Executive Summary RFC 9794 establishes standardized terminology for hybrid cryptographic schemes that combine post-quantum and traditional algorithms. As organizations prepare for the quantum computing threat, this reference document ensures consistent communication across protocols, standards, and security teams. It defines key concepts including PQ/T hybrid schemes, composite constructions, security properties (hybrid confidentiality, hybrid authentication), and certificate…
Executive summary On 2 October 2025, the extortion group Crimson Collective announced on Telegram that it had compromised Red Hat Consulting’s private Git repositories. Reports indicate that the attackers stole approximately 570 GB of compressed data from around 28 000 internal repositories. Among the stolen files were Customer Engagement Reports (CERs), which contain architecture diagrams, configuration details, authentication tokens and network maps. The leak…
In July 2024, a U.S. federal civilian agency experienced a sophisticated cyber intrusion that would later provide valuable lessons for defenders. The Cybersecurity and Infrastructure Security Agency (CISA) was called in to assist with incident response after the agency’s endpoint detection and response (EDR) system alerted to potential malicious activity. CISA’s investigation of the incident…
Executive Summary The U.S. Secret Service dismantled a network of electronic devices across the New York tristate area used to conduct telecommunications-related threats targeting senior U.S. government officials, which posed an imminent risk to protective operations. The investigation uncovered more than 300 co-located SIM servers and 100,000 SIM cards at multiple sites. The devices were…
Executive Summary On September 18, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a detailed Malware Analysis Report (AR25-261A) regarding a cyber intrusion targeting Ivanti Endpoint Manager Mobile (EPMM) systems. In this incident, cyber threat actors exploited two critical vulnerabilities (identified as CVE-2025-4427 and CVE-2025-4428) to bypass authentication in the Ivanti EPMM product…
On September 12, 2025, the Federal Bureau of Investigation (FBI) issued a FLASH alert detailing the operations of two cybercriminal groups, UNC6040 and UNC6395, which are targeting Salesforce instances to exfiltrate data and extort organizations. This alert, intended for cybersecurity professionals (CERTs, SOC analysts, CISOs), outlines the initial access vectors, data exfiltration techniques, authentication bypass…
On September 9, 2025, Microsoft released security updates addressing over 80 vulnerabilities across Windows operating systems and related software (81 vulnerabilities were patched on this date). Notably, there were no actively exploited “zero-day” vulnerabilities in this month’s update bundle. However, two publicly disclosed vulnerabilities (zero-days) were fixed, meaning they were known to attackers or researchers…
Executive Summary The Russian state-sponsored threat group APT-C-53 (Gamaredon), active since 2013, continues its espionage operations against Ukrainian governmental and military institutions. In 2025, its campaigns have evolved to include dynamic migration of command-and-control (C2) infrastructures to legitimate cloud services (Microsoft Dev Tunnels, Cloudflare Workers) and the use of advanced obfuscation techniques to bypass detection.…
