Mandiant

Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245)

0-day, APT, Cisco, Don't miss, exploit, Hot stuff, Mandiant, News, SD-WAN /

Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245) 2026-06-05 at 15:49 By Zeljka Zorz A 0-day privilege escalation vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager that has yet to be patched by Cisco is being leveraged by attackers. “To exploit this vulnerability, an attacker must have netadmin privileges on an affected system. This would require […]

Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245) Read More »

Google AI Threat Defense targets attackers using AI to find flaws faster

agentic AI, AI, Google, Mandiant, News /

Google AI Threat Defense targets attackers using AI to find flaws faster 2026-05-27 at 17:23 By Anamarija Pogorelec Google Cloud introduced AI Threat Defense, an automated cybersecurity platform that combines several of the company’s security assets to find, prioritize, and patch software vulnerabilities at machine speed. The product is aimed at enterprises contending with attackers

Google AI Threat Defense targets attackers using AI to find flaws faster Read More »

Google researchers uncover criminal zero-day exploit likely built with AI

0-day, AI, APT, attack, cybercrime, cybersecurity, Don't miss, exploit, Google, Google Cloud, Hot stuff, Mandiant, News, report, Russian Federation, threats /

Google researchers uncover criminal zero-day exploit likely built with AI 2026-05-11 at 16:48 By Mirko Zorz Google’s threat intelligence researchers have linked a zero-day exploit to AI-assisted development by a criminal group. The exploit targeted a popular open-source web-based system administration tool. It allowed attackers to bypass two-factor authentication once they had valid user credentials.

Google researchers uncover criminal zero-day exploit likely built with AI Read More »

Software supply chain hacks trigger wave of intrusions, data theft

data theft, Don't miss, extortion, Google Cloud, Hot stuff, Malware, Mandiant, News, ownCloud, Palo Alto Networks, supply chain compromise, Tenable, Wiz /

Software supply chain hacks trigger wave of intrusions, data theft 2026-04-02 at 18:58 By Zeljka Zorz After linking the Axios npm supply chain attack to North Korean hackers, Google researchers warned that “hundreds of thousands of stolen secrets could potentially be circulating” as a result of this and the Trivy, KICS, LiteLLM, and Telnyx supply

Software supply chain hacks trigger wave of intrusions, data theft Read More »

North Korean hackers linked to Axios npm supply chain compromise

Arctic Wolf Networks, backdoor, cybercrime, Don't miss, Google Cloud, Hot stuff, Mandiant, News, North Korea, supply chain attacks, supply chain compromise /

North Korean hackers linked to Axios npm supply chain compromise 2026-04-01 at 18:56 By Zeljka Zorz The software supply chain attack that resulted in the compromise of npm packages of Axios, an extremely popular HTTP client library, is believed to be the work of financially-motivated North Korean attackers. Links to UNC1069 On March 31, 2026,

North Korean hackers linked to Axios npm supply chain compromise Read More »

M-Trends 2026: Initial Access Handoff Shrinks From Hours to 22 Seconds

cybercrime, Featured, Google, M-Trends, Mandiant, report /

M-Trends 2026: Initial Access Handoff Shrinks From Hours to 22 Seconds 2026-03-23 at 17:17 By Eduard Kovacs The latest M-Trends report is based on insights from over 500,000 hours of Mandiant incident response investigations in 2025. The post M-Trends 2026: Initial Access Handoff Shrinks From Hours to 22 Seconds appeared first on SecurityWeek. This article

M-Trends 2026: Initial Access Handoff Shrinks From Hours to 22 Seconds Read More »

Kevin Mandia’s Armadin Launches With $190 Million in Funding

Artificial Intelligence, Cybersecurity Funding, funding, Kevin Mandia, Mandiant /

Kevin Mandia’s Armadin Launches With $190 Million in Funding 2026-03-10 at 16:33 By Kevin Townsend Armadin uses AI-powered red teaming to find and exploit weaknesses in the same way that attackers attack them. The post Kevin Mandia’s Armadin Launches With $190 Million in Funding appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Kevin Mandia’s Armadin Launches With $190 Million in Funding Read More »

Coruna: Spy-grade iOS exploit kit powering financial crime

CVE, cyber espionage, cybercrime, Don't miss, exploit kit, Google, Hot stuff, iOS, Mandiant, News, surveillance, vulnerability /

Coruna: Spy-grade iOS exploit kit powering financial crime 2026-03-03 at 21:02 By Zeljka Zorz A powerful iOS exploit kit has circulated among multiple threat actors over the past year, moving from a commercial surveillance operation to state-linked espionage campaigns and, ultimately, ended into the hands of financially motivated hackers, according to new research from Google’s

Coruna: Spy-grade iOS exploit kit powering financial crime Read More »

ShinyHunters flip the script on MFA in new data theft attacks

data theft, Don't miss, extortion, Google Cloud, Hot stuff, Mandiant, News, Silent Push, social engineering, SSO, tips, vishing /

ShinyHunters flip the script on MFA in new data theft attacks 2026-02-02 at 18:50 By Zeljka Zorz Multi-factor authentication (MFA) is supposed to defend against phishing attacks, but threat actors operating under the ShinyHunters banner are using it as a pretext in ongoing social engineering attacks aimed at bypassing it. Among those successfully targeted in

ShinyHunters flip the script on MFA in new data theft attacks Read More »

WinRAR vulnerability still a go-to tool for hackers, Mandiant warns

APT, BI.ZONE, cybercrime, Don't miss, exploit, Hot stuff, Malware, Mandiant, News, WinRAR /

WinRAR vulnerability still a go-to tool for hackers, Mandiant warns 2026-01-28 at 17:02 By Zeljka Zorz State-sponsored hackers and financially motivated attackers continue leveraging a critical WinRAR vulnerability (CVE-2025-8088) that’s been fixed over half a year ago. CVE-2025-8088 is a path traversal vulnerability that can be exploited via maliciously crafted RAR archives. “The exploit chain

WinRAR vulnerability still a go-to tool for hackers, Mandiant warns Read More »

AuraInspector: Open-source tool to audit Salesforce Aura access control misconfigurations

GitHub, Google Cloud, Mandiant, News, Salesforce, software /

AuraInspector: Open-source tool to audit Salesforce Aura access control misconfigurations 2026-01-13 at 17:45 By Anamarija Pogorelec Google and its Mandiant threat intelligence unit have released AuraInspector, an open-source tool aimed at auditing data access paths in Salesforce Experience Cloud applications. The tool focuses on the Aura framework, which underpins many Salesforce user interfaces and plays

AuraInspector: Open-source tool to audit Salesforce Aura access control misconfigurations Read More »

Gainsight breach: Salesforce details attack window, issues investigation guidance

data theft, Don't miss, Gainsight, Hot stuff, Mandiant, News, Palo Alto Networks, SaaS, Salesforce, supply chain compromise /

Gainsight breach: Salesforce details attack window, issues investigation guidance 2025-11-26 at 16:30 By Zeljka Zorz The number of Salesforce customers affected by the recent compromise of Gainsight-published applications is yet to be publicly confirmed, but Salesforce released indicators of compromise (IoCs) and simultaneously shed some light on when the attack likely started. The provided list

Gainsight breach: Salesforce details attack window, issues investigation guidance Read More »

Salesforce Gainsight compromise: Early findings and customer guidance

Don't miss, Gainsight, Hot stuff, Mandiant, News, SaaS, Salesforce, supply chain compromise /

Salesforce Gainsight compromise: Early findings and customer guidance 2025-11-21 at 14:16 By Zeljka Zorz In the wake of Salesforce’s announcement about “unusual activity involving Gainsight-published applications” and the company’s revocation of access and refresh tokens associated with them, Gainsight has been doing a good job keeping customers updated on current investigation findings. On the status

Salesforce Gainsight compromise: Early findings and customer guidance Read More »

Salesforce investigates new incident echoing Salesloft Drift compromise

data theft, Don't miss, Gainsight, Google Cloud, Hot stuff, Mandiant, News, SaaS, Salesforce, supply chain compromise /

Salesforce investigates new incident echoing Salesloft Drift compromise 2025-11-20 at 23:14 By Zeljka Zorz In what may be a repeat of the Salesloft Drift supply chain compromise, Salesforce confirmed that they’ve identified unusual activity involving Gainsight-published apps connected to Salesforce. “Our investigation indicates this activity may have enabled unauthorized access to certain customers’ Salesforce data

Salesforce investigates new incident echoing Salesloft Drift compromise Read More »

Attackers exploited another Gladinet Triofox zero-day (CVE-2025-12480)

0-day, Don't miss, file-sharing, Gladinet, Hot stuff, Mandiant, News, remote access /

Attackers exploited another Gladinet Triofox zero-day (CVE-2025-12480) 2025-11-11 at 14:47 By Zeljka Zorz Attackers have exploited a now-fixed vulnerability (CVE-2025-12480) in the Gladinet Triofox secure file sharing and remote access platform while it was still a zero-day, Mandiant revealed on Monday. CVE-2025-12480 exploitation and attack details Gladinet’s Triofox solution is used by medium and large

Attackers exploited another Gladinet Triofox zero-day (CVE-2025-12480) Read More »

SonicWall cloud backup hack was the work of a state actor

backup, cloud security, Don't miss, firewall, Hot stuff, Mandiant, News, SonicWall /

SonicWall cloud backup hack was the work of a state actor 2025-11-06 at 15:30 By Zeljka Zorz Incident responders from Mandiant have wrapped up their investigation into the SonicWall cloud backup service hack, and the verdict is in: the culprit is a state-sponsored threat actor (though the specific nation wasn’t disclosed). “[The incident] was isolated

SonicWall cloud backup hack was the work of a state actor Read More »

Google introduces agentic threat intelligence for faster, conversational threat analysis

agentic AI, Artificial Intelligence, Google, Google Cloud, Mandiant, News, Threat Intelligence, VirusTotal /

Google introduces agentic threat intelligence for faster, conversational threat analysis 2025-10-21 at 19:00 By Mirko Zorz Security teams spend much of their day pulling data from reports, forums, and feeds, trying to connect clues across multiple sources. Google says that work can now happen through a simple conversation. A new way to interact with threat

Google introduces agentic threat intelligence for faster, conversational threat analysis Read More »

F5 data breach: “Nation-state” attackers stole BIG-IP source code, vulnerability info

CrowdStrike, data breach, data theft, Don't miss, F5 Networks, Hot stuff, IOActive, Mandiant, NCC Group, NCSC, networking, News, source code /

F5 data breach: “Nation-state” attackers stole BIG-IP source code, vulnerability info 2025-10-15 at 18:39 By Zeljka Zorz US tech company F5 has suffered a breach, and the attackers made off with source code of and vulnerability information related to its BIG-IP family of networking and security products, the company confirmed today. BIG-IP vulnerabilities are often

F5 data breach: “Nation-state” attackers stole BIG-IP source code, vulnerability info Read More »

Attackers compromised ALL SonicWall firewall configuration backup files

backup, cloud security, Don't miss, enterprise, firewall, Hot stuff, Mandiant, News, SMBs, SonicWall /

Attackers compromised ALL SonicWall firewall configuration backup files 2025-10-09 at 15:41 By Zeljka Zorz The attackers who brute-forced their way into SonicWall’s firewall cloud backup service accessed configuration backup files of all customers who have used the service, SonicWall stated on Wednesday, following the conclusion of a Mandiant-supported investigation into the incident. Early reports suggested

Attackers compromised ALL SonicWall firewall configuration backup files Read More »

Leaked Oracle EBS exploit scripts expected to drive new wave of attacks (CVE-2025-61882)

data theft, Don't miss, exploit, extortion, Hot stuff, Mandiant, News, Oracle, Resecurity, WatchTowr /

Leaked Oracle EBS exploit scripts expected to drive new wave of attacks (CVE-2025-61882) 2025-10-07 at 15:36 By Zeljka Zorz Resecurity and watchTowr researchers have analyzed the leaked scripts used by attackers to exploit CVE-2025-61882 on internet-facing Oracle ESB instances. Whether the attackers were Cl0p or LAPSUS$, both, or even additional threat actors is still unknown,

Leaked Oracle EBS exploit scripts expected to drive new wave of attacks (CVE-2025-61882) Read More »

Scroll to Top