Access Restricted: The Growing Threat of Shadow AI In today’s digital landscape, unauthorized artificial intelligence (AI) usage has emerged as a significant cybersecurity risk, often referred to as “shadow AI.” Recently, a concerning article highlighted this burgeoning threat, prompting urgent conversations among industry leaders and cybersecurity professionals. The target of…
Jul 24, 2025
Offensive Security / Security Validation
Just as you wouldn’t limit your blue team to annual assessments, why accept a lackluster schedule for your offensive security? Cybersecurity teams face mounting pressure to proactively uncover network vulnerabilities before attackers can exploit them. Unfortunately, many organizations still treat offensive security as a one-time event—an annual penetration test, sporadic red team exercises, or a last-minute audit before compliance deadlines. This isn’t effective defense; it’s merely performative.
Adversaries operate continuously, with evolving tools and tactics. New vulnerabilities are often turned into exploits within hours of a patch release. If your offensive validation isn’t just as agile, you’re not only falling behind—you’re leaving yourself vulnerable. It’s time to transition from annual pentests and establish an Offensive Security Operations Center.
Annual Penetration Tests Are Not Enough: The Case for an Offensive Security Operations Center In a rapidly evolving cybersecurity landscape, the traditional approach of conducting penetration tests once a year is becoming increasingly inadequate. While continuous threats loom over organizations, many still perceive offensive security measures as isolated events—such as…
Jul 24, 2025
Offensive Security / Security Validation
Just as you wouldn’t limit your blue team to annual assessments, why accept a lackluster schedule for your offensive security? Cybersecurity teams face mounting pressure to proactively uncover network vulnerabilities before attackers can exploit them. Unfortunately, many organizations still treat offensive security as a one-time event—an annual penetration test, sporadic red team exercises, or a last-minute audit before compliance deadlines. This isn’t effective defense; it’s merely performative.
Adversaries operate continuously, with evolving tools and tactics. New vulnerabilities are often turned into exploits within hours of a patch release. If your offensive validation isn’t just as agile, you’re not only falling behind—you’re leaving yourself vulnerable. It’s time to transition from annual pentests and establish an Offensive Security Operations Center.
DoNot Team Linked to New Tanzeem Android Malware Aimed at Intelligence Gathering
The threat group known as DoNot Team is associated with a new Android malware linked to highly targeted cyber attacks. The malware, identified as Tanzeem (meaning “organization” in Urdu) and its update variant, was discovered by cybersecurity firm Cyfirma in October and December 2024. These applications share nearly identical functionalities, with only slight user interface changes. Cyfirma’s Friday analysis pointed out, “While designed as a chat application, it fails to operate after installation, crashing once the required permissions are granted.” The app’s name indicates a focus on targeting specific individuals or groups both domestically and internationally. DoNot Team, also known as APT-C-35, Origami Elephant, SECTOR02, and Viceroy Tiger, is a hacking group believed to originate from India, notorious for utilizing spear-phishing emails and various Android malware strains in their attacks.
DoNot Team Linked to Emerging Tanzeem Android Malware Targeting Intelligence Gathering January 20, 2025 In a notable development in the cyber threat landscape, the hacking group known as DoNot Team has been associated with a new strain of Android malware. This malware, identified as Tanzeem, which translates to “organization” in…
DoNot Team Linked to New Tanzeem Android Malware Aimed at Intelligence Gathering
The threat group known as DoNot Team is associated with a new Android malware linked to highly targeted cyber attacks. The malware, identified as Tanzeem (meaning “organization” in Urdu) and its update variant, was discovered by cybersecurity firm Cyfirma in October and December 2024. These applications share nearly identical functionalities, with only slight user interface changes. Cyfirma’s Friday analysis pointed out, “While designed as a chat application, it fails to operate after installation, crashing once the required permissions are granted.” The app’s name indicates a focus on targeting specific individuals or groups both domestically and internationally. DoNot Team, also known as APT-C-35, Origami Elephant, SECTOR02, and Viceroy Tiger, is a hacking group believed to originate from India, notorious for utilizing spear-phishing emails and various Android malware strains in their attacks.
The Hidden Costs of Cloud Resilience: A Growing Concern for Businesses In a rapidly evolving digital landscape, many organizations are embracing cloud-native architectures. However, recent findings from a survey conducted among 500 global IT and security decision-makers reveal a troubling gap in resilience. Despite nearly half of development projects now…
Major Cyberattacks in 2025: A Comprehensive Overview Recent developments in the cybersecurity landscape reveal a concerning trend, as 2025 has already witnessed significant cyberattacks that have infiltrated various sectors, impacting numerous businesses and organizations. These attacks underscore the increasing sophistication and urgency of cybersecurity threats in today’s digital age. Among…
Critical RCE Vulnerabilities Identified in Sophos Firewall and SMA 100 Devices: Urgent Patches Released by Sophos and SonicWall
July 24, 2025
Network Security / Vulnerability
Sophos and SonicWall have issued a warning regarding serious security flaws in Sophos Firewall and Secure Mobile Access (SMA) 100 Series appliances, which could be exploited for remote code execution. The two critical vulnerabilities affecting Sophos Firewall are as follows:
Sophos reports that CVE-2025-6704 affects approximately 0.05% of devices, while CVE-2025-7624 impacts up to 0.73% of devices. Both vulnerabilities have been addressed in a recent update, along with a high-severity command injection vulnerability.
Sophos and SonicWall Address Critical RCE Vulnerabilities in Firewalls and SMA 100 Devices On July 24, 2025, cybersecurity firms Sophos and SonicWall issued urgent security warnings regarding significant vulnerabilities discovered in the Sophos Firewall and Secure Mobile Access (SMA) 100 Series devices. The flaws present a critical risk, allowing potential…
Critical RCE Vulnerabilities Identified in Sophos Firewall and SMA 100 Devices: Urgent Patches Released by Sophos and SonicWall
July 24, 2025
Network Security / Vulnerability
Sophos and SonicWall have issued a warning regarding serious security flaws in Sophos Firewall and Secure Mobile Access (SMA) 100 Series appliances, which could be exploited for remote code execution. The two critical vulnerabilities affecting Sophos Firewall are as follows:
Sophos reports that CVE-2025-6704 affects approximately 0.05% of devices, while CVE-2025-7624 impacts up to 0.73% of devices. Both vulnerabilities have been addressed in a recent update, along with a high-severity command injection vulnerability.
PNGPlug Loader Distributes ValleyRAT Malware via Deceptive Software Installers
January 21, 2025
Cyber Attack / Windows Security
Cybersecurity experts are raising alarms about a series of cyber attacks targeting Chinese-speaking regions, including Hong Kong, Taiwan, and Mainland China, involving the notorious ValleyRAT malware. According to a technical report by Intezer published last week, these attacks utilize a multi-stage loader known as PNGPlug to deliver the ValleyRAT payload. The infection process starts with a phishing page designed to lure victims into downloading a malicious Microsoft Installer (MSI) disguised as legitimate software. Once executed, the installer presents a harmless application to evade detection while covertly extracting an encrypted archive that contains the malware. The MSI package exploits the Windows Installer’s CustomAction feature, allowing it to run malicious code, including an embedded DLL that decrypts the archive (all.zip) using a hardcoded password, ‘hello202411’, to release the core malware components.
PNGPlug Loader Facilitates ValleyRAT Malware Distribution via Deceptive Software Installers January 21, 2025 Cyber Attack / Windows Security Cybersecurity experts are raising alarms over a sophisticated series of cyberattacks targeting Chinese-speaking regions, including Hong Kong, Taiwan, and Mainland China. The malicious activity centers around a known malware strain, ValleyRAT, which…
PNGPlug Loader Distributes ValleyRAT Malware via Deceptive Software Installers
January 21, 2025
Cyber Attack / Windows Security
Cybersecurity experts are raising alarms about a series of cyber attacks targeting Chinese-speaking regions, including Hong Kong, Taiwan, and Mainland China, involving the notorious ValleyRAT malware. According to a technical report by Intezer published last week, these attacks utilize a multi-stage loader known as PNGPlug to deliver the ValleyRAT payload. The infection process starts with a phishing page designed to lure victims into downloading a malicious Microsoft Installer (MSI) disguised as legitimate software. Once executed, the installer presents a harmless application to evade detection while covertly extracting an encrypted archive that contains the malware. The MSI package exploits the Windows Installer’s CustomAction feature, allowing it to run malicious code, including an embedded DLL that decrypts the archive (all.zip) using a hardcoded password, ‘hello202411’, to release the core malware components.
Presented by Entrust 60 Minutes As cyber threats evolve, the phenomenon of “Harvest Now, Decrypt Later” attacks poses an imminent risk to organizations focused on safeguarding long-term data. Prominent companies are accelerating their adoption of Post-Quantum Cryptography (PQC) as a strategic response. Given their critical role in secure key management,…
PDPC Imposes B15 Million Fines Following Multiple Data Breaches In a recent crackdown on data privacy violations, Thailand’s Personal Data Protection Committee (PDPC) has enforced fines totaling 15 million baht across five distinct data breach cases. This initiative underscores the increasing scrutiny faced by organizations regarding their data protection practices…
