Fortinet’s 2026 Cyberthreat Predictions anticipate a shift toward automated, AI-driven, high-throughput cybercrime.
AI-enabled reconnaissance, accelerated intrusion, and industrialized attack workflows may significantly reduce defender response windows.
Do you see machine-speed defence becoming standard in 2026?
Follow us for more detailed threat insights and technical updates.
#CyberSecurity #ThreatIntel #Fortinet #AIThreats #CTEM #MachineSpeedDefense #Infosec #TechNadu
Continuous Exposure Management: Wie CEM die Schwachstellenbehebung revolutioniert
SOC-Analysten verschwenden wertvolle Zeit mit der Triage von Fehlalarmen und manuellen Untersuchungen.
#ctem #cem #ContinuousExposureManagement #soc #schwachstellen #kitools #Assets
Legacy vul management is out. Continuous Threat Exposure Management (CTEM) is in. Discover how it brings risk prioritization to security teams. #CTEM #Zafran #Gartner #VulnerabilityManagement https://jpmellojr.blogspot.com/2025/11/gartners-ctem-advances-vulnerability.html
Alright team, it's been a packed 24 hours in the cyber world! We've got major updates on active exploitation, nation-state activity, a massive crypto seizure, and some serious data privacy concerns. Let's dive in:
Recent Cyber Attacks & Breaches ⚠️
- Japanese brewer Asahi confirmed its September cyberattack was ransomware (Qilin group) and personal information may have been exfiltrated.
- Qilin claims 27GB of data, including employee records, causing significant disruption to Asahi's logistics and delaying financial results.
- This incident, alongside a UK NCSC report, highlights a sharp rise in ransomware and data theft attacks globally.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/10/14/asahi_breach_update/
Qantas Customer Data Leaked by Scattered LAPSUS$ Hunters ✈️
- Australian airline Qantas confirmed the Scattered LAPSUS$ Hunters group released customer data stolen in a July cyberattack via a third-party Salesforce platform.
- Data for 5.7 million people was affected, including names, emails, and frequent flyer numbers, though no credit card or passport details were compromised.
- Salesforce refused to pay the ransom, leading to the data release, and while the FBI took down initial leak domains, the hackers quickly established new platforms.
🗞️ The Record | https://therecord.media/qantas-cybercriminals-stolen-data
Michigan City Falls Victim to Obscura Ransomware 🏙️
- Michigan City, Indiana, confirmed a September "network disruption" was a ransomware attack by the Obscura gang, impacting government systems and data.
- Obscura claims to have stolen 450GB of data and has since published it after the ransom deadline expired.
- This incident adds to a growing list of municipalities targeted by ransomware, highlighting the critical need for robust incident response and recovery plans.
🗞️ The Record | https://therecord.media/michigan-indiana-city-ransomware
Massive Crypto Seizure in "Pig Butchering" Scam Crackdown 💰
- US authorities, in coordination with the UK, seized an unprecedented $15 billion in Bitcoin from Chen Zhi, chairman of Cambodia's Prince Group, for operating a vast "pig butchering" crypto investment fraud network.
- The criminal enterprise involved human trafficking, forced labour in scam compounds, and sophisticated money laundering techniques across over 30 countries.
- This marks the largest financial seizure in Justice Department history and a significant blow against transnational cybercrime operations in Southeast Asia.
🤫 CyberScoop | https://cyberscoop.com/southeast-asia-cybercrime-networks-sanctions-seizure/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/us-seizes-15-billion-in-crypto-from-pig-butchering-kingpin/
🗞️ The Record | https://therecord.media/feds-sanction-cambodian-conglomerate-scams-seize-15-billion
New Threat Research & Tradecraft 🛡️
Malicious Packages Weaponise Discord for C2 📦
- Researchers found malicious npm, PyPI, and RubyGems packages (e.g., mysql-dumpdiscord, sqlcommenter_rails) using Discord webhooks as command-and-control (C2) channels.
- These packages exfiltrate sensitive developer data like config files, API keys, and host details, leveraging Discord's free and fast webhooks to avoid hosting infrastructure and blend with normal traffic.
- North Korean threat actors, part of the "Contagious Interview" campaign, also deployed over 300 malicious npm packages, often typosquatting legitimate ones, to deliver malware like HexEval and BeaverTail to Web3 and crypto developers.
🌐 The Hacker News | https://thehackernews.com/2025/10/npm-pypi-and-rubygems-packages-found.html
Flax Typhoon Abuses ArcGIS for Year-Long Persistence 🗺️
- The Chinese state-sponsored APT group Flax Typhoon (aka Ethereal Panda, RedJuliett) maintained undetected persistence for over a year by weaponising a Java Server Object Extension (SOE) in the ArcGIS geo-mapping tool.
- Attackers used valid administrator credentials to upload a malicious SOE acting as a web shell, then installed SoftEther VPN Bridge as a Windows service for covert C2 and lateral movement.
- This novel technique highlights how sophisticated actors "live off the land" by manipulating legitimate software components to evade detection and establish deep, long-term access.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/chinese-hackers-abuse-geo-mapping-tool-for-year-long-persistence/
🌐 The Hacker News | https://thehackernews.com/2025/10/chinese-hackers-exploit-arcgis-server.html
Vulnerabilities & Active Exploitation 🚨
Fortra GoAnywhere MFT Zero-Day Actively Exploited ⚠️
- Fortra confirmed active exploitation of CVE-2025-10035, a maximum-severity flaw in its GoAnywhere MFT service, with Microsoft linking it to the Storm-1175 ransomware group.
- The vulnerability allows unauthorised activity, but researchers are still questioning how attackers obtained a private key seemingly required for exploitation, highlighting a transparency gap.
- CISA has added this to its Known Exploited Vulnerabilities Catalog, urging immediate patching for both cloud and on-premises deployments.
🤫 CyberScoop | https://cyberscoop.com/fortra-goanywhere-vulnerability-exploitation/
Microsoft Edge IE Mode Zero-Day Under Attack 🌐
- Microsoft is restricting Internet Explorer mode in Edge after discovering active exploitation of an unpatched zero-day in the Chakra JavaScript engine.
- Attackers use social engineering to direct targets to spoofed websites, prompting them to load pages in IE mode, then exploit the Chakra flaw for remote code execution and privilege escalation.
- Users should be cautious of prompts to activate IE mode, and enterprise users should ensure policies are in place to limit its use to only necessary, trusted sites.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/microsoft-restricts-ie-mode-access-in-edge-after-zero-day-attacks/
Oracle E-Business Suite Hit by Multiple Zero-Days 🔓
- Oracle has rushed out another emergency patch for CVE-2025-61884 (CVSS 7.5) in its E-Business Suite (EBS) Runtime UI, a remotely exploitable flaw allowing unauthenticated access to sensitive resources.
- This follows a previous zero-day (CVE-2025-61882) exploited by the Clop ransomware group, with a PoC for CVE-2025-61884 publicly leaked by ShinyHunters.
- Oracle's disclosure around these EBS vulnerabilities has been criticised for lack of clarity, with multiple exploit chains observed and IOCs not always aligning with patches, making it crucial for admins to apply all available updates immediately.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/10/14/oracle_rushes_out_another_emergency/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/oracles-silently-fixes-zero-day-exploit-leaked-by-shinyhunters/
AMD RMPocalypse Threatens Confidential Computing 💻
- AMD has released fixes for "RMPocalypse" (CVE-2025-0033, CVSS 5.9), a race condition in EPYC processors' SEV-SNP confidential computing that allows a malicious hypervisor to manipulate the Reverse Map Paging (RMP) table.
- A single 8-byte write to the RMP can lead to a full breach of confidentiality and integrity for confidential virtual machines (CVMs), enabling arbitrary tampering and secret exfiltration.
- Affected EPYC 7003, 8004, 9004, and 9005 series processors require BIOS updates, with some embedded versions still awaiting fixes.
🌐 The Hacker News | https://thehackernews.com/2025/10/rmpocalypse-single-8-byte-write-shatters-amds-sev-snp-confidential-computing.html
Android "Pixnapping" Steals 2FA Codes Pixel-by-Pixel 📱
- A new side-channel attack, "Pixnapping" (CVE-2025-48561, CVSS 5.5), affects Google and Samsung Android devices (versions 13-16), allowing rogue apps to steal sensitive data like 2FA codes without permissions.
- The attack combines the GPU.zip side-channel with Android's window blur API to covertly extract pixels from other apps, including secure communication tools like Signal and Google Authenticator, in under 30 seconds for 2FA codes.
- While Google issued a patch in September, a bypass was found, and a more robust fix is expected in December 2025; an app list bypass remains unpatched.
🌐 The Hacker News | https://thehackernews.com/2025/10/new-pixnapping-android-flaw-lets-rogue-apps-steal-2fa-codes-without-permissions.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/new-android-pixnapping-attack-steals-mfa-codes-pixel-by-pixel/
Secure Boot Bypass on Linux Framework Systems 🐧
- Approximately 200,000 Linux Framework laptops were shipped with signed UEFI shells containing a 'memory modify' (mm) command, which can be exploited to bypass Secure Boot protections.
- This command allows direct read/write access to system memory, enabling attackers to disable signature verification and load persistent bootkits that evade OS-level controls.
- Framework is rolling out firmware updates (BIOS/DBX) to address this oversight, and users are urged to apply patches or implement physical access prevention as a temporary mitigation.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/secure-boot-bypass-risk-on-nearly-200-000-linux-framework-sytems/
Microsoft's October Patch Tuesday: 6 Zero-Days, 172 Flaws 🩹
- Microsoft's October Patch Tuesday addressed 172 vulnerabilities, including six zero-days, making it the largest assortment of defects disclosed this year.
- Two actively exploited zero-days are CVE-2025-24990 (Windows Agere Modem Driver Elevation of Privilege) and CVE-2025-59230 (Windows Remote Access Connection Manager Elevation of Privilege), both added to CISA's KEV catalog.
- Other notable fixes include CVE-2025-0033 (AMD RMPocalypse) and CVE-2025-47827 (IGEL OS Secure Boot bypass), with Windows 10 reaching its end of free support.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2025-patch-tuesday-fixes-6-zero-days-172-flaws/
🤫 CyberScoop | https://cyberscoop.com/microsoft-patch-tuesday-october-2025/
Threat Landscape Commentary 🌍
UK Cyberattacks Reach Record High 📈
- The UK's NCSC reported a record 204 "nationally significant" cyberattacks between September 2024 and August 2025, more than double the previous year, with 18 being "highly significant."
- This surge in sophisticated and frequent hostile cyber activity, exemplified by incidents like the Jaguar Land Rover disruption, poses a direct threat to the UK's economic security.
- The government is urging CEOs and board chairs of leading businesses to take concrete actions and make cyber resilience a top-level responsibility.
🗞️ The Record | https://therecord.media/uk-hit-by-record-number-significant-cyberattacks
Taiwan Reports Surge in Chinese Cyber & Disinformation Campaigns 🇨🇳
- Taiwan's National Security Bureau (NSB) warns of a significant increase in Chinese cyberattacks and online disinformation, with government networks facing 2.8 million intrusions daily (17% increase).
- These state-level operations, involving the PLA and other agencies, target critical infrastructure and use "online troll armies" and AI-generated content to erode public trust and sow division ahead of 2026 elections.
- The campaign aims to promote pro-China narratives and undermine trust in the US, highlighting the integrated nature of cyber espionage and information warfare.
🗞️ The Record | https://therecord.media/taiwan-nsb-report-china-surge-cyberattacks-influence-operations/
#CyberSecurity #ThreatIntelligence #Ransomware #ZeroDay #Vulnerability #ActiveExploitation #APT #NationState #DataBreach #Privacy #PatchTuesday #SupplyChainAttack #Malware #CTEM #Infosec
@scottwilson Not dissing the article, nor the (newer) term #CTEM, however isn't real time, prioritized, validated and continual improvement what we have wanted for many years?
Such as understanding actual exposure (the environmental metric in CVSS) etc.
(Might just be grumpy ol' me) <3
How #CTEM Boosts Visibility and Shrinks Attack Surfaces in Hybrid and Cloud Environments
https://securityaffairs.com/180871/security/how-ctem-boosts-visibility-and-shrinks-attack-surfaces-in-hybrid-and-cloud-environments.html
#securityaffairs #hacking #ybercrime
📊 Overwhelmed by data in vulnerability management?
PlexTrac is unveiling exciting advancements in Continuous Threat Exposure Management (CTEM) with a focus on centralized data, automation, and analytics. Don't miss this @sharedsecurity podcast episode with PlexTrac's CTO and VP of Product! 🚀
Watch on YouTube:
https://youtu.be/9rfZ1UMLH2U
Listen and subscribe to the podcast!
https://sharedsecurity.net/2025/04/21/centralizing-data-and-enhancing-workflows-inside-plextracs-new-capabilities/
“To catch a criminal you have to think like a criminal” (or see what the criminal sees).
Attack graphs, seeing what attackers see:
Classic case where you try to address a security weakness just to find out that you have created another vulnerability.
If you have an Apache server with this version, most likely that it is Internet exposed which means you must patch it fast. Another reason to continuously scan your attack surface.
🔍 PlexTrac: Simplify Pentest Reporting & Vulnerability Management
Stay ahead of threats with Continuous Threat and Exposure Management (CTEM). @PlexTrac helps security teams identify, prioritize, and remediate risks faster enhancing your organization’s security posture.
👉Request a Demo from @emt Distribution META: https://zurl.co/6rcow
#Cybersecurity #Pentesting #VulnerabilityManagement #PlexTrac #CTEM #emtDisti
От CNAPP до CTEM — ИБ-термины простыми словами
Современные облачные сервисы и другие области ИТ включают большое количество специализированных терминов и аббревиатур, связанных с информационной безопасностью. Чтобы упростить понимание этих понятий, мы подготовили компактный словарь для менеджеров и начинающих специалистов. Простыми словами объясняем распространённые термины, обозначающие механизмы и решения для защиты различных сред: от управления правами доступа до межсетевых экранов. Материал поможет разобраться в технологиях безопасности и сделать их использование максимально эффективным.
Nieuwe technieken voor cyberdreigingsbeheer: een diepgaande analyse https://www.trendingtech.news/trending-news/2024/10/40629/nieuwe-technieken-voor-cyberdreigingsbeheer-een-diepgaande-analyse #cyberdreigingen #CTEM #kwetsbaarheidsbeheer #beveiligingsstrategie #XM Cyber #Trending #News #Nieuws
Gartner's latest #CTEM report highlights Adversarial Exposure Validation (AEV) as vital for #cybersecurity, combining breach simulation with pentesting to streamline security assessments, automate testing, and enhance resilience.
https://thehackernews.com/2024/08/ctem-in-spotlight-how-gartners-new.html
#Anzeige | Unsere digitale Transformation geht weiter! 🚀 In Episode 2 der Serie „5 Fragen an Michael Fichtner“ erklärt unser CIO, wie wir mit @XMCyber_@twitter.com die Sicherheit des #FCBayern erhöhen. 🙌 Schaut jetzt rein! 🎬
#Cybersicherheit #CTEM #Datensicherheit #Digitalisierung
#Anzeige | Ein Spiel ohne Regeln und Fairplay? 🛡
Seit dieser Saison ist @XMCyber_@twitter.com unser offizieller #Cybersecurity-Partner und hilft uns bei dieser Herausforderung. 🤝
Wie das funktioniert? Erfährst Du im Video!
Mehr Informationen ➡ https://xmcyber.com/de/attack-path…
ℹ #XMCyber läuft auf der vertrauenswürdigen und sicheren STACKIT Cloud aus Deutschland.
#ctem #infosec #vulnerabilitymanagement #attackpathmanagement #exposuresexposed
A súa maior contribución foi un método para determinar a latitude e lonxitude a partir das estrelas observadas na superficie da lúa, iniciando o estudo da selenografía. Achegou esforzo e rigor nos seus logros académicos e científicos ata o final dos seus días.
#MulleresAstrónomas #CTEM
Algunhas das súas honras foron ser Muller do Ano na Ciencia (1992) pola Comisión Mexicana de Mulleres de Los Ángeles e recentemente foi galardoada nos Latin America Lifetime Awards (2022) polo seu legado como científica.
A Adriana Ocampo preocúpalle a infrarrepresentación das mulleres nos postos científicos e considera que a solución apuntaría a factores estruturais como os valores das nais e pais á hora de apoiar as vocacións científicas nas súas fillas.
#AstroMulleres #CTEM #mulleresastrónomas
O seu compromiso científico e o seu recoñecemento na academia resaltan a contribución das mulleres na astronomía. Aínda que avances lográronse, a desigualdade persiste, e Alonso Guerrero avoga por un cambio, alentando a máis mulleres a explorar as estrelas. A súa historia destaca que o universo é un vasto lenzo onde as mulleres poden deixar a súa pegada en constelacións de descubrimentos.
Acompáñanos na celebración para descubrirmo as marabillas do universo!
#MulleresEnCiencia #CTEM #Astronomía #IgualdadeDeXénero
