Mandiant
SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit
Unknown intruders are targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances and deploying a novel, persistent backdoor / rootkit, …
Compromised SAP NetWeaver instances are ushering in opportunistic threat actors
A second wave of attacks against the hundreds of SAP NetWeaver platforms compromised via CVE-2025-31324 is underway. “[The] attacks [are] staged by follow-on, …
Understanding 2024 cyber attack trends
Mandiant has released the M-Trends 2025 report, which outlines global cyber attack trends based on their own incident response engagements from 2024. Key trends and insights …
Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)
A suspected Chinese APT group has exploited CVE-2025-22457 – a buffer overflow bug that was previously thought not to be exploitable – to compromise appliances …
CISA reveals new malware variant used on compromised Ivanti Connect Secure devices
CISA has released indicators of compromise, detection signatures, and updated mitigation advice for rooting out a newly identified malware variant used by the attackers who …
UK domain registry Nominet breached via Ivanti zero-day
The number of internet-facing Ivanti Connect Secure instances vulnerable to attack via CVE-2025-0282 has fallen from 2,048 to 800 in the last four days, the Shadowserver …
Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282)
The zero-day attacks leveraging the Ivanti Connect Secure (ICS) vulnerability (CVE-2025-0282) made public on Wednesday were first spotted in mid-December 2024, Mandiant …
Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282)
NEW STORY: Thursday, January 9, 07:30 ET Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) Ivanti has fixed two vulnerabilities affecting Ivanti …
Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575)
Fortinet has finally made public information about CVE-2024-47575, a critical FortiManager vulnerability that attackers have exploited as a zero-day. About CVE-2024-47575 …
Defenders must adapt to shrinking exploitation timelines
A new report from Mandiant reveals that the average time-to-exploit vulnerabilities before or after a patch is released has plunged to just five days in 2023, down from 32 …
Private US companies targeted by Stonefly APT
Undeterred by the indictment issued against one of its alleged members, North Korean APT group Stonefly (aka APT45) continues to target companies in the US, Symantec threat …
Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) released
A partnership of 28 industry leaders serving public and private organizations across the vendor and consumer community volunteered their time, effort, and experience to launch …
Featured news
Resources
Don't miss
- Product showcase: iStorage diskAshur PRO3
- As AI tools take hold in cybersecurity, entry-level jobs could shrink
- Critical CrushFTP vulnerability exploited. Have you been targeted? (CVE-2025-54309)
- How to land your first job in cybersecurity
- World Health Organization CISO on securing global health emergencies