Blog

Threat hunters have discovered a set of previously unreported domains, some going back to May 2020, that are associated with China-linked threat actors Salt Typhoon and UNC4841.
“The domains date back several years, with the oldest registration activity occurring in May 2020, further confirming that the 2024 Salt Typhoon attacks were not the first activity carried out by this group,” Silent Push

A threat actor possibly of Russian origin has been attributed to a new set of attacks targeting the energy sector in Kazakhstan.
The activity, codenamed Operation BarrelFire, is tied to a new threat group tracked by Seqrite Labs as Noisy Bear. The threat actor has been active since at least April 2025.
“The campaign is targeted towards employees of KazMunaiGas or KMG where the threat entity

Cybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum blockchain to carry out malicious actions on compromised systems, signaling the trend of threat actors constantly on the lookout for new ways to distribute malware and fly under the radar.
“The two npm packages abused smart contracts to conceal malicious

The North Korea-linked threat actor known as the Lazarus Group has been attributed to a social engineering campaign that distributes three different pieces of cross-platform malware called PondRAT, ThemeForestRAT, and RemotePE.
The attack, observed by NCC Group’s Fox-IT in 2024, targeted an organization in the decentralized finance (DeFi) sector, ultimately leading to the compromise of an

Cybersecurity researchers have called attention to a cyber attack in which unknown threat actors deployed an open-source endpoint monitoring and digital forensic tool called Velociraptor, illustrating ongoing abuse of legitimate software for malicious purposes.
“In this incident, the threat actor used the tool to download and execute Visual Studio Code with the likely intention of creating a

Three new security vulnerabilities have been disclosed in the Sitecore Experience Platform that could be exploited to achieve information disclosure and remote code execution. 
The flaws, per watchTowr Labs, are listed below –

CVE-2025-53693 – HTML cache poisoning through unsafe reflections
CVE-2025-53691 – Remote code execution (RCE) through insecure deserialization
CVE-2025-53694 –

The financially motivated threat actor known as Storm-0501 has been observed refining its tactics to conduct data exfiltration and extortion attacks targeting cloud environments.
“Unlike traditional on-premises ransomware, where the threat actor typically deploys malware to encrypt critical files across endpoints within the compromised network and then negotiates for a decryption key,

Commvault has released updates to address four security gaps that could be exploited to achieve remote code execution on susceptible instances.
The list of vulnerabilities, identified in Commvault versions before 11.36.60, is as follows –

CVE-2025-57788 (CVSS score: 6.9) – A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user

Telecommunications organizations in Southeast Asia have been targeted by a state-sponsored threat actor known as CL-STA-0969 to facilitate remote control over compromised networks.
Palo Alto Networks Unit 42 said it observed multiple incidents in the region, including one aimed at critical telecommunications infrastructure between February and November 2024.
The attacks are characterized by the

The Russian nation-state threat actor known as Secret Blizzard has been observed orchestrating a new cyber espionage campaign targeting foreign embassies located in Moscow by means of an adversary-in-the-middle (AitM) attack at the Internet Service Provider (ISP) level and delivering a custom malware dubbed ApolloShadow.
“ApolloShadow has the capability to install a trusted root certificate to