CISA, FBI, NSA and 23 international partner organizations published on December 9, 2025 a joint advisory detailing the activities of pro-Russia hacktivist groups targeting industrial control systems and critical infrastructure in the United States and globally. This publication follows Operation Eastwood conducted by the European Cybercrime Centre and the joint fact sheet of May 6,…
Executive Summary In a coordinated international initiative, the ASD, CISA, FBI, and their partners released the “Bulletproof Defense” guide. This document goes beyond simple warnings; it provides a technical methodology to dismantle the tactical advantage of Bulletproof Hosting (BPH) providers. These actors are not merely lax hosts; they are architects of cybercrime, providing infrastructure resilient…
On November 14, 2025, Fortinet released a PSIRT advisory for a critical vulnerability affecting its FortiWeb Web Application Firewall (WAF). Tracked as CVE-2025-64446, this flaw carries a CVSS 3.1 score of 9.8 (Critical) and is confirmed to be actively exploited in the wild. Vulnerability Description The vulnerability is the result of a chain of two…
In this article, I present a summary of the security best practices for Microsoft Exchange Server, directly inspired by the recommendations published by the NSA and CISA. These guidelines aim to strengthen the resilience of Exchange environments hosted in data centers — whether on-premises or hybrid — against current threats, including email account compromises and…
Executive Summary: On October 15, 2025, F5 Networks disclosed a major security breach involving a long-term compromise of its corporate systems by a highly sophisticated state-sponsored threat actor. The attackers maintained persistent access for over a year, notably into F5’s BIG-IP development environment, and exfiltrated sensitive data including portions of BIG-IP source code and details…
In July 2024, a U.S. federal civilian agency experienced a sophisticated cyber intrusion that would later provide valuable lessons for defenders. The Cybersecurity and Infrastructure Security Agency (CISA) was called in to assist with incident response after the agency’s endpoint detection and response (EDR) system alerted to potential malicious activity. CISA’s investigation of the incident…
Executive Summary On September 18, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a detailed Malware Analysis Report (AR25-261A) regarding a cyber intrusion targeting Ivanti Endpoint Manager Mobile (EPMM) systems. In this incident, cyber threat actors exploited two critical vulnerabilities (identified as CVE-2025-4427 and CVE-2025-4428) to bypass authentication in the Ivanti EPMM product…
