SAP Attacks: Chaya_004 Threat Intel
A new wave of cyberattacks has emerged targeting a critical vulnerability in SAP NetWeaver, marking another concerning development in the landscape of enterprise application security. This latest campaign, attributed to a China-linked threat actor tracked as Chaya_004, takes advantage of CVE-2025-31324, a remote code execution vulnerability with a maximum CVSS score of 10.0. The exploit allows […]
Moonlander: EoL & IoT Botnet Risk
In a major international operation named Operation Moonlander, Dutch and U.S. law enforcement authorities have dismantled a massive proxy botnet powered by thousands of compromised Internet of Things (IoT) and end-of-life (EoL) devices. These hijacked devices were exploited to provide anonymity to cybercriminals through paid proxy services, enabling a wide range of illicit online activity. The […]
Operation Moonlander: EoL & IoT Threat
In a major international operation named Operation Moonlander, Dutch and U.S. law enforcement authorities have dismantled a massive proxy botnet powered by thousands of compromised Internet of Things (IoT) and end-of-life (EoL) devices. These hijacked devices were exploited to provide anonymity to cybercriminals through paid proxy services, enabling a wide range of illicit online activity. The […]
Polish Registry Hack: Gov Alert
On April 30, 2025, Poland experienced a serious disruption in its state registry systems, affecting multiple digital public services that citizens rely on for legal documentation and administrative tasks. Initial reports suggest a suspected cyberattack, although authorities have yet to confirm the origin or technical details. This incident highlights the growing vulnerability of government digital […]
Scattered Spider Hits IAM Again
Scattered Spider, one of the most aggressive financially motivated hacking groups in recent history, has continued its rampage across major enterprises-despite multiple arrests. Known for its social engineering tactics, multi-factor authentication bypasses, and bold data extortion attempts, the group’s persistence signals a deeper challenge within the cybersecurity ecosystem: the failure to secure human-layer vulnerabilities and […]
Exposed Tank Gauges Risk Ops
In today’s interconnected world, even the most mundane industrial components can become points of entry for malicious actors. One such often-ignored element is the Automatic Tank Gauge (ATG)—used widely at gas stations, depots, and backup generator sites to monitor fuel levels, temperature, and leaks. Despite their critical role in operational continuity, thousands of these devices […]
MacOS Faces Rising Crypto Threat
A major shift is happening in the world of cybersecurity, one that challenges the long-standing belief that MacOS is inherently safer than its Windows counterparts. Recent intelligence has revealed a disturbing trend: North Korean hackers, specifically linked to the notorious Lazarus Group, are actively targeting Apple’s ecosystem, focusing their efforts on cryptocurrency and blockchain industries. This development marks a significant escalation in the […]
JPMorgan CISO Warns on SaaS Gaps
The rapid shift to software as a service (SaaS) has outpaced many providers’ ability to secure their offerings, leaving enterprises at risk. In an open letter, JP Morgan Chase’s Chief Information Security Officer warned that direct integration of SaaS into critical systems has effectively collapsed multi-factor controls into single-factor implicit trust -quietly enabling attackers to […]
Ransomware as a Service: EDR Threats
In 2025, organizations worldwide face a new level of ransomware threat driven by Ransomware as a Service (RaaS) platforms enhanced by advanced Endpoint Detection and Response (EDR) killers. After law enforcement disrupted established gangs like LockBit, new groups quickly filled the gap. RansomHub, launched in February 2024, attracted affiliates with a model that lets them […]
Phishing Surge in APAC: Manufacturing
In the first quarter of 2025, the Asia-Pacific (APAC) region witnessed a significant escalation in phishing attacks, particularly targeting the manufacturing sector. Phishing has emerged as the primary vector for initial access, accounting for 50% of all incidents, a substantial increase from less than 10% in the previous quarter. These attacks often involve sophisticated social […]