Executive Summary A newly disclosed critical vulnerability, WhisperPair (CVE-2025-36911), exposes hundreds of millions of Bluetooth audio accessories to remote hijacking, eavesdropping, and location tracking. The flaw resides in the implementation of the Google Fast Pair protocol across a wide range of devices from leading vendors including Sony , Jabra , JBL , Marshall , Xiaomi , Nothing , OnePlus , Soundcore , Logitech , and Google itself. Attackers can exploit this vuln

Executive Summary A critical zero-day remote code execution (RCE) vulnerability in Cisco 's Secure Email Gateway and Secure Email and Web Manager appliances has been actively exploited by a China-linked advanced persistent threat (APT) group. The vulnerability, tracked as CVE-2024-20353 with a CVSS score of 10.0, allows unauthenticated attackers to execute arbitrary commands as root on affected systems. The exploitation campaign leverages the Spam Quarantine feature, whic

Executive Summary A critical security vulnerability has been identified in the WordPress Modular DS plugin, which is actively being exploited to gain unauthorized administrator access to WordPress sites. This flaw, tracked as CVE-2026-23550 with a maximum CVSS score of 10.0, affects all versions of the Modular DS plugin up to and including 2.5.1. The vulnerability allows unauthenticated remote attackers to bypass authentication controls and escalate privileges, resulting i

Executive Summary A highly targeted cyber-espionage campaign has been identified leveraging Venezuela-themed spear phishing to deliver the LOTUSLITE backdoor against U.S. government and policy-focused organizations. This operation, attributed with moderate confidence to the China-linked advanced persistent threat group Mustang Panda , utilizes DLL sideloading techniques and sophisticated social engineering to bypass traditional security controls. The campaign’s technical sop

Executive Summary The Canadian Investment Regulatory Organization ( CIRO ), the national self-regulatory body overseeing investment dealers, mutual fund dealers, and trading activity in Canada, experienced a significant data breach in August 2025. Following a sophisticated phishing attack, approximately 750,000 Canadian investors had their sensitive personal and financial information compromised. The breach was initially detected on August 11, 2025, with public disclosure on

Executive Summary Veeam has released critical security updates for its flagship Veeam Backup & Replication product, addressing a severe remote code execution (RCE) vulnerability tracked as CVE-2025-59470 . This flaw, assigned a CVSS v3.1 base score of 9.0, enables highly privileged users—specifically those with Backup Operator or Tape Operator roles—to execute arbitrary code as the postgres user on the backup server. The vulnerability is exploitable via network vectors a

Executive Summary Microsoft has issued a critical advisory highlighting a surge in sophisticated phishing campaigns that exploit misconfigured email routing and insufficient spoof protection within Microsoft 365 and hybrid Exchange environments. These attacks enable adversaries to send phishing emails that convincingly appear to originate from an organization’s own internal domain, thereby bypassing standard security controls and increasing the likelihood of successful cre

Executive Summary A critical zero-day vulnerability has been discovered and is being actively exploited in several discontinued D-Link router models, including the D-Link DIR-600 , DIR-615 , and DIR-825 . This vulnerability, which enables remote code execution and authentication bypass via the device’s web management interface, exposes organizations to significant risk. Threat actors are leveraging this flaw to gain unauthorized access, deploy malware, and conscript devices

Executive Summary On January 3, 2026, multiple threat actors, self-identified as Scattered Lapsus$ Hunters (SLH), publicly claimed to have breached the systems of cybersecurity firm Resecurity and exfiltrated sensitive internal data. The attackers released screenshots on Telegram, purporting to show access to employee data, internal communications, threat intelligence reports, and client information. However, Resecurity responded with a detailed statement and technical evi

Executive Summary Transparent Tribe (also known as APT36 ), a persistent and highly adaptive state-sponsored threat actor, has initiated a sophisticated campaign targeting Indian government and academic institutions with new Remote Access Trojan (RAT) attacks. This campaign is characterized by the use of advanced spear-phishing techniques, weaponized Windows shortcut ( LNK ) files, and custom malware payloads designed for stealth, persistence, and data exfiltration. The att

Executive Summary A newly identified, highly sophisticated phishing campaign is actively exploiting the Google Cloud Application Integration email feature to deliver multi-stage phishing attacks. Cybercriminals are leveraging the trusted Google infrastructure to send phishing emails from legitimate Google domains, effectively bypassing traditional email security controls such as SPF, DKIM, and DMARC. The campaign employs a multi-stage redirection chain, utilizing both Goog

Executive Summary On May 26, 2025, Covenant Health detected unauthorized activity within its IT environment, later attributed to the Qilin ransomware group . The breach, which began on May 18, 2025, resulted in the compromise of sensitive data belonging to nearly 478,188 patients across multiple facilities. Exposed information included names, addresses, dates of birth, medical record numbers, Social Security numbers, treatment details, and health insurance information. The Q

Executive Summary The Kimwolf botnet represents a critical and rapidly evolving threat to enterprise and consumer networks worldwide. This Android-based malware ecosystem has infected over 1.8 million devices, with a focus on Android TV boxes , digital photo frames , and other IoT devices that are often shipped with weak security controls or pre-installed malicious software. Kimwolf leverages residential proxy networks to bypass traditional perimeter defenses, enabling atta

Executive Summary MongoDB has issued an urgent security advisory regarding a critical vulnerability, tracked as CVE-2025-14847 , that affects a wide range of MongoDB Server versions. This flaw enables unauthenticated remote attackers to read uninitialized heap memory and, under certain conditions, may be leveraged to achieve remote code execution (RCE). The vulnerability is particularly dangerous due to its low attack complexity, the absence of required user interaction, an

Executive Summary On December 22, 2025, the French national postal service, La Poste , and its banking arm, La Banque Postale , experienced a significant disruption due to a distributed denial of service (DDoS) cyberattack. The pro-Russian hacking group Noname057(16) publicly claimed responsibility for the attack, which rendered central computer systems offline, halted package tracking, and disrupted online payments during the peak Christmas delivery period. The French intel

Executive Summary A sophisticated cyber threat campaign has emerged, leveraging a typosquatted domain mimicking the legitimate Microsoft Activation Scripts (MAS) project to distribute advanced PowerShell malware. The malicious domain, get.activate[.]win , closely resembles the authentic get.activated.win site, exploiting minor typographical errors made by users seeking to activate Windows or Microsoft Office products. Unsuspecting users who execute activation scripts fro

Executive Summary A sophisticated malware campaign leveraging the WebRAT remote access trojan has been identified propagating through fake vulnerability exploits hosted on GitHub . Threat actors are capitalizing on the cybersecurity community’s demand for proof-of-concept (PoC) code by creating repositories that purport to offer exploits for high-profile vulnerabilities, including both real and fabricated CVE identifiers. Unsuspecting users, particularly junior security res

Executive Summary Publication Date: December 24, 2025 The US healthcare sector is facing a pivotal moment as the Department of Health and Human Services ( HHS ) advances a sweeping overhaul of the HIPAA Security Rule . This regulatory update, proposed in early 2025, is designed to address the escalating threat landscape targeting electronic protected health information ( ePHI ). However, the industry response has been marked by significant resistance, with leading healthcare

Executive Summary The Iranian advanced persistent threat (APT) group known as Infy (also referred to as "Prince of Persia") has re-emerged after a prolonged period of inactivity, orchestrating a new wave of cyber-espionage campaigns. Leveraging advanced malware variants and innovative command-and-control (C2) techniques, including the use of the Telegram messaging platform, Infy has demonstrated a significant evolution in its operational capabilities. The group’s latest ca

Executive Summary WatchGuard has issued a critical security advisory regarding active exploitation of a severe vulnerability in Fireware OS VPN services, specifically impacting the IKEv2 implementation. The vulnerability, tracked as CVE-2025-14733 , enables remote, unauthenticated attackers to execute arbitrary code on affected devices by exploiting an out-of-bounds write in the iked process. This flaw affects both mobile user VPNs and branch office VPNs configured with IK