U.S. Cybersecurity and Infrastructure Security Agency’s new Malware Analysis Report on a malicious listener deployed on Ivanti Endpoint Manager Mobile (EPMM) systems by chaining CVE-2025-4427 and CVE-2025-4428 during real-world intrusions. The report ships with indicators of compromise, YARA and SIGMA rules, and clear mitigation guidance, making it a must-read for defenders managing mobile device fleets… Continue reading Malware Analysis Report on a malicious listener deployed on Ivanti Endpoint Manager Mobile (EPMM) systems
Category: News
Critical Google Chrome Zero-Day CVE-2025-10585: What You Need to Know
Google has just patched a critical zero-day vulnerability in its Chrome web browser—CVE-2025-10585—which has been actively exploited in the wild. This flaw, a type confusion issue in Chrome’s V8 JavaScript and WebAssembly engine, allows threat actors to execute arbitrary code on vulnerable systems, potentially compromising millions of users. The Vulnerability and Its Impact CVE-2025-10585 is a type confusion vulnerability in the V8… Continue reading Critical Google Chrome Zero-Day CVE-2025-10585: What You Need to Know
CISA Issues Nine Urgent Advisories on Industrial Control Systems Vulnerabilities
In a critical bulletin released on September 18, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) published nine new advisories detailing high-severity vulnerabilities affecting widely used Industrial Control Systems (ICS). Organizations operating critical infrastructure—from energy grids to manufacturing plants—must review and implement the recommended mitigations immediately to prevent disruptive or potentially catastrophic attacks. Key… Continue reading CISA Issues Nine Urgent Advisories on Industrial Control Systems Vulnerabilities
MSSP Alert Top 250 for 2024: A Deep Dive into the State of Cybersecurity
Discover the key findings from the 2024 MSSP Alert Top 250 report. Explore trends in MSSP growth, profitability, in-house SOCs, and the critical services defining modern cyber defense.
Pakistan-Linked APT36 Exploits “Pahalgam Terror Attack” Theme in Multi-Pronged Cyber Espionage Campaign Against India
In a recent and concerning development in the ongoing cyber conflict landscape, the Pakistan-linked Advanced Persistent Threat (APT) group known as APT36 (also referred to as Transparent Tribe) has launched a new wave of attacks targeting Indian government and defense personnel. Demonstrating tactical agility, the group is leveraging emotionally charged themes, including a recent terror… Continue reading Pakistan-Linked APT36 Exploits “Pahalgam Terror Attack” Theme in Multi-Pronged Cyber Espionage Campaign Against India
Unpacking CVE-2025-29927: A Deep Dive into the Next.js Path Traversal Vulnerability
Next.js has rapidly become a dominant force in the React ecosystem, lauded for its developer experience and performance optimizations. However, like any complex framework, it’s not immune to security vulnerabilities. CVE-2025-29927, a recently disclosed path traversal flaw, serves as a stark reminder that even sophisticated frameworks require diligent security practices from both the maintainers and… Continue reading Unpacking CVE-2025-29927: A Deep Dive into the Next.js Path Traversal Vulnerability
MITRE ATT&CKcon 5.0: Elevating Cybersecurity Knowledge
Cybersecurity remains at the forefront of the global conversation, and MITRE ATT&CKcon 5.0 is a pivotal event in the field. Scheduled for October 22-23, 2024, in McLean, Virginia, the conference serves as a cornerstone for cybersecurity professionals, researchers, and policymakers. Hosted by MITRE, ATT&CKcon is centered around the evolution of the MITRE ATT&CK framework—a globally… Continue reading MITRE ATT&CKcon 5.0: Elevating Cybersecurity Knowledge
Optimizing Security with OPSWAT Solutions
OPSWAT provides advanced cybersecurity solutions that help organizations optimize security measures.
MITRE ATT&CK version 13
MITRE ATT&CK version 13 has been recently launched, bringing some significant updates. These include: ATT&CK version 13 for Enterprise includes 14 tactics, 196 techniques, 411 sub-techniques, 138 groups, b22 campaigns, and 740 software pieces. The upcoming version 14, set to release in October, will further enhance the coverage across domains, introduce renovated mitigations, new cross-domain… Continue reading MITRE ATT&CK version 13
ATT&CK v12 is now accessible! Revisions – October 2022
Updates to Techniques, Groups, and Software for Enterprise, Mobile, and ICS are included in the October 2022 (v12) ATT&CK release. The addition of detections to ATT&CK for ICS and the inclusion of Campaigns are the two biggest updates in ATT&CK v12. The ATT&CK for ICS detections are tied to particular Data Sources and Data Components,… Continue reading ATT&CK v12 is now accessible! Revisions – October 2022