The volume and velocity of today’s cyberthreats puts millions of businesses at risk of data theft and ransomware. Here, you get valuable and timely cyberthreat information, designed for easy consumption and quick action.
Mike Puglia
Posted on Apr 1
On March 31st between 00:21 and 03:20 (UTC Time), an attacker compromised the NPM account of the head Axios maintainer and replaced a dependency with a heavily obfuscated Remote Access Trojan (RAT). Axios HTTP Client is one of the worlds most used clients with 400 million downloads a month. Any developer or CI/CD pipeline that […]
Billy Austin
Posted on Feb 16
Overview Qilin (also tracked as Agenda) is an active ransomware-as-a-service operation impacting both SMB and Enterprise environments. Recent campaigns demonstrate a mature, configuration-driven encryptor designed to maximize operational disruption by disabling recovery mechanisms, enumerating network-accessible data, and encrypting files at scale. Static Analysis & Variant Context Qilin represents a class of modern enterprise ransomware that […]
Mike Puglia
Posted on Jan 22
UPDATE Jan 22 6:20PM EST Fortinet has provided an update at: https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios Fortinet has confirmed the patch in December did not fully resolve the issue. Specifically, they state: “Fortinet product security has identified the issue, and the company is working on a fix to remediate this occurrence. An advisory will be issued as the fix […]
Mike Puglia
Posted on Jan 12
Fortinet has recently issued an advisory that a five year old vulnerability from 2020 (CVE-2020-12812) is being actively exploited in the wild. The vulnerability enables attackers to bypass 2FA witch certain firewall configurations and was patched with releases 6.4.1, 6.2.4, and 6.0.10. Whether Fortinet updated this advisory because of multiple compromises detected or for research […]
Mike Puglia
Posted on Dec 8
A remote code execution (RCE) vulnerability exists React Server Components protocol version 19.0.0 to 19.2.0 (CVE-2025-55182) and also impacts the downstream Next.js applications using the App Router ( CVE-2025-66478). The vulnerability has been assigned a CVSS Score of 10 out of 10, the highest possible severity and being actively exploited worldwide (CISA Known Exploited Vulnerabilities […]
Mike Puglia
Posted on Dec 3
Microsoft has ended Windows 10 support. From October 14, 2025, no more technical support, no more feature updates, and critically, no more FREE security patches. In November, Microsoft released its first Extended Security Update (ESU) for those still running Windows 10 and are willing to purchase these updates. The patch, KB5068781, contains fixes for 63 […]
Mike Puglia
Posted on Sep 19
SonicWall has announced that threat actors accessed backup firewall preference files stored in the MySonicWall Cloud which exposes admin credentials and other information that could make it easier for attackers to potentially exploit the related firewall. This only impacts customers who have enabled the Cloud Backup Feature on their SonicWall Firewalls. If this feature is […]
Billy Austin
Posted on Sep 4
Executive Summary Akira ransomware continues to target Windows, Linux, and ESXi systems. Over the past few weeks, the Kaseya SOC has seen an uptick in another version of Akira. Campaigns include destructive steps such as wiping recovery options, clearing event logs, and forcing victims into Tor-based negotiations. Below are the decoded evidence artifacts, encryption attributes, […]
Mike Puglia
Posted on Aug 28
Microsoft Teams, with its over 350 million active monthly users, recently announced several new security features which begin rolling out in September. Due to its widespread business adoption, Teams has become a prime target for threat actors and ransomware groups like Midnight Blizzard, Black Basta, and Storm-2603. These security enhancements aim to help organizations better […]
Mike Puglia
Posted on Aug 17
Cisco has published a critical vulnerability (CVE-2025-20265) with the highest severity score (CVSS 10.0) for its Secure Firewall Management Center (FMC) product. The vulnerability, a Radius Remote Code Execution Vulnerability, enables an unauthenticated attacker to remotely inject arbitrary code, typically shell commands, that are executed at with high level privileges. The flaw is present in […]
