On September 9, 2025, Microsoft released security updates addressing over 80 vulnerabilities across Windows operating systems and related software (81 vulnerabilities were patched on this date). Notably, there were no actively exploited “zero-day” vulnerabilities in this month’s update bundle. However, two publicly disclosed vulnerabilities (zero-days) were fixed, meaning they were known to attackers or researchers…
I want to alert you to a major security incident that is currently making waves in the JavaScript community. We are dealing with a software supply chain attack in the npm ecosystem: no fewer than 18 highly popular packages (including chalk and debug) were compromised through a hijacked maintainer account. As a result, malicious versions…
A recent supply-chain attack targeting Salesloft – the provider of a popular AI chatbot integrated with Salesforce – has compromised data from hundreds of companies. Tracked by Google as threat group UNC6395, the attackers stole OAuth access tokens for Salesloft’s Drift chatbot integration and used them between August 8 and August 18, 2025 to illicitly…
Executive SummaryFollowing the actively exploited vulnerability in Citrix NetScaler (CVE-2025-7775), this summary provides an overview of the technical details and the associated risks. The flaw, a critical memory overflow, has been added by CISA to its Known Exploited Vulnerabilities (KEV) catalog due to confirmed in-the-wild exploitation. It allows unauthenticated remote code execution on vulnerable appliances,…
Summary: I analyzed the Vulnerability Summary for the Week of July 21, 2025 published by CISA. This bulletin lists 176 new vulnerabilities discovered that week. In this article, I present all these vulnerabilities in a factual and structured manner, organized by affected product or vendor. For each product, you’ll find the CVE identifier, CVSS severity…
I have reviewed the CISA bulletin of newly reported vulnerabilities for the week of July 14, 2025. It is a compilation of recently discovered flaws, mostly classified as critical (CVSS score 7.0–10.0). As a CERT manager, I am providing here a detailed analysis of these vulnerabilities. I have grouped them by vendor, highlighting each flaw…
This article presents an analysis by CERT-UA (the Ukrainian national CERT) of activities linked to APT28. Between March and April 2024, a sophisticated multi-stage cyberoperation targeted Ukrainian government agencies (central executive authorities). The attack is attributed to threat actor UAC-0001, also known internationally as APT28 or Fancy Bear, known for advanced espionage campaigns. Discovery of…
