A recent report from Mandiant has revealed that the Chinese cyber espionage group known as UNC3886 is actively targeting outdated MX Series routers from Juniper Networks. This campaign is aimed at deploying custom backdoors, demonstrating a tactical shift towards exploiting internal networking infrastructure. According to Mandiant, the backdoors utilized diverse…
A subgroup of the notorious Russian state-sponsored hacking entity known as Sandworm has been linked to a persistent global access operation, termed BadPilot, which has been under way for several years. The Microsoft Threat Intelligence team recently disclosed this in a report, emphasizing the group’s strategy of compromising internet-facing infrastructure…
A notorious Russia-based cyber espionage group known as APT29 has reportedly exploited a less common Windows feature called Credential Roaming following a successful phishing operation targeting an unmentioned European diplomatic organization. The strategic focus on diplomatic targets aligns with APT29’s historical modus operandi, demonstrating their commitment to gathering intelligence that…
Recent data breaches have raised concerns about security within popular applications, particularly the use of the Salesloft Drift application to compromise Salesforce data. In an important update, Salesloft has reported that the security incident has been addressed, with containment measures and customer protections now in effect. To investigate the breach,…
Recent investigations by Cybereason have revealed that the Gootkit malware, also known as Gootloader, is primarily targeting healthcare and financial entities across the United States, United Kingdom, and Australia. These findings shed light on the evolving threat landscape, emphasizing the need for heightened vigilance in these sectors. In a December…
Encryption & Key Management, Security Operations Mandiant Uncovers Significant Vulnerability in Sitecore Products Prajeet Nair (@prajeetspeaks) • September 4, 2025 Image: Shutterstock Cybercriminals have exploited a recently patched zero-day vulnerability within Sitecore, a widely used content management system supporting numerous major enterprises, including HSBC, L’Oréal, Toyota, and United Airlines. Sitecore…
Recent reports have highlighted the emergence of a sophisticated malware strain known as DslogdRAT, which exploits a recently patched vulnerability in Ivanti Connect Secure (ICS). This vulnerability, tracked as CVE-2025-0282, was initially leveraged by cybercriminals against organizations in Japan in December 2024. It enabled attackers to install both the malware…
In a significant escalation of cyber warfare, a joint report by Google’s Threat Analysis Group (TAG) and Mandiant reveals that Russian cyber attacks against Ukraine surged by 250% in 2022 compared to two years prior. This dramatic increase coincided with Russia’s military invasion of Ukraine in February 2022, focusing on…
Recent cybersecurity reports have illuminated the activities of an initial access broker (IAB) known as ToyMaker, which has been linked to facilitating access for ransomware groups, including the notorious CACTUS. This IAB has been observed actively scanning for vulnerabilities in systems, as well as deploying bespoke malware identified as LAGTOY,…
