targeting critical infrastructure.
Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise
A critical privilege escalation vulnerability in Windows Server 2025 allows attackers to compromise any user in Active Directory by exploiting the delegated Managed Service Account (dMSA) feature. This flaw is particularly concerning as it can be executed with default configurations and is easy to implement.
Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks
Chinese threat actors have exploited recently patched vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software to target various sectors across Europe, North America, and the Asia-Pacific region. The vulnerabilities, with CVE identifiers CVE-2025-4427 and CVE-2025-4428, allow for arbitrary code execution, posing significant risks to affected systems.
Marlboro-Chesterfield Pathology Data Breach Impacts 235,000 People
Marlboro-Chesterfield Pathology has experienced a data breach due to an attack by the SafePay ransomware group, affecting the personal information of approximately 235,000 individuals. This incident highlights the ongoing risks posed by ransomware attacks in the healthcare sector.