Blog Standard

"Prevention is cheaper than a breach"

25
Jun

New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns

A new, stealthy backdoor named Mistic has been deployed as part of suspected financially motivated attacks aimed at multiple organizations spanning insurance, education, IT, and professional services sectors since April 2026. According to Symantec and Carbon Black’s Threat Hunter Team, the backdoor, also tracked as MLTBackdoor, is said to be…
24
Jun

CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 26, 2026. The vulnerability in question is CVE-2025-67038 (CVSS score: 9.8), a code…
24
Jun

Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered

A coordinated law enforcement operation, in partnership with private sector companies, including Bitdefender, Bitsight, ESET, and Microsoft, has resulted in the takedown of criminal infrastructure powering Amadey and StealC. “The main common goal was to disrupt the ‘assembly lines’ cybercriminals use to launch ransomware, financial fraud, and attacks on critical…
24
Jun

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains. The “critical exploitable pattern” has been codenamed Cordyceps by Novee Security. The issue can allow full attacker control of repositories at dozens of the largest organizations worldwide, including…
24
Jun

Dawn of the Apex Agentic Adversary

We are standing at the end of an era we never thought to mourn: the era of human-speed threats. For years, cybersecurity moved to a rhythm organizations could follow. A researcher found a bug, a CVE was cataloged, a vendor navigated a patch cycle, and weeks or even months later,…
Scroll to top