All topics
Vulnerabilities
A New Chinese APT Takes the Stage
Active since at least 2022, UAT-7290 demonstrates a significant capacity for conducting deep-seated espionage while simultaneously functioning as an initial access group.
React2Shell Attacks Continue to Build
After a peak of more than 430,000 attack sessions in late December, daily volumes targeting React2Shell have stabilized in the 300,000 to 400,000 range.
IBM Warns of Critical Auth Bypass Bug in API Connect
IBM published updates for the affected versions of API Connect on Jan. 2., and urged organizations to update affected versions as soon as possible.
Serious MongoDB Flaw CVE-2025-14847 Under Exploitation
MongoDB disclosed the vulnerability (CVE-2025-14847) on Dec. 19 and a few days later, a public exploit for it appeared online.
Russian Targeting of Edge Devices. Cisco AsyncOS Zero Day, and React2Shell Won’t Go Away
As we ease into the holidays, the security news doesn’t stop coming. This week we discuss the research from AWS threat intelligence on Russian adversaries targeting a variety of network edge devices for opportunistic exploitation, then we break down attacks by a Chinese threat actor that target a new zero day in Cisco’s AsyncOS, and finally we discuss the […]