Mandiant

SonicWall adds rootkit removal capabilities to the SMA 100 series

Don't miss, firmware, Google, Hot stuff, Mandiant, News, Ransomware, rootkits, security update, SonicWall /

SonicWall adds rootkit removal capabilities to the SMA 100 series 2025-09-23 at 16:24 By Zeljka Zorz SonicWall has released new firmware for its Secure Mobile Access (SMA) 100 series appliances, adding file-checking capabilities that help users remove known rootkit malware. The malware in question is the OVERSTEP user-mode rootkit, deployed by threat group UNC6148. The […]

React to this headline:

Loading spinner

SonicWall adds rootkit removal capabilities to the SMA 100 series Read More »

Salesloft Drift data breach: Investigation reveals how attackers got in

credentials, data theft, Don't miss, Hot stuff, Mandiant, News, Salesforce, Salesloft, supply chain compromise /

Salesloft Drift data breach: Investigation reveals how attackers got in 2025-09-08 at 14:33 By Zeljka Zorz The attack that resulted in the Salesloft Drift data breach started with the compromise of the company’s GitHub account, Salesloft confirmed this weekend. Supply chain compromise On August 26, the company publicly revealed that earlier that month, a threat

React to this headline:

Loading spinner

Salesloft Drift data breach: Investigation reveals how attackers got in Read More »

Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690)

0-day, Don't miss, enterprise, Hot stuff, Mandiant, News, Sitecore, SMBs /

Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) 2025-09-04 at 14:48 By Zeljka Zorz A threat actor is leveraging a zero-day vulnerability (CVE-2025-53690) and an exposed sample ASP.NET machine key to breach internet-facing, on-premises deployments of several Sitecore solutions, Mandiant has revealed. About CVE-2025-53690 CVE-2025-53690 is a ViewState deserialization vulnerability that affects any version of Sitecore

React to this headline:

Loading spinner

Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) Read More »

Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft breach

Astrix Security, data breach, Don't miss, Gmail, Google, Hot stuff, Mandiant, News, OAuth, PagerDuty, Palo Alto Networks, Salesforce, SpyCloud, Tanium, WideField, Zscaler /

Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft breach 2025-09-02 at 18:20 By Zeljka Zorz In the wake of last week’s revelation of a breach at Salesloft by a group tracked by Google as UNC6395, several companies – including Zscaler, Palo Alto Networks, PagerDuty, Tanium, and SpyCloud – have confirmed their Salesforce instances

React to this headline:

Loading spinner

Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft breach Read More »

Google unveils new AI and cloud security capabilities at Security Summit

Artificial Intelligence, conferences, Data Protection, Google, Mandiant, News, security operations, SOC /

Google unveils new AI and cloud security capabilities at Security Summit 2025-08-19 at 19:05 By Sinisa Markovic Google used its Cloud Security Summit 2025 today to introduce a wide range of updates aimed at securing AI innovation and strengthening enterprise defenses. The announcements span protections for AI agents, new tools for security operations centers, enhancements

React to this headline:

Loading spinner

Google unveils new AI and cloud security capabilities at Security Summit Read More »

SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit

backdoor, credentials, Don't miss, Google, Hot stuff, Mandiant, News, SonicWall, vulnerability /

SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit 2025-07-16 at 20:54 By Zeljka Zorz Unknown intruders are targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances and deploying a novel, persistent backdoor / rootkit, analysts with Google’s Threat Intelligence Group (GTIG) have warned. The analysts say UNC6148 – as

React to this headline:

Loading spinner

SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit Read More »

SonicWall SMA Appliances Targeted With New ‘Overstep’ Malware

Mandiant, Network Security, Ransomware, SonicWall, UNC6148 /

SonicWall SMA Appliances Targeted With New ‘Overstep’ Malware 2025-07-16 at 17:02 By Eduard Kovacs A threat actor that may be financially motivated is targeting SonicWall devices with a backdoor and user-mode rootkit. The post SonicWall SMA Appliances Targeted With New ‘Overstep’ Malware appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

SonicWall SMA Appliances Targeted With New ‘Overstep’ Malware Read More »

US Insurance Industry Warned of Scattered Spider Attacks

cybercrime, Insurance, Mandiant, Scattered Spider /

US Insurance Industry Warned of Scattered Spider Attacks 2025-06-17 at 15:20 By Eduard Kovacs Google is warning insurance companies that Scattered Spider appears to have shifted its focus from the retail sector.  The post US Insurance Industry Warned of Scattered Spider Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

US Insurance Industry Warned of Scattered Spider Attacks Read More »

Google’s $32 Billion Wiz Deal Draws DOJ Antitrust Scrutiny: Report

antitrust, cloud security, Google, Government, Justice Department, Mandiant /

Google’s $32 Billion Wiz Deal Draws DOJ Antitrust Scrutiny: Report 2025-06-16 at 18:20 By SecurityWeek News According to reports, the US Department of Justice will assess whether the deal would harm competition in the cybersecurity market. The post Google’s $32 Billion Wiz Deal Draws DOJ Antitrust Scrutiny: Report appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Google’s $32 Billion Wiz Deal Draws DOJ Antitrust Scrutiny: Report Read More »

Vietnamese Hackers Distribute Malware via Fake AI-Themed Websites

Artificial Intelligence, Malware & Threats, Mandiant, UNC6032, Vietnam /

Vietnamese Hackers Distribute Malware via Fake AI-Themed Websites 2025-05-28 at 16:29 By Ionut Arghire Mandiant warns that a Vietnamese hacking group tracked as UNC6032 is distributing malware via fake AI video generator websites. The post Vietnamese Hackers Distribute Malware via Fake AI-Themed Websites appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Vietnamese Hackers Distribute Malware via Fake AI-Themed Websites Read More »

Compromised SAP NetWeaver instances are ushering in opportunistic threat actors

Don't miss, enterprise, Forescout, Government, Hot stuff, Incident Response, Mandiant, News, Onapsis, SAP, web shell /

Compromised SAP NetWeaver instances are ushering in opportunistic threat actors 2025-05-12 at 16:07 By Zeljka Zorz A second wave of attacks against the hundreds of SAP NetWeaver platforms compromised via CVE-2025-31324 is underway. “[The] attacks [are] staged by follow-on, opportunistic threat actors who are leveraging previously established webshells (from the first zero-day attack) on vulnerable

React to this headline:

Loading spinner

Compromised SAP NetWeaver instances are ushering in opportunistic threat actors Read More »

M-Trends 2025: State-Sponsored IT Workers Emerge as Global Threat

Mandiant, North Korea, report, Uncategorized /

M-Trends 2025: State-Sponsored IT Workers Emerge as Global Threat 2025-04-25 at 16:32 By Kevin Townsend Mandiant’s latest threat report shows how attackers adapt faster than defenses, shifting strategies toward credential theft and insider threats. The post M-Trends 2025: State-Sponsored IT Workers Emerge as Global Threat appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

M-Trends 2025: State-Sponsored IT Workers Emerge as Global Threat Read More »

Understanding 2024 cyber attack trends

cloud security, cyberattacks, Don't miss, Hot stuff, Insider Threat, Mandiant, News, Ransomware, tips, trends /

Understanding 2024 cyber attack trends 2025-04-24 at 13:04 By Zeljka Zorz Mandiant has released the M-Trends 2025 report, which outlines global cyber attack trends based on their own incident response engagements from 2024. Key trends and insights In 2024, Mandiant handled more incidents in the financial sector than in any other industry: 17.4%. Other popular

React to this headline:

Loading spinner

Understanding 2024 cyber attack trends Read More »

Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle

Connect Secure, CVE-2025-22457, Incident Response, Ivanti, Malware & Threats, Mandiant, Rapid7, VPN, Vulnerabilities /

Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle 2025-04-11 at 21:05 By Ryan Naraine The CVE-2025-22457 has already been exploited by a China-nexus hacking gang notorious for breaking into edge network devices. The post Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle Read More »

Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools

agentic AI, AI, Artificial Intelligence, Google, Mandiant, SOC, Threat Intelligence /

Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools 2025-04-09 at 20:50 By Ryan Naraine Google plans to unleash automated AI agents into overtaxed SOCs to reduce the manual workload for cybersecurity investigators. The post Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools Read More »

Google Pushing ‘Sec-Gemini’ AI Model for Threat-Intel Workflows

Artificial Intelligence, Gemini, Google, Mandiant, Sec-Gemini, Threat Intelligence, threat-intel /

Google Pushing ‘Sec-Gemini’ AI Model for Threat-Intel Workflows 2025-04-07 at 18:06 By Ryan Naraine Experimental Sec-Gemini v1 touts a combination of Google’s Gemini LLM capabilities with real-time security data and tooling from Mandiant. The post Google Pushing ‘Sec-Gemini’ AI Model for Threat-Intel Workflows appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Google Pushing ‘Sec-Gemini’ AI Model for Threat-Intel Workflows Read More »

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)

cyber espionage, Don't miss, Hot stuff, Ivanti, Mandiant, News, VPN, vulnerability /

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) 2025-04-03 at 21:01 By Zeljka Zorz A suspected Chinese APT group has exploited CVE-2025-22457 – a buffer overflow bug that was previously thought not to be exploitable – to compromise appliances running Ivanti Connect Secure (ICS) 22.7R2.5 or earlier or Pulse Connect Secure 9.1x. The vulnerability

React to this headline:

Loading spinner

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) Read More »

Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances 

Connect Secure, CVE-2025-22457, Ivanti, Malware & Threats, Mandiant, Network Security, Pulse Connect, UNC5221 /

Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances  2025-04-03 at 20:17 By Ryan Naraine Ivanti misdiagnoses a remote code execution vulnerability and Mandiant reports that Chinese hackers are launching in-the-wild exploits. The post Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances  appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances  Read More »

CISA reveals new malware variant used on compromised Ivanti Connect Secure devices

China, CISA, cyber espionage, Don't miss, Hot stuff, Ivanti, Malware, Mandiant, Microsoft, News /

CISA reveals new malware variant used on compromised Ivanti Connect Secure devices 2025-03-31 at 16:12 By Zeljka Zorz CISA has released indicators of compromise, detection signatures, and updated mitigation advice for rooting out a newly identified malware variant used by the attackers who breached Ivanti Connect Secure VPN appliances in December 2024 by exploiting the

React to this headline:

Loading spinner

CISA reveals new malware variant used on compromised Ivanti Connect Secure devices Read More »

Mandiant Uncovers Custom Backdoors on End-of-Life Juniper Routers

backdoor, China, Juniper, Junos OS, Mandiant, Nation-State, Network Security, UNC3886 /

Mandiant Uncovers Custom Backdoors on End-of-Life Juniper Routers 2025-03-12 at 18:45 By Ryan Naraine China-nexus cyberespionage group caught planting custom backdoors on end-of-life Juniper Networks Junos OS routers. The post Mandiant Uncovers Custom Backdoors on End-of-Life Juniper Routers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this

React to this headline:

Loading spinner

Mandiant Uncovers Custom Backdoors on End-of-Life Juniper Routers Read More »

Scroll to Top