Modern security teams often feel like they’re driving through fog with failing headlights. Threats accelerate, alerts multiply, and SOCs struggle to understand which dangers matter right now for their business. Breaking out of reactive defense is no longer optional. It’s the difference between preventing incidents and cleaning up after them. Below is the path from…
The threat actor known as Jewelbug has been increasingly focusing on government targets in Europe since July 2025, even as it continues to attack entities located in Southeast Asia and South America. Check Point Research is tracking the cluster under the name Ink Dragon. It’s also referenced by the broader cybersecurity community under the names…
A new campaign named GhostPoster has leveraged logo files associated with 17 Mozilla Firefox browser add-ons to embed malicious JavaScript code designed to hijack affiliate links, inject tracking code, and commit click and ad fraud. The extensions have been collectively downloaded over 50,000 times, according to Koi Security, which discovered the campaign. The add-ons are…
Rapid digitization, uneven cybersecurity know-how, and growing cybercriminal syndicates in the region have challenged law enforcement and prosecutors.
What is the Vulnerability? CVE-2025-14611 is a high-severity insecure cryptography vulnerability affecting Gladinet CentreStack and Triofox products prior to version 16.12.10420.56791. The flaw stems from hardcoded AES cryptographic key values in the product’s implementation, degrading encryption security and enabling unauthorized access to sensitive resources when exposed publicly. Active exploitation of this weakness has been observed…
A high-school student is tackling the overlooked risk of AI-generated satellite imagery that could mislead governments and emergency responders.
The key elements in a security operations center’s strategy map very closely to the swim/bike/run events in a triathlon. SOCs, like triathletes, perform well when their “inputs” are strong.
But media reports described the attack as causing major disruption to PDVSA, the state-owned oil and natural gas company.
Amazon detailed a long-running campaign by Russia against critical infrastructure organizations, particularly in the energy sector.
An ongoing campaign has been observed targeting Amazon Web Services (AWS) customers using compromised Identity and Access Management (IAM) credentials to enable cryptocurrency mining. The activity, first detected by Amazon’s GuardDuty managed threat detection service and its automated security monitoring systems on November 2, 2025, employs never-before-seen persistence techniques to hamper