Latest Intelligence
Over 1,500 PostgreSQL Servers Compromised in Fileless Cryptocurrency Mining Campaign
An ongoing campaign has compromised over 1,500 exposed PostgreSQL servers to deploy cryptocurrency miners, highlighting significant security vulnerabilities in cloud databases. This activity is linked to a malware strain known as PG_MEM and has been tracked by Wiz since its initial discovery by Aqua Security in August 2024.
Enterprise Gmail Users Can Now Send End-to-End Encrypted Emails to Any Platform
Google has introduced a significant update for enterprise Gmail users, enabling them to send end-to-end encrypted emails to any email inbox. This feature enhances email security and privacy, marking a notable advancement in email communication.
Hackers Looking for Vulnerable Palo Alto Networks GlobalProtect Portals
Hackers are actively probing the internet for vulnerable instances of Palo Alto Networks GlobalProtect, according to a warning from GreyNoise. This coordinated effort highlights the potential risks associated with unpatched or misconfigured VPN portals, which could lead to unauthorized access.
Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing
The Lucid phishing-as-a-service platform has successfully targeted 169 entities across 88 countries through smishing via iMessage and RCS, leveraging legitimate communication channels to bypass detection mechanisms. This sophisticated approach raises significant concerns regarding the effectiveness of current security measures against such threats.
Google 'ImageRunner' Bug Enabled Privilege Escalation
A vulnerability in Google Cloud Run, identified by Tenable, previously allowed threat actors to escalate their privileges. This flaw poses significant risks to cloud security and requires immediate attention to prevent exploitation.
FDA's Critical Role in Keeping Medical Devices Secure
The FDA plays a crucial role in regulating medical devices to ensure their security against vulnerabilities. Their guidance seeks to balance rigorous oversight with the need for manufacturers to respond quickly when issues are identified.
Lazarus APT Jumps on ClickFix Bandwagon in Recent Attacks
The Lazarus APT group, linked to North Korea, has intensified its campaign against job seekers by employing social engineering tactics to target centralized finance (CeFi) organizations with the GolangGhost backdoor. This highlights the ongoing threat posed by state-sponsored cyber actors in exploiting vulnerable populations.
Security Operations Firm ReliaQuest Raises $500M at $3.4B Valuation
ReliaQuest has successfully raised $500 million in a new funding round, increasing its total funding to over $830 million and achieving a valuation of $3.4 billion. This significant investment highlights the growing importance of cybersecurity operations in the current digital landscape.
Ransomware Group Takes Credit for National Presto Industries Attack
A ransomware group has claimed responsibility for a cyberattack on National Presto Industries' subsidiary, National Defense Corporation, which occurred in March. This incident highlights the ongoing threat of ransomware attacks to industrial sectors.
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added a new vulnerability, CVE-2025-24813, related to Apache Tomcat, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation. This vulnerability poses significant risks to federal networks and emphasizes the need for timely remediation to mitigate cyber threats.
CISA Releases Two Industrial Control Systems Advisories
CISA has released two advisories regarding vulnerabilities in Industrial Control Systems, specifically affecting Rockwell Automation and Hitachi Energy products. These advisories highlight the importance of addressing security issues in ICS environments to prevent potential exploits.
Rockwell Automation Lifecycle Services with Veeam Backup and Replication
Rockwell Automation has reported a critical remote code execution vulnerability (CVE-2025-23120) in its Lifecycle Services with Veeam Backup and Replication, which could allow an attacker with administrative privileges to execute arbitrary code on the target system. The vulnerability is significant due to its high CVSS v4 score of 9.4 and its potential impact on critical manufacturing sectors worldwide.
Critical Vulnerability Found in Canon Printer Drivers
Microsoft's offensive security team has identified a critical code execution vulnerability in Canon printer drivers, which poses significant risks for users. This vulnerability could allow attackers to execute arbitrary code on affected systems.
Apple Backports Critical Fixes for 3 Live Exploits Impacting iOS and macOS Legacy Devices
Apple has released critical fixes for three vulnerabilities affecting older iOS and macOS devices that are currently being exploited. The vulnerabilities, including a use-after-free bug, pose significant risks to users of legacy systems.
Nearly 24,000 IPs Target PAN-OS GlobalProtect in Coordinated Login Scan Campaign
Cybersecurity researchers have reported a significant increase in login scanning attempts targeting Palo Alto Networks' PAN-OS GlobalProtect gateways, with nearly 24,000 unique IP addresses involved. This coordinated effort indicates potential vulnerabilities that could be exploited by attackers.