F5 States Threat Actors Accessed Undisclosed BIG-IP Flaws and Source Code, Provides Mitigations

Summary Cybersecurity firm F5 publicly disclosed a breach by an unnamed nation-state actor who gained long-term access to the company’s product development environment, including the engineering platforms for its flagship BIG-IP product. The attackers exfiltrated a portion of the BIG-IP source code, information about undisclosed security vulnerabilities, and configuration/implementation details for a limited number of customers….

Read More

EvilAI Malware Impersonating AI Tools to Target Manufacturing & Retail and Hospitality Organizations

Summary A highly capable threat campaign, codenamed EvilAI by Trend Micro, is using seemingly legitimate, digitally signed AI-enhanced productivity software, such as PDF editors, to secretly deliver various malware strains globally. These applications, which appear functional, serve as initial access conduits to perform reconnaissance, exfiltrate browser data, and prepare systems for secondary payloads. The campaign has…

Read More

RH-ISAC Supports Launch of National Strategy to Prevent Scams

Fraud and scams are no longer isolated incidents—they’re a national crisis. Every day, criminals steal an estimated $430 million from Americans, exploiting digital platforms, financial systems, and communication networks. These scams fund transnational criminal organizations and erode trust in our economy and institutions. To address this growing threat, the Aspen Institute Financial Security Program has released the proposed National Strategy to…

Read More

CISA and NCSC Release Directives to Address Multiple Cisco Platforms Exploited by Threat Actors

Context CISA has released Emergency Directive 25-03 in response to an advanced threat actor actively exploiting zero-day vulnerabilities in Cisco Adaptive Security Appliances (ASA) devices. This alert comes as the United Kingdom National Cyber Security Centre releases a parallel advisory warning of active exploitation. This persistent threat utilizes new malware strains, RayInitiator and LINE VIPER, to maintain control and…

Read More

Hunting Malware That Hides: 5 Case Studies with 7 Downloadable YARA Rules

Security teams don’t just need alerts, they need answers. At Stairwell, we’ve seen how easily malware evades detection when defenders rely solely on behavior, logs, or static IOCs. Some threats hide inside image files. Others remain dormant for months. Many are missed not because they’re advanced, but because no one was looking in the right…

Read More