UAC-0239 Conducts Cyberattacks in Ukraine Using the OrcaC2 Framework and FILEMESS Stealer

Since the second half of September 2025, the National Cybersecurity Response Team of Ukraine (CERT-UA) has observed a new wave of targeted cyberattacks against Ukrainian defense forces and local government institutions.These attacks have been attributed to the UAC-0239 group, believed to be operating on behalf of or in cooperation with Russian threat actors. The attackers…

RFC 9794: Terminology for Post-Quantum Traditional Hybrid Schemes

Executive Summary RFC 9794 establishes standardized terminology for hybrid cryptographic schemes that combine post-quantum and traditional algorithms. As organizations prepare for the quantum computing threat, this reference document ensures consistent communication across protocols, standards, and security teams. It defines key concepts including PQ/T hybrid schemes, composite constructions, security properties (hybrid confidentiality, hybrid authentication), and certificate…

Red Hat data breach: analysis for CISOs, CERTs, CSIRTs and SOC teams

Executive summary On 2 October 2025, the extortion group Crimson Collective announced on Telegram that it had compromised Red Hat Consulting’s private Git repositories. Reports indicate that the attackers stole approximately 570 GB of compressed data from around 28 000 internal repositories. Among the stolen files were Customer Engagement Reports (CERs), which contain architecture diagrams, configuration details, authentication tokens and network maps. The leak…

RPM 6.0.0: how I actually secure my open-source supply chain

When I talk about open-source security, I’m not talking ideology—I’m talking measurable trust. The RPM 6.0.0 release (September 22, 2025) finally gives me solid building blocks for what I expect from a modern package system: locking down the trust chain, tracing artifact provenance precisely, and handling key rotations without breaking production. Why this release changes…

CISA Case Study: Preparation, Monitoring, and Remediation in the Face of Compromise

In July 2024, a U.S. federal civilian agency experienced a sophisticated cyber intrusion that would later provide valuable lessons for defenders. The Cybersecurity and Infrastructure Security Agency (CISA) was called in to assist with incident response after the agency’s endpoint detection and response (EDR) system alerted to potential malicious activity. CISA’s investigation of the incident…