Mandiant

F5 data breach: “Nation-state” attackers stole BIG-IP source code, vulnerability info

CrowdStrike, data breach, data theft, Don't miss, F5 Networks, Hot stuff, IOActive, Mandiant, NCC Group, NCSC, networking, News, source code /

F5 data breach: “Nation-state” attackers stole BIG-IP source code, vulnerability info 2025-10-15 at 18:39 By Zeljka Zorz US tech company F5 has suffered a breach, and the attackers made off with source code of and vulnerability information related to its BIG-IP family of networking and security products, the company confirmed today. BIG-IP vulnerabilities are often […]

React to this headline:

Loading spinner

F5 data breach: “Nation-state” attackers stole BIG-IP source code, vulnerability info Read More »

Attackers compromised ALL SonicWall firewall configuration backup files

backup, cloud security, Don't miss, enterprise, firewall, Hot stuff, Mandiant, News, SMBs, SonicWall /

Attackers compromised ALL SonicWall firewall configuration backup files 2025-10-09 at 15:41 By Zeljka Zorz The attackers who brute-forced their way into SonicWall’s firewall cloud backup service accessed configuration backup files of all customers who have used the service, SonicWall stated on Wednesday, following the conclusion of a Mandiant-supported investigation into the incident. Early reports suggested

React to this headline:

Loading spinner

Attackers compromised ALL SonicWall firewall configuration backup files Read More »

Leaked Oracle EBS exploit scripts expected to drive new wave of attacks (CVE-2025-61882)

data theft, Don't miss, exploit, extortion, Hot stuff, Mandiant, News, Oracle, Resecurity, WatchTowr /

Leaked Oracle EBS exploit scripts expected to drive new wave of attacks (CVE-2025-61882) 2025-10-07 at 15:36 By Zeljka Zorz Resecurity and watchTowr researchers have analyzed the leaked scripts used by attackers to exploit CVE-2025-61882 on internet-facing Oracle ESB instances. Whether the attackers were Cl0p or LAPSUS$, both, or even additional threat actors is still unknown,

React to this headline:

Loading spinner

Leaked Oracle EBS exploit scripts expected to drive new wave of attacks (CVE-2025-61882) Read More »

Cl0p exploits Oracle E-Business Suite zero-day in data theft, extortion campaign (CVE-2025-61882)

data theft, Don't miss, extortion, Hot stuff, Mandiant, News, Oracle /

Cl0p exploits Oracle E-Business Suite zero-day in data theft, extortion campaign (CVE-2025-61882) 2025-10-06 at 15:28 By Zeljka Zorz The Cl0p extortion gang exploited multiple Oracle E-Business Suite (EBS) vulnerabilities, including one zero-day flaw (CVE-2025-61882), “to steal large amounts of data from several victim[s] in August 2025,” Charles Carmakal, CTO at Mandiant – Google Cloud, stated

React to this headline:

Loading spinner

Cl0p exploits Oracle E-Business Suite zero-day in data theft, extortion campaign (CVE-2025-61882) Read More »

Oracle customers targeted with emails claiming E-Business Suite breach, data theft

Atmos, Don't miss, extortion, Google Cloud, Halcyon, Hot stuff, Mandiant, News, Oracle /

Oracle customers targeted with emails claiming E-Business Suite breach, data theft 2025-10-02 at 16:19 By Zeljka Zorz Unknown attackers claiming affiliation with the Cl0p extortion gang are hitting business and IT executives at various companies with emails claiming that they have exfiltrated sensitive data from the firms’ Oracle E-Business Suite (EBS). The email campaign According

React to this headline:

Loading spinner

Oracle customers targeted with emails claiming E-Business Suite breach, data theft Read More »

SonicWall adds rootkit removal capabilities to the SMA 100 series

Don't miss, firmware, Google, Hot stuff, Mandiant, News, Ransomware, rootkits, security update, SonicWall /

SonicWall adds rootkit removal capabilities to the SMA 100 series 2025-09-23 at 16:24 By Zeljka Zorz SonicWall has released new firmware for its Secure Mobile Access (SMA) 100 series appliances, adding file-checking capabilities that help users remove known rootkit malware. The malware in question is the OVERSTEP user-mode rootkit, deployed by threat group UNC6148. The

React to this headline:

Loading spinner

SonicWall adds rootkit removal capabilities to the SMA 100 series Read More »

Salesloft Drift data breach: Investigation reveals how attackers got in

credentials, data theft, Don't miss, Hot stuff, Mandiant, News, Salesforce, Salesloft, supply chain compromise /

Salesloft Drift data breach: Investigation reveals how attackers got in 2025-09-08 at 14:33 By Zeljka Zorz The attack that resulted in the Salesloft Drift data breach started with the compromise of the company’s GitHub account, Salesloft confirmed this weekend. Supply chain compromise On August 26, the company publicly revealed that earlier that month, a threat

React to this headline:

Loading spinner

Salesloft Drift data breach: Investigation reveals how attackers got in Read More »

Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690)

0-day, Don't miss, enterprise, Hot stuff, Mandiant, News, Sitecore, SMBs /

Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) 2025-09-04 at 14:48 By Zeljka Zorz A threat actor is leveraging a zero-day vulnerability (CVE-2025-53690) and an exposed sample ASP.NET machine key to breach internet-facing, on-premises deployments of several Sitecore solutions, Mandiant has revealed. About CVE-2025-53690 CVE-2025-53690 is a ViewState deserialization vulnerability that affects any version of Sitecore

React to this headline:

Loading spinner

Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) Read More »

Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft breach

Astrix Security, data breach, Don't miss, Gmail, Google, Hot stuff, Mandiant, News, OAuth, PagerDuty, Palo Alto Networks, Salesforce, SpyCloud, Tanium, WideField, Zscaler /

Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft breach 2025-09-02 at 18:20 By Zeljka Zorz In the wake of last week’s revelation of a breach at Salesloft by a group tracked by Google as UNC6395, several companies – including Zscaler, Palo Alto Networks, PagerDuty, Tanium, and SpyCloud – have confirmed their Salesforce instances

React to this headline:

Loading spinner

Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft breach Read More »

Google unveils new AI and cloud security capabilities at Security Summit

Artificial Intelligence, conferences, Data Protection, Google, Mandiant, News, security operations, SOC /

Google unveils new AI and cloud security capabilities at Security Summit 2025-08-19 at 19:05 By Sinisa Markovic Google used its Cloud Security Summit 2025 today to introduce a wide range of updates aimed at securing AI innovation and strengthening enterprise defenses. The announcements span protections for AI agents, new tools for security operations centers, enhancements

React to this headline:

Loading spinner

Google unveils new AI and cloud security capabilities at Security Summit Read More »

SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit

backdoor, credentials, Don't miss, Google, Hot stuff, Mandiant, News, SonicWall, vulnerability /

SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit 2025-07-16 at 20:54 By Zeljka Zorz Unknown intruders are targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances and deploying a novel, persistent backdoor / rootkit, analysts with Google’s Threat Intelligence Group (GTIG) have warned. The analysts say UNC6148 – as

React to this headline:

Loading spinner

SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit Read More »

SonicWall SMA Appliances Targeted With New ‘Overstep’ Malware

Mandiant, Network Security, Ransomware, SonicWall, UNC6148 /

SonicWall SMA Appliances Targeted With New ‘Overstep’ Malware 2025-07-16 at 17:02 By Eduard Kovacs A threat actor that may be financially motivated is targeting SonicWall devices with a backdoor and user-mode rootkit. The post SonicWall SMA Appliances Targeted With New ‘Overstep’ Malware appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

SonicWall SMA Appliances Targeted With New ‘Overstep’ Malware Read More »

US Insurance Industry Warned of Scattered Spider Attacks

cybercrime, Insurance, Mandiant, Scattered Spider /

US Insurance Industry Warned of Scattered Spider Attacks 2025-06-17 at 15:20 By Eduard Kovacs Google is warning insurance companies that Scattered Spider appears to have shifted its focus from the retail sector.  The post US Insurance Industry Warned of Scattered Spider Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

US Insurance Industry Warned of Scattered Spider Attacks Read More »

Google’s $32 Billion Wiz Deal Draws DOJ Antitrust Scrutiny: Report

antitrust, cloud security, Google, Government, Justice Department, Mandiant /

Google’s $32 Billion Wiz Deal Draws DOJ Antitrust Scrutiny: Report 2025-06-16 at 18:20 By SecurityWeek News According to reports, the US Department of Justice will assess whether the deal would harm competition in the cybersecurity market. The post Google’s $32 Billion Wiz Deal Draws DOJ Antitrust Scrutiny: Report appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Google’s $32 Billion Wiz Deal Draws DOJ Antitrust Scrutiny: Report Read More »

Vietnamese Hackers Distribute Malware via Fake AI-Themed Websites

Artificial Intelligence, Malware & Threats, Mandiant, UNC6032, Vietnam /

Vietnamese Hackers Distribute Malware via Fake AI-Themed Websites 2025-05-28 at 16:29 By Ionut Arghire Mandiant warns that a Vietnamese hacking group tracked as UNC6032 is distributing malware via fake AI video generator websites. The post Vietnamese Hackers Distribute Malware via Fake AI-Themed Websites appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Vietnamese Hackers Distribute Malware via Fake AI-Themed Websites Read More »

Compromised SAP NetWeaver instances are ushering in opportunistic threat actors

Don't miss, enterprise, Forescout, Government, Hot stuff, Incident Response, Mandiant, News, Onapsis, SAP, web shell /

Compromised SAP NetWeaver instances are ushering in opportunistic threat actors 2025-05-12 at 16:07 By Zeljka Zorz A second wave of attacks against the hundreds of SAP NetWeaver platforms compromised via CVE-2025-31324 is underway. “[The] attacks [are] staged by follow-on, opportunistic threat actors who are leveraging previously established webshells (from the first zero-day attack) on vulnerable

React to this headline:

Loading spinner

Compromised SAP NetWeaver instances are ushering in opportunistic threat actors Read More »

M-Trends 2025: State-Sponsored IT Workers Emerge as Global Threat

Mandiant, North Korea, report, Uncategorized /

M-Trends 2025: State-Sponsored IT Workers Emerge as Global Threat 2025-04-25 at 16:32 By Kevin Townsend Mandiant’s latest threat report shows how attackers adapt faster than defenses, shifting strategies toward credential theft and insider threats. The post M-Trends 2025: State-Sponsored IT Workers Emerge as Global Threat appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

M-Trends 2025: State-Sponsored IT Workers Emerge as Global Threat Read More »

Understanding 2024 cyber attack trends

cloud security, cyberattacks, Don't miss, Hot stuff, Insider Threat, Mandiant, News, Ransomware, tips, trends /

Understanding 2024 cyber attack trends 2025-04-24 at 13:04 By Zeljka Zorz Mandiant has released the M-Trends 2025 report, which outlines global cyber attack trends based on their own incident response engagements from 2024. Key trends and insights In 2024, Mandiant handled more incidents in the financial sector than in any other industry: 17.4%. Other popular

React to this headline:

Loading spinner

Understanding 2024 cyber attack trends Read More »

Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle

Connect Secure, CVE-2025-22457, Incident Response, Ivanti, Malware & Threats, Mandiant, Rapid7, VPN, Vulnerabilities /

Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle 2025-04-11 at 21:05 By Ryan Naraine The CVE-2025-22457 has already been exploited by a China-nexus hacking gang notorious for breaking into edge network devices. The post Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle Read More »

Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools

agentic AI, AI, Artificial Intelligence, Google, Mandiant, SOC, Threat Intelligence /

Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools 2025-04-09 at 20:50 By Ryan Naraine Google plans to unleash automated AI agents into overtaxed SOCs to reduce the manual workload for cybersecurity investigators. The post Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools Read More »

Scroll to Top