Top News

• Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam

"Bitdefender Labs warns of an active campaign by the North Korea-linked Lazarus Group, targeting organizations by capturing credentials and delivering malware through fake LinkedIn job offers."

Link

TLP¹ : Green

• Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks

"Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their applications in attackers' pathway."

Link

TLP¹ : Green

• NOVA: blast from the past

"Attackers use a fork of a popular stealer to target Russian companies"

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• India's RBI Introduces Exclusive "bank.in" Domain to Combat Digital Banking Fraud

"India's central bank, the Reserve Bank of India (RBI), said it's introducing an exclusive "bank.in" internet domain for banks in the country to combat digital financial fraud."

Link

TLP¹ : Green

• Law enforcement targets online cult communities dedicated to extremely violent child abuse

"US Homeland Security Investigations, supported by Europol and the French Police, arrested members of an online community dedicated to grooming, sexual abuse, acts of cruelty, torture and murders"

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• British engineering firm IMI discloses breach, shares no details

"British-based engineering firm IMI plc has disclosed a security breach after unknown attackers hacked into the company's systems."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• F5 Warns of TLS Session Resumption Vulnerability in NGINX (CVE-2025-23419)

"F5 has issued a security advisory warning of a vulnerability in NGINX, a popular web server software. The vulnerability, tracked as CVE-2025-23419, could allow attackers to bypass client certificate authentication, potentially gaining unauthorized access to sensitive resources."

Link

TLP¹ : Green

• Cisco addressed two critical flaws in its Identity Services Engine (ISE)

"Cisco addressed critical flaws in Identity Services Engine, preventing privilege escalation and system configuration changes."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Want to get started using ChatGPT? These courses show you the right way

"You’ve probably played around with ChatGPT, asking it to explain a complex topic or tell a funny story, but most people have no idea what it’s truly capable of. As in, you probably didn’t know it could help you decide what to cook for dinner or plan an itinerary for your next vacation."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Not-so-SimpleHelp exploits enabling deployment of Sliver backdoor

"Field Effect recently identified and thwarted a sophisticated breach where threat actors exploited newly uncovered vulnerabilities in SimpleHelp’s Remote Monitoring and Management (RMM) client as an entry point to infiltrate and establish unauthorized access within a targeted network."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp