Ransomware in 2025: Blending in is the strategy
Ransomware attacks aren’t smash-and-grab anymore. They’re built on access that already looks legitimate — closer to positioning chess pieces than breaking the door down. That’s…
Category: VendorResearch
Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets
Key Points Check Point Research identified a zero-day vulnerability in the TrueConf client application, tracked as CVE-2026-3502, with a CVSS score of 7.8. The flaw stems from…
ChatGPT Data Leakage via a Hidden Outbound Channel in the Code Execution Runtime
Key Takeaways Sensitive data shared with ChatGPT conversations could be silently exfiltrated without the user’s knowledge or approval. Check Point Research discovered a hidden outbound…
How Microsoft Defender protects high-value assets in real-world attack scenarios
High-value assets including domain controllers, web servers, and identity infrastructure are frequent targets in sophisticated attacks. Microsoft Defender applies asset-aware protection using Microsoft Security Exposure…
A puppet made me cry and all I got was this t-shirt
Welcome to this week’s edition of the Threat Source newsletter. Anyone who spoke with me in the last several weeks has had to deal with me loudly waiting in anticipation for the long-awaited “Project…
Why is the LiteLLM AI gateway compromise so dangerous?
A significant proportion of cyber incidents are linked to supply chain attacks, and this proportion is constantly growing. Over the past year, we have seen…
Coruna framework: an exploit kit and ties to Operation Triangulation
Introduction On March 4, 2026, Google and iVerify published reports about a highly sophisticated exploit kit targeting Apple iPhone devices. According to Google, the exploit…
CVE-2025-68613: Zerobot botnet exploits critical vulnerability impacting n8n AI orchestration platform
Introduction Zerobot, a Mirai-based botnet known for targeting Internet of Things (IoT) devices, has leveraged a critical vulnerability tracked as CVE-2025-68613, to compromise instances of…
Falcon Data Security Secures Data Wherever It Lives and Moves
In modern organizations, sensitive data lives everywhere and is constantly moving. It is created, accessed, transformed, and shared across endpoints, browsers, SaaS applications, cloud services,…
CrowdStrike Advances CNAPP with Adversary-Informed Risk Prioritization
Interest in cloud-native application protection platforms (CNAPPs) has exploded over the recent years, partly due to their ability to reduce alert noise by translating siloed…
Case study: How predictive shielding in Defender stopped GPO-based ransomware before it started
Summary Microsoft Defender disrupted a human operated ransomware incident targeting a large educational institution with more than a couple of thousand devices. The attacker attempted to…
2025 Talos Year in Review: Speed, scale, and staying power
The 2025 Talos Year in Review is now available to view online. The pace and scale of adversary activity in 2025 placed sustained pressure on security…