You log in to your loyalty account to cash in a year’s worth of points—only to find them wiped clean. No redemptions in your history, no trace of your perks. This isn’t a UX glitch—it’s account takeover (ATO), and it’s not personal. The cybercrime ecosystem isn’t just a place where criminals discuss how to profit…
Read More
Context Ivanti has disclosed a critical vulnerability, CVE-2025-22457 (CVSS 9.0), affecting multiple product lines including Connect Secure, Policy Secure, and ZTA Gateways. The flaw, a stack-based buffer overflow, allows unauthenticated remote attackers to execute arbitrary code, and has been actively exploited in the wild. Google’s Mandiant team identified threat activity tied to UNC5221, a China-nexus group, which…
Read More
The retail and hospitality industries are facing a surge in cyber threats, with ransomware, phishing campaigns, and impersonation scams among the most pressing risks. In 2024 alone, ransomware accounted for 30% of all reported incidents in these sectors, while phishing attacks targeting customer data increased by 22% year-over-year. These threats not only disrupt operations but…
Read More
Context Sekoia researchers have released updates on ClearFake, a malicious JavaScript framework that infects compromised websites to deliver malware through drive-by downloads and social engineering tactics. Initially observed in July 2023, ClearFake utilized fake browser update prompts to trick users into downloading malware. The latest 2025 variant introduces new lures, including fake reCAPTCHA and Cloudflare Turnstile verifications,…
Read More
Executive Summary Cybersecurity researchers at SecureList by Kaspersky have uncovered a sophisticated cyber espionage campaign by SideWinder, an Advanced Persistent Threat group targeting hospitality and consulting organizations, among others, across South and Southeast Asia, the Middle East, Europe, and Africa. The group relies on spear-phishing emails containing malicious documents that exploit CVE-2017-11882, a dated but effective Microsoft…
Read More
Executive Summary Cisco Talos has uncovered a sophisticated attack campaign exploiting CVE-2024-4577, a critical PHP-CGI remote code execution vulnerability, to compromise organizations in several countries. Attackers deploy Cobalt Strike beacons and use the TaoWu toolkit for post-exploitation activities, leveraging HTTP POST requests for initial access. GreyNoise telemetry indicates that this exploitation is more widespread than initially reported, affecting regions including the United States,…
Read More
Executive Summary Microsoft Threat Intelligence has identified a shift in tactics for Silk Typhoon, a Chinese state-sponsored espionage group, to target remote management tools and cloud applications for initial access. The group has now shifted to exploiting unpatched vulnerabilities in IT infrastructure to elevate privileges and move laterally into cloud environments, enabling data exfiltration and…
Read More
Account Takeover (ATO) remains a persistent challenge in retail and hospitality, with attackers continuously refining their techniques. Over the past 18 months, 6.2 million accounts have been compromised – including 55,000 in the last month alone. Despite advancements in security, automated bot-fueled attacks continue to bypass traditional defenses, costing businesses billions in fraud-related losses and…
Read More
Executive Summary Kaspersky ICS CERT has identified SalmonSlalom, a sophisticated cyber campaign targeting industrial organizations in the Asia-Pacific (APAC) region. The attack employs a multi-stage payload delivery system, utilizing legitimate Chinese cloud services such as Youdao Cloud Notes and myqcloud for hosting and command-and-control operations. The malware framework delivers FatalRAT, a remote access trojan (RAT),…
Read More
Executive Summary Proofpoint has identified two new cybercriminal threat actors, TA2726 and TA2727, responsible for web inject campaigns that distribute malware through compromised websites, according to a recently published report. TA2726 and TA2727 actors operate traffic distribution services (TDS) to redirect users to fake update lures, leading to the installation of malware on Windows, MacOS, and…
Read More
