Vulnerability Debt: How Do You Put a Price on What to Fix?
Putting a vulnerability debt figure together involves work, but having vulnerability debt figures lets you measure real-world values against your overall security posture.
PUBLOAD and Pubshell Malware Used in Mustang Panda’s Tibet-Specific Attack
A China-linked threat actor known as Mustang Panda has been attributed to a new cyber espionage campaign directed against the Tibetan community. The spear-phishing attacks leveraged topics related to Tibet, such as the 9th World Parliamentarians’ Convention on Tibet (WPCT), China’s education policy in the Tibet Autonomous Region (TAR), and a recently published book by…
US Falling Behind China in Exploit Production
Cyber operations have become critical to national security, but the United States has fallen behind in one significant area — exploit production — while China has built up a significant lead.
Business Case for Agentic AI SOC Analysts
Security operations centers (SOCs) are under pressure from both sides: threats are growing more complex and frequent, while security budgets are no longer keeping pace. Today’s security leaders are expected to reduce risk and deliver results without relying on larger teams or increased spending. At the same time, SOC inefficiencies are draining resources. Studies show…
Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit
A new campaign has been observed leveraging fake websites advertising popular software such as WPS Office, Sogou, and DeepSeek to deliver Sainbox RAT and the open-source Hidden rootkit. The activity has been attributed with medium confidence to a Chinese hacking group called Silver Fox (aka Void Arachne), citing similarities in tradecraft with previous campaigns attributed…
MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted
Threat intelligence firm GreyNoise is warning of a “notable surge” in scanning activity targeting Progress MOVEit Transfer systems starting May 27, 2025—suggesting that attackers may be preparing for another mass exploitation campaign or probing for unpatched systems.MOVEit Transfer is a popular managed file transfer solution used by businesses and government agencies to share sensitive data
OneClik Malware Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors
Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft’s ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas sectors. “The campaign exhibits characteristics aligned with Chinese-affiliated threat actors, though attribution remains cautious,” Trellix researchers Nico Paulo
‘Cyber Fattah’ Hacktivist Group Leaks Saudi Games Data
As tensions in the Middle East rise, hacktivist groups are coming out of the woodwork with their own agendas, leading to notable shifts in the hacktivist threat landscape.
Citrix NetScaler ADC and NetScaler Gateway Vulnerabilities
What is the Vulnerability?Citrix has published security advisories addressing three critical vulnerabilities, CVE-2025-6543, CVE-2025-5349, and CVE-2025-5777, affecting the NetScaler ADC and NetScaler Gateway under specific pre-conditions.CVE-2025-6543: A memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN,…
Taking the shine off BreachForums
ShinyHunters threat group members were arrested in a coordinated law enforcement action for their association with BreachForums