Executive Summary: On October 15, 2025, F5 Networks disclosed a major security breach involving a long-term compromise of its corporate systems by a highly sophisticated state-sponsored threat actor. The attackers maintained persistent access for over a year, notably into F5’s BIG-IP development environment, and exfiltrated sensitive data including portions of BIG-IP source code and details…
Executive Summary The U.S. Secret Service dismantled a network of electronic devices across the New York tristate area used to conduct telecommunications-related threats targeting senior U.S. government officials, which posed an imminent risk to protective operations. The investigation uncovered more than 300 co-located SIM servers and 100,000 SIM cards at multiple sites. The devices were…
The Weakest Link in the Digital Chain In the contemporary software development landscape, where speed and code reusability are paramount, the Node Package Manager (NPM) has become an indispensable pillar of the JavaScript ecosystem. Acting as the world’s largest open-source library repository, with over 3 million packages and billions of weekly downloads, NPM simplifies dependency…
Executive Summary On September 18, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a detailed Malware Analysis Report (AR25-261A) regarding a cyber intrusion targeting Ivanti Endpoint Manager Mobile (EPMM) systems. In this incident, cyber threat actors exploited two critical vulnerabilities (identified as CVE-2025-4427 and CVE-2025-4428) to bypass authentication in the Ivanti EPMM product…
Executive Summary The Russian state-sponsored threat group APT-C-53 (Gamaredon), active since 2013, continues its espionage operations against Ukrainian governmental and military institutions. In 2025, its campaigns have evolved to include dynamic migration of command-and-control (C2) infrastructures to legitimate cloud services (Microsoft Dev Tunnels, Cloudflare Workers) and the use of advanced obfuscation techniques to bypass detection.…
I propose an article on Scattered Spider, the name given by a security vendor (CrowdStrike) to a group of cybercriminals that has recently emerged in the cybercrime landscape. I tried to keep it short, but far too much information gets lost—happy reading. Scattered Spider is the name given by cybersecurity researchers (notably CrowdStrike) to a…
I use the label “APT29,” also known as Cozy Bear, The Dukes, NOBELIUM, and—under Microsoft’s taxonomy—Midnight Blizzard. Public reporting predominantly attributes this actor to Russia’s Foreign Intelligence Service (SVR), and the multiple aliases reflect vendor naming schemes. Objectives and targeting I observe a primary espionage focus on governments, diplomatic missions, think tanks, IT/Cloud providers, and…
I had long wanted to examine the intelligence employed during the Second World War. Drawing on the training I received at the École de Guerre Économique (EGE), I present here a neutral, factual synthesis, accompanied by full references as well as the original document that served as my source. This article synthesizes the report Secret…
I am sharing an analysis of two groups making headlines in the cybersecurity landscape, along with the sp1d3rhunters malware.All information comes from open sources, so you can verify every detail presented in this article. I wish you an excellent read. 1. General overview and history: ShinyHunters is a financially motivated hacking group that emerged in…
I adapted this article from my LinkedIn newsfeed to highlight not only a new cyber threat but also a brilliant cybersecurity researcher: Ms. Tammy HARPER. She published a detailed article on July 10, 2025, exposing a new exploitation framework named MIKRONET that has been put up for sale on Russian-speaking forums. Sold for $2,800 per…
