A Flagship Forum of Russophone Cybercrime Here is a factual and neutral synthesis based on OSINT sources. The XSS forum (accessible via the domain xss.is) has emerged as one of the world’s leading cybercrime hubs, particularly within the Russian-speaking community. Originally launched in 2004 under the name DaMaGeLaB, this hacker forum has been active for…
I have reviewed the CISA bulletin of newly reported vulnerabilities for the week of July 14, 2025. It is a compilation of recently discovered flaws, mostly classified as critical (CVSS score 7.0–10.0). As a CERT manager, I am providing here a detailed analysis of these vulnerabilities. I have grouped them by vendor, highlighting each flaw…
This article presents an analysis by CERT-UA (the Ukrainian national CERT) of activities linked to APT28. Between March and April 2024, a sophisticated multi-stage cyberoperation targeted Ukrainian government agencies (central executive authorities). The attack is attributed to threat actor UAC-0001, also known internationally as APT28 or Fancy Bear, known for advanced espionage campaigns. Discovery of…
