A New Chinese APT Takes the Stage
Active since at least 2022, UAT-7290 demonstrates a significant capacity for conducting deep-seated espionage while simultaneously functioning as an initial access group.
All topics
General
37 Posts
IBM Warns of Critical Auth Bypass Bug in API Connect
IBM published updates for the affected versions of API Connect on Jan. 2., and urged organizations to update affected versions as soon as possible.
Serious MongoDB Flaw CVE-2025-14847 Under Exploitation
MongoDB disclosed the vulnerability (CVE-2025-14847) on Dec. 19 and a few days later, a public exploit for it appeared online.
Broad Exploit Activity Targets React2Shell Flaw
The vulnerability was disclosed publicly on Dec. 3 and researchers and threat intelligence teams immediately began seeing opportunistic and targeted exploitation attempts.
Rich Mogull on the Cloudflare Outage, Resilience, and Single Points of Failure
Dennis is joined by Rich Mogull, chief analyst at the Cloud Security Alliance, cloud security trainer, and all around good guy to talk about the Cloudflare outage, why the internet is now just six companies, and what, if anything, organizations can do to improve their resilience in the current environment.
Google Wants to Snuff Out ‘Lighthouse’ Phishing Kit
Google is taking legal action "designed to dismantle the core infrastructure" of the Lighthouse phishing-as-a-service operation.