In a recent and concerning development in the ongoing cyber conflict landscape, the Pakistan-linked Advanced Persistent Threat (APT) group known as APT36 (also referred to as Transparent Tribe) has launched a new wave of attacks targeting Indian government and defense personnel. Demonstrating tactical agility, the group is leveraging emotionally charged themes, including a recent terror… Continue reading Pakistan-Linked APT36 Exploits “Pahalgam Terror Attack” Theme in Multi-Pronged Cyber Espionage Campaign Against India
Category: News
Unpacking CVE-2025-29927: A Deep Dive into the Next.js Path Traversal Vulnerability
Next.js has rapidly become a dominant force in the React ecosystem, lauded for its developer experience and performance optimizations. However, like any complex framework, it’s not immune to security vulnerabilities. CVE-2025-29927, a recently disclosed path traversal flaw, serves as a stark reminder that even sophisticated frameworks require diligent security practices from both the maintainers and… Continue reading Unpacking CVE-2025-29927: A Deep Dive into the Next.js Path Traversal Vulnerability
MITRE ATT&CKcon 5.0: Elevating Cybersecurity Knowledge
Cybersecurity remains at the forefront of the global conversation, and MITRE ATT&CKcon 5.0 is a pivotal event in the field. Scheduled for October 22-23, 2024, in McLean, Virginia, the conference serves as a cornerstone for cybersecurity professionals, researchers, and policymakers. Hosted by MITRE, ATT&CKcon is centered around the evolution of the MITRE ATT&CK framework—a globally… Continue reading MITRE ATT&CKcon 5.0: Elevating Cybersecurity Knowledge
Optimizing Security with OPSWAT Solutions
OPSWAT provides advanced cybersecurity solutions that help organizations optimize security measures.
MITRE ATT&CK version 13
MITRE ATT&CK version 13 has been recently launched, bringing some significant updates. These include: ATT&CK version 13 for Enterprise includes 14 tactics, 196 techniques, 411 sub-techniques, 138 groups, b22 campaigns, and 740 software pieces. The upcoming version 14, set to release in October, will further enhance the coverage across domains, introduce renovated mitigations, new cross-domain… Continue reading MITRE ATT&CK version 13
ATT&CK v12 is now accessible! Revisions – October 2022
Updates to Techniques, Groups, and Software for Enterprise, Mobile, and ICS are included in the October 2022 (v12) ATT&CK release. The addition of detections to ATT&CK for ICS and the inclusion of Campaigns are the two biggest updates in ATT&CK v12. The ATT&CK for ICS detections are tied to particular Data Sources and Data Components,… Continue reading ATT&CK v12 is now accessible! Revisions – October 2022
Critical Fortinet auth bypass bug has an exploit available; apply the patch now
A critical authentication bypass flaw affecting Fortinet’s FortiOS, FortiProxy, and FortiSwitchManager appliances now has proof-of-concept exploit code available. Attackers can get around the authentication process on the administrative interface of FortiGate firewalls, FortiProxy web proxies, and FortiSwitch Manager (FSWM) on-premise management instances thanks to this security flaw (CVE-2022-40684). Last Thursday, Fortinet released security updates to… Continue reading Critical Fortinet auth bypass bug has an exploit available; apply the patch now
Organizations in Poland and Ukraine are affected by the new “Prestige” ransomware.
The Microsoft Threat Intelligence Center (MSTIC) has found evidence of a novel ransomware campaign using a hitherto unidentified ransomware payload that targets businesses in the logistics and transportation sectors in Poland and Ukraine. On October 11, we saw the introduction of this new ransomware, which refers to itself in its ransom note as “Prestige ransomware,”… Continue reading Organizations in Poland and Ukraine are affected by the new “Prestige” ransomware.
Best Cloud SaaS Governance Practices from the CSA Cloud Security Alliance
IntroductionInfrastructure as Service security is almost always the focus when discussing cloud security. platforms as a service (PaaS) and infrastructure as a service (IaaS). In spite of the fact that Organizations typically use 2-3 IaaS providers and frequently use tens to hundreds of SaaS products. A standard set of guidelines called the SaaS Governance Best… Continue reading Best Cloud SaaS Governance Practices from the CSA Cloud Security Alliance
A CyberRisk Alliance Resource, MSSP Alert – TOP 250 MSSPs Services Providers 2022 edition
A succinct summary The Top 250 MSSPs and associated survey respondents continue to expand more quickly than the managed security market as a whole. In fact, respondents to the survey anticipate that annual MSSP revenues will increase by 26% in 2022 compared to 2021, or nearly twice the market growth rate. MSSP growth is being… Continue reading A CyberRisk Alliance Resource, MSSP Alert – TOP 250 MSSPs Services Providers 2022 edition