Annie - RH-ISAC - Page 2 of 21 Blog

VIENNA, VA (November 3, 2025) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) today released its 2025 Holiday Season Cyber Threat Trends report, highlighting a sharp rise in fraud and automated bot attacks expected to align with peak seasonal shopping demand across the retail, hospitality, and travel sectors. The report analyzes threat…

Summary The China-nexus threat cluster known as UNC5221 is actively exploiting F5 BIG-IP appliances following a confirmed breach of F5’s internal network that resulted in the theft of BIG-IP source code and vulnerability data, according to a new report from Resecurity. UNC5221 utilizes a custom-built, highly sophisticated toolkit centered on the BRICKSTORM backdoor to exploit F5 BIG-IP devices….

Summary Cybersecurity firm F5 publicly disclosed a breach by an unnamed nation-state actor who gained long-term access to the company’s product development environment, including the engineering platforms for its flagship BIG-IP product. The attackers exfiltrated a portion of the BIG-IP source code, information about undisclosed security vulnerabilities, and configuration/implementation details for a limited number of customers….

Summary A highly capable threat campaign, codenamed EvilAI by Trend Micro, is using seemingly legitimate, digitally signed AI-enhanced productivity software, such as PDF editors, to secretly deliver various malware strains globally. These applications, which appear functional, serve as initial access conduits to perform reconnaissance, exfiltrate browser data, and prepare systems for secondary payloads. The campaign has…

Fraud and scams are no longer isolated incidents—they’re a national crisis. Every day, criminals steal an estimated $430 million from Americans, exploiting digital platforms, financial systems, and communication networks. These scams fund transnational criminal organizations and erode trust in our economy and institutions. To address this growing threat, the Aspen Institute Financial Security Program has released the proposed National Strategy to…

Context CISA has released Emergency Directive 25-03 in response to an advanced threat actor actively exploiting zero-day vulnerabilities in Cisco Adaptive Security Appliances (ASA) devices. This alert comes as the United Kingdom National Cyber Security Centre releases a parallel advisory warning of active exploitation. This persistent threat utilizes new malware strains, RayInitiator and LINE VIPER, to maintain control and…

Security teams don’t just need alerts, they need answers. At Stairwell, we’ve seen how easily malware evades detection when defenders rely solely on behavior, logs, or static IOCs. Some threats hide inside image files. Others remain dormant for months. Many are missed not because they’re advanced, but because no one was looking in the right…

VIENNA, VA (September 4, 2025) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) convened leaders from across the retail and hospitality sectors on 27 August 2025 for the Fraud Defense Forum, hosted at Target’s office in Minneapolis. The event brought together some of the world’s largest retailers to strengthen collective efforts in…

Executive Summary A widespread, opportunistic data theft campaign against Salesforce, attributed to the group UNC6395, has expanded in scope beyond initial reports. The attacks leverage compromised OAuth tokens from Salesloft Drift, an AI chat agent, to gain unauthorized access to customer instances of various services, including Salesforce and Google Workspace. Cybersecurity firms Zscaler and Palo Alto Networks have publicly confirmed impact,…

Executive Summary UK-based telecom provider Colt Technology Services has been battling a cyberattack since August 12, 2025, which disrupted several of its support and online platforms for days. Initially described as a “technical issue,” the company later confirmed it was a cyber incident and that customer data was stolen. The WarLock ransomware group has claimed responsibility,…