<h2>Overview</h2><p>A coordinated malware campaign targeting Python Package Index (PyPI) and Node Package Manager (npm) repositories has been discovered, representing a significant supply chain security threat to organizations utilizing these package management systems. The campaign involves the distribution of hundreds of malicious packages designed to compromise development environments and production systems.</p><h3>Attack Vectors</h3><ul><li>Typosquatting: Creation of packages with names similar to popular libraries</li><li>Dependency confusion attacks exploiting internal package naming</li><li>Automated package publication and update mechanisms</li><li>Obfuscated malicious code injection in package installation scripts</li></ul><h2>Technical Analysis</h2><p>The malicious packages employ multiple stages of execution to evade detection:</p><ul><li>Initial stage involves benign-looking installation scripts</li><li>Secondary payload retrieval from attacker-controlled infrastructure</li><li>Anti-analysis techniques including environment checking</li><li>Fileless execution of credential harvesting modules</li></ul><h3>Malware Capabilities</h3><ul><li>Theft of environment variables and API keys</li><li>Harvesting of Git credentials and SSH keys</li><li>Cryptocurrency mining payload deployment</li><li>Data exfiltration to multiple C2 servers</li></ul><h2>Impact Assessment</h2><p>The campaign poses severe risks to:</p><ul><li>Development environment integrity</li><li>CI/CD pipeline security</li><li>Production system compromise</li><li>Intellectual property theft</li><li>Resource theft via crypto mining</li></ul><h2>Recommendations</h2><ul><li>Implement strict package verification processes</li><li>Deploy automated security scanning in development pipelines</li><li>Use private package repositories with vetted mirrors</li><li>Enable multi-factor authentication for package management</li><li>Conduct dependency audit and cleanup</li><li>Monitor for unusual system behavior and resource usage</li></ul><h2>Indicators of Compromise</h2><h3>Known Malicious Packages</h3><ul><li>python-requests-http</li><li>python-urllib3-ssl</li><li>react-native-analytics</li><li>node-crypto-miner</li></ul><h3>C2 Infrastructure</h3><ul><li>cdn-package[.]com</li><li>npm-install[.]net</li><li>pypi-cdn[.]org</li></ul>

https://hlfitrjkdcidoupducby.supabase.co/storage/v1/object/public/brief-images/briefs/pypi-npm-supply-chain-malware-campaigns-1772061939470.png

Multiple malicious packages discovered in PyPI and npm repositories executing credential theft and crypto mining payloads. Supply chain attacks leverage typosquatting and dependency confusion techniques to compromise development environments.

Widespread Malware Campaign Targets PyPI and npm Users

Supply Chain Attacks Target Development Infrastructure

Package Manager Security Best Practices

Security researchers have identified an extensive malware campaign targeting both PyPI and npm package repositories, with hundreds of malicious packages discovered in recent months. The attacks primarily utilize typosquatting and dependency confusion techniques to trick developers into installing compromised packages that execute credential theft, crypto mining, and data exfiltration payloads.

The campaign demonstrates sophisticated operational security, with attackers using automated package creation and multiple command-and-control infrastructures to evade detection. Impact analysis indicates potential compromise of development environments, CI/CD pipelines, and production systems across organizations using affected packages. Organizations are advised to implement strict package verification processes and automated security scanning.

Widespread Supply Chain Attacks Targeting PyPI and npm Package Repositories

<h2>Overview</h2><p>A widespread ransomware campaign is actively targeting VMware ESXi hypervisors, exploiting known vulnerabilities to encrypt virtual machines and associated files. The attack, identified as 'ESXiArgs,' has affected thousands of servers globally, with significant impact on critical business operations.</p><h3>Attack Vector</h3><p>The primary attack vector is CVE-2021-21974, a heap overflow vulnerability in the OpenSLP service of ESXi that allows for remote code execution. This vulnerability affects ESXi versions 6.5, 6.7, and 7.0.</p><h2>Technical Analysis</h2><p>The ransomware specifically targets files essential to virtual machine operations:</p><ul><li>.vmdk (Virtual Machine Disk) files</li><li>.vmx (Virtual Machine Configuration) files</li><li>.vmxf (Virtual Machine Extended Configuration) files</li><li>.nvram (Virtual Machine BIOS) files</li></ul><p>The encryption process utilizes a combination of symmetric and asymmetric encryption, making recovery without the decryption key extremely difficult. The ransomware also attempts to stop virtual machines before encryption and removes VM snapshots to prevent easy recovery.</p><h2>Impact Assessment</h2><ul><li>Complete encryption of virtual infrastructure</li><li>Business continuity disruption</li><li>Potential data loss</li><li>Significant recovery time and costs</li></ul><h2>Recommendations</h2><p>Immediate actions required:</p><ul><li>Patch all ESXi hosts to the latest version</li><li>Disable the OpenSLP service if not required</li><li>Implement network segmentation for ESXi management interfaces</li><li>Ensure robust backup solutions are in place and tested</li><li>Monitor ESXi logs for suspicious activities</li><li>Implement strong access controls and MFA for management interfaces</li></ul><h2>Indicators of Compromise</h2><ul><li>Presence of .args files in /tmp directory</li><li>Encrypted files with .vmxf extension</li><li>Suspicious connections to TCP port 427 (SLP)</li><li>Unusual ESXi process activity</li></ul>

https://hlfitrjkdcidoupducby.supabase.co/storage/v1/object/public/brief-images/briefs/vmware-esxi-ransomware-campaign-2023-1772061878672.png

Large-scale ransomware campaign exploiting VMware ESXi vulnerabilities to encrypt virtual machines and disrupt business operations. Attackers leverage CVE-2021-21974 to compromise unpatched systems globally.

VMware Security Advisory for CVE-2021-21974

CISA Alert: ESXiArgs Ransomware Virtual Infrastructure Campaign

A significant ransomware campaign dubbed 'ESXiArgs' is actively targeting VMware ESXi hypervisors worldwide, primarily exploiting CVE-2021-21974, a two-year-old heap overflow vulnerability in the OpenSLP service. The attack has impacted thousands of servers across multiple countries, with particularly high concentrations in France, Germany, and North America.

The ransomware specifically targets ESXi virtual machines, encrypting VM files (including .vmdk, .vmx, .vmxf, and .nvram) and effectively disrupting organizations' virtualized infrastructure. The campaign demonstrates sophisticated targeting of enterprise virtualization platforms, potentially causing widespread business disruption due to the critical nature of affected systems.

Mass VMware ESXi Ransomware Campaign Targeting Virtual Infrastructure

<h2>Overview</h2><p>Fortinet disclosed a critical authentication bypass vulnerability (CVE-2024-21762) affecting FortiOS SSL-VPN implementations. The vulnerability stems from improper session validation in the SSL-VPN component, allowing attackers to bypass authentication mechanisms and gain unauthorized remote access to protected networks.</p><h3>Vulnerability Details</h3><p>The flaw exists in the following FortiOS versions:</p><ul><li>FortiOS 7.4.0 through 7.4.1</li><li>FortiOS 7.2.0 through 7.2.6</li><li>FortiOS 6.4.0 through 6.4.14</li></ul><h2>Technical Analysis</h2><p>The vulnerability allows attackers to bypass SSL-VPN authentication by manipulating session tokens. Successful exploitation provides unauthorized access to internal networks and potential lateral movement capabilities. Nation-state actors have been observed:</p><ul><li>Deploying custom backdoors and remote access tools</li><li>Establishing persistence through modified system configurations</li><li>Targeting privileged credentials and sensitive data</li><li>Utilizing sophisticated obfuscation techniques to avoid detection</li></ul><h3>Attack Methodology</h3><p>The observed attack chain typically involves:</p><ol><li>Initial exploitation of the SSL-VPN vulnerability</li><li>Deployment of custom malware payloads</li><li>Lateral movement through compromised networks</li><li>Data exfiltration via encrypted channels</li></ol><h2>Impact Assessment</h2><p>The vulnerability poses a severe risk to organizations using affected FortiOS versions. Successful exploitation can lead to:</p><ul><li>Unauthorized access to internal networks</li><li>Data theft and intellectual property compromise</li><li>Installation of persistent backdoors</li><li>Complete network compromise</li></ul><h2>Recommendations</h2><p>Organizations should implement the following mitigations immediately:</p><ul><li>Update to the latest FortiOS version that includes the security patch</li><li>Conduct thorough audits of SSL-VPN logs for suspicious activity</li><li>Implement additional network segmentation and monitoring</li><li>Reset all VPN user credentials</li><li>Enable multi-factor authentication for VPN access</li></ul><h2>Indicators of Compromise</h2><p>Monitor for the following indicators:</p><ul><li>Unusual SSL-VPN authentication patterns</li><li>Unexpected privileged account creation</li><li>Anomalous outbound data transfers</li><li>Connection attempts to known command and control servers</li></ul>

https://hlfitrjkdcidoupducby.supabase.co/storage/v1/object/public/brief-images/briefs/fortinet-fortios-ssl-vpn-nation-state-attacks-2024-1772061831507.png

Multiple nation-state actors are actively exploiting a critical authentication bypass vulnerability in Fortinet FortiOS SSL-VPN. The flaw allows unauthorized remote access and has been linked to sophisticated cyber espionage campaigns.

FortiOS Security Advisory

Joint Cybersecurity Advisory

A critical authentication bypass vulnerability (CVE-2024-21762) in Fortinet FortiOS SSL-VPN is being actively exploited by multiple nation-state threat actors. The vulnerability affects FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, and 6.4.0 through 6.4.14, allowing attackers to gain unauthorized access to protected networks without valid credentials.

Forensic analysis has revealed sophisticated exploitation attempts attributed to both Chinese and Russian state-sponsored APT groups, targeting government agencies, defense contractors, and critical infrastructure organizations. The attacks have been observed since early January 2024, with threat actors leveraging the vulnerability to establish persistent access and deploy custom malware payloads.

Nation-State Exploitation of Fortinet FortiOS SSL-VPN Vulnerability (CVE-2024-21762)

<h2>Overview</h2><p>ConnectWise ScreenConnect, a widely-used remote access and support solution, is affected by a critical authentication bypass vulnerability (CVE-2024-1709) that allows attackers to gain unauthorized administrative access to affected instances. The vulnerability was disclosed on February 19, 2024, and has since been observed being actively exploited by multiple threat actors.</p><h3>Vulnerability Details</h3><p>The authentication bypass vulnerability exists in the web interface of ScreenConnect/ConnectWise Control servers. It allows unauthenticated attackers to:</p><ul><li>Bypass authentication mechanisms</li><li>Gain administrative access to the ScreenConnect instance</li><li>Execute arbitrary code on both the server and connected endpoints</li><li>Access sensitive data and credentials</li></ul><h2>Technical Analysis</h2><p>The vulnerability stems from an improper access control implementation in the web interface. Attackers can exploit this flaw by sending specially crafted requests to bypass authentication checks and gain administrative privileges. Once authenticated, attackers can:</p><ul><li>Create new administrator accounts</li><li>Access and control connected endpoints</li><li>Execute commands with SYSTEM/root privileges</li><li>Deploy malicious payloads across the environment</li></ul><h3>Observed Exploitation</h3><p>Multiple threat actors are actively scanning for and exploiting vulnerable instances. Observed attack patterns include:</p><ul><li>Mass scanning for exposed ScreenConnect instances</li><li>Automated exploitation attempts</li><li>Deployment of ransomware and other malware</li><li>Data exfiltration activities</li></ul><h2>Impact Assessment</h2><p>The potential impact of successful exploitation is severe:</p><ul><li>Complete compromise of ScreenConnect server</li><li>Unauthorized access to all connected endpoints</li><li>Potential lateral movement within networks</li><li>Data theft and ransomware deployment</li><li>Business disruption and reputational damage</li></ul><h2>Recommendations</h2><h3>Immediate Actions</h3><ul><li>Immediately upgrade on-premises installations to version 23.9.8 or later</li><li>Verify cloud instances are running the latest version</li><li>Review system logs for signs of compromise</li><li>Reset all administrative credentials</li><li>Implement network segmentation for ScreenConnect servers</li></ul><h3>Long-term Mitigation</h3><ul><li>Implement strict access controls and IP allowlisting</li><li>Enable multi-factor authentication</li><li>Regular security assessments of remote access solutions</li><li>Maintain current backups of critical systems</li></ul><h2>Indicators of Compromise</h2><ul><li>Unexpected administrative account creation</li><li>Unusual authentication patterns</li><li>Suspicious outbound network connections</li><li>Unexpected file modifications in ScreenConnect directories</li><li>Unusual process execution on connected endpoints</li></ul>

https://hlfitrjkdcidoupducby.supabase.co/storage/v1/object/public/brief-images/briefs/connectwise-screenconnect-auth-bypass-active-exploitation-1772061780996.png

A critical authentication bypass vulnerability in ConnectWise ScreenConnect (CVE-2024-1709) is being actively exploited in the wild. The flaw allows attackers to gain unauthorized administrative access and execute remote code on affected systems.

ConnectWise ScreenConnect Authentication Bypass Advisory

CISA Alert: Active Exploitation of ConnectWise ScreenConnect

A severe authentication bypass vulnerability (CVE-2024-1709) affecting ConnectWise ScreenConnect, formerly known as ConnectWise Control, has emerged as a critical security threat with confirmed active exploitation. The vulnerability allows attackers to bypass authentication mechanisms and gain unauthorized administrative access to affected ScreenConnect instances.

The flaw affects all on-premises versions prior to 23.9.8 and cloud instances that haven't been automatically updated. Successful exploitation enables attackers to execute arbitrary code with SYSTEM/root privileges on both the ScreenConnect server and connected client endpoints. Multiple threat actors are actively scanning for and exploiting vulnerable instances, with some attacks involving ransomware deployment and data theft.

Critical ConnectWise ScreenConnect Authentication Bypass Vulnerability Under Active Exploitation

<h2>Overview</h2><p>Two critical zero-day vulnerabilities have been discovered in Ivanti Connect Secure VPN appliances, allowing unauthenticated attackers to bypass authentication mechanisms and execute arbitrary commands. The vulnerabilities are being actively exploited in the wild by sophisticated threat actors.</p><p>The vulnerabilities affect all supported versions of Ivanti Connect Secure (9.x and 22.x) and Ivanti Policy Secure products.</p><h3>Affected Vulnerabilities</h3><ul><li>CVE-2024-21887: Authentication Bypass</li><li>CVE-2024-21888: Command Injection</li></ul><h2>Technical Analysis</h2><p>The authentication bypass vulnerability (CVE-2024-21887) allows attackers to access restricted resources without valid credentials. When chained with the command injection vulnerability (CVE-2024-21888), attackers can achieve remote code execution on affected systems.</p><h3>Attack Chain</h3><ul><li>Initial access through authentication bypass</li><li>Deployment of web shells for persistence</li><li>Lateral movement within compromised networks</li><li>Potential data exfiltration activities</li></ul><h2>Impact Assessment</h2><p>The vulnerabilities pose a critical risk to organizations using Ivanti Connect Secure VPN solutions. Successful exploitation could lead to:</p><ul><li>Unauthorized access to internal networks</li><li>Data theft and intellectual property compromise</li><li>Installation of additional malware</li><li>Network persistence</li><li>Lateral movement to other systems</li></ul><h2>Recommendations</h2><p>Organizations should take immediate action to protect their environments:</p><ul><li>Apply Ivanti's external mitigation tool immediately</li><li>Monitor for signs of compromise using provided IoCs</li><li>Implement network segmentation around VPN appliances</li><li>Prepare for emergency patching when updates become available</li><li>Review VPN access logs for suspicious activity</li><li>Reset all credentials if compromise is suspected</li></ul><h2>Indicators of Compromise</h2><h3>File Paths</h3><ul><li>/home/webserver/htdocs/dana-na/css/</li><li>/home/webserver/htdocs/dana-cached/</li></ul><h3>Web Shell Signatures</h3><ul><li>check.php</li><li>dana-cached.php</li><li>dana-na.php</li></ul>

https://hlfitrjkdcidoupducby.supabase.co/storage/v1/object/public/brief-images/briefs/ivanti-connect-secure-vpn-zero-day-exploitation-2024-1772061732831.png

Critical authentication bypass and command injection vulnerabilities in Ivanti Connect Secure VPN are being actively exploited in the wild. Threat actors are deploying web shells and maintaining persistence in compromised environments.

Ivanti Security Advisory

Zero-Day Vulnerabilities in Ivanti Connect Secure and Policy Secure

Mandiant and Ivanti have disclosed active exploitation of two zero-day vulnerabilities (CVE-2024-21887 and CVE-2024-21888) affecting Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products. The vulnerabilities allow unauthenticated attackers to bypass authentication and execute arbitrary commands on affected systems.

Threat actors are exploiting these vulnerabilities to deploy web shells, establish persistence, and potentially conduct data theft operations. The campaign shows signs of sophisticated threat actor involvement, with evidence of reconnaissance and post-exploitation activities dating back to December 2023. Ivanti has released mitigation guidance and plans to issue patches in a phased approach throughout January 2024.

Active Exploitation of Ivanti Connect Secure Zero-Day Vulnerabilities (CVE-2024-21887)

<h2>Overview</h2><p>Microsoft has disclosed a significant security breach affecting its corporate email environment, perpetrated by the Russian state-sponsored advanced persistent threat (APT) group known as Midnight Blizzard. The incident, discovered on January 12, 2024, involved unauthorized access to various Microsoft corporate email accounts, including those of senior leadership team members.</p><h3>Attack Timeline</h3><ul><li>Initial Access: November 2023</li><li>Discovery: January 12, 2024</li><li>Public Disclosure: January 19, 2024</li></ul><h2>Technical Analysis</h2><p>The attack methodology employed by Midnight Blizzard demonstrated sophisticated tactics, techniques, and procedures (TTPs) consistent with their known operations:</p><ul><li>Initial access achieved through password spray attacks against a legacy non-production test tenant</li><li>Exploitation of legacy authentication systems</li><li>Privilege escalation to access production systems</li><li>Targeted exfiltration of email data</li></ul><h3>Attack Chain</h3><p>The threat actors leveraged password spray techniques to compromise a legacy test tenant account, then performed lateral movement to access the production environment. The attack specifically targeted email accounts containing information about Midnight Blizzard itself, suggesting a strategic intelligence-gathering operation.</p><h2>Impact Assessment</h2><p>The breach resulted in:</p><ul><li>Unauthorized access to senior leadership email accounts</li><li>Compromise of cybersecurity and legal department communications</li><li>Potential exposure of internal communications and sensitive information</li><li>Reputational impact on Microsoft's security posture</li></ul><h2>Recommendations</h2><p>Organizations should implement the following measures to protect against similar attacks:</p><ul><li>Enforce MFA across all accounts, including test and legacy systems</li><li>Regularly audit and decommission legacy systems and test tenants</li><li>Implement robust password policies and account monitoring</li><li>Deploy modern authentication protocols and deprecate legacy authentication</li><li>Establish comprehensive email monitoring and alerting systems</li><li>Conduct regular security assessments of non-production environments</li></ul><h2>Indicators of Compromise</h2><p>Microsoft has not publicly released specific IoCs related to this incident. Organizations should monitor for:</p><ul><li>Suspicious authentication attempts, especially password spray patterns</li><li>Unusual access patterns to email systems</li><li>Unexpected privileged access activities</li><li>Anomalous data exfiltration patterns</li></ul>

https://hlfitrjkdcidoupducby.supabase.co/storage/v1/object/public/brief-images/briefs/microsoft-midnight-blizzard-email-breach-2024-1772061680866.png

Russian state-sponsored threat actor Midnight Blizzard (APT29) compromised Microsoft's corporate email systems, accessing accounts of senior leadership and cybersecurity teams. The sophisticated attack leveraged password spray techniques to gain initial access through a legacy non-production test tenant.

Microsoft Shares Information on Attack by Nation-State Actor Midnight Blizzard

Russian Hackers Breach Microsoft's Corporate Email Systems

On January 19, 2024, Microsoft disclosed a significant security breach where Russian state-sponsored threat actor Midnight Blizzard (also known as APT29, Cozy Bear, or Nobelium) successfully compromised the company's corporate email systems. The attack, which began in November 2023, resulted in unauthorized access to email accounts belonging to members of Microsoft's senior leadership team and employees in cybersecurity and legal departments.

The threat actor executed a password spray attack against a legacy non-production test tenant account, eventually escalating privileges to access production systems. Microsoft's investigation revealed that the attackers were primarily seeking information related to Midnight Blizzard itself, demonstrating a sophisticated intelligence-gathering operation. The incident highlights the persistent threat posed by well-resourced state actors and the challenges in securing legacy systems, even for leading technology companies.

Microsoft Corporate Email Systems Breached by Midnight Blizzard (APT29)

<h2>Overview</h2><p>Security researchers have identified a significant data security incident affecting multiple enterprise customers of the Snowflake cloud data platform. The exposure resulted from misconfigured storage locations that allowed unauthorized access to internal logs and sensitive customer data, impacting major organizations including Ticketmaster, Capital One, and several Fortune 500 companies.</p><h3>Incident Timeline</h3><ul><li>Initial discovery reported by security researchers in January 2024</li><li>Exposure period estimated to be approximately 3-4 months</li><li>Snowflake implemented immediate remediation measures upon notification</li></ul><h2>Technical Analysis</h2><p>The exposure originated from misconfigured access controls on Snowflake's platform that allowed unauthorized access to:</p><ul><li>Internal query logs containing SQL statements and data structure information</li><li>Operational metadata revealing business intelligence patterns</li><li>Platform configuration details and access patterns</li><li>Some customer data elements depending on query content</li></ul><h3>Exposure Mechanism</h3><p>The misconfiguration allowed unauthorized parties to access storage locations containing customer query logs and associated metadata through improperly secured API endpoints and storage buckets.</p><h2>Impact Assessment</h2><h3>Direct Impacts</h3><ul><li>Exposure of internal data structures and business logic</li><li>Potential compromise of sensitive customer information</li><li>Risk of competitive intelligence exposure</li><li>Possible regulatory compliance violations</li></ul><h3>Secondary Impacts</h3><ul><li>Reputational damage to affected organizations</li><li>Potential for targeted attacks using exposed information</li><li>Compliance and regulatory reporting obligations</li></ul><h2>Recommendations</h2><p>Organizations using Snowflake should immediately:</p><ul><li>Audit all Snowflake instance configurations and access controls</li><li>Review and rotate access credentials</li><li>Implement additional monitoring for suspicious query patterns</li><li>Conduct impact assessments for exposed data</li><li>Consider implementing additional encryption layers for sensitive data</li></ul><h2>Indicators of Compromise</h2><ul><li>Unexpected query patterns in Snowflake logs</li><li>Unusual API access patterns</li><li>Anomalous storage access events</li><li>Unauthorized IP addresses accessing platform resources</li></ul>

https://hlfitrjkdcidoupducby.supabase.co/storage/v1/object/public/brief-images/briefs/snowflake-platform-security-incident-2024-1772061594928.png

Analysis of significant data exposure incident affecting Snowflake customers including Ticketmaster, Capital One, and others. Internal logs and sensitive data were exposed through misconfigured storage locations.

Snowflake Security Advisory

Cloud Platform Data Exposure Analysis

A major security incident has been identified affecting multiple Snowflake cloud data platform customers, including prominent organizations like Ticketmaster and Capital One. The exposure stemmed from misconfigured storage locations that allowed unauthorized access to internal logs and sensitive customer data through Snowflake's platform.

Initial investigations reveal that affected customers had their internal query logs and some operational data exposed, potentially revealing business intelligence and data structure information. While Snowflake has addressed the immediate configuration issues, the incident highlights significant concerns about cloud data platform security controls and the potential for cascading impacts across multiple enterprise customers.

Cybersecurity Intelligence,
Briefed Daily

Widespread Supply Chain Attacks Targeting PyPI and npm Package Repositories

Recent Briefs

Mass VMware ESXi Ransomware Campaign Targeting Virtual Infrastructure

Nation-State Exploitation of Fortinet FortiOS SSL-VPN Vulnerability (CVE-2024-21762)

Critical ConnectWise ScreenConnect Authentication Bypass Vulnerability Under Active Exploitation

Active Exploitation of Ivanti Connect Secure Zero-Day Vulnerabilities (CVE-2024-21887)

Microsoft Corporate Email Systems Breached by Midnight Blizzard (APT29)

Snowflake Platform Security Incident Exposing Customer Data

Stay Briefed

Cybersecurity Intelligence,Briefed Daily

Widespread Supply Chain Attacks Targeting PyPI and npm Package Repositories

Recent Briefs

Mass VMware ESXi Ransomware Campaign Targeting Virtual Infrastructure

Nation-State Exploitation of Fortinet FortiOS SSL-VPN Vulnerability (CVE-2024-21762)

Critical ConnectWise ScreenConnect Authentication Bypass Vulnerability Under Active Exploitation

Active Exploitation of Ivanti Connect Secure Zero-Day Vulnerabilities (CVE-2024-21887)

Microsoft Corporate Email Systems Breached by Midnight Blizzard (APT29)

Snowflake Platform Security Incident Exposing Customer Data

Stay Briefed

Cybersecurity Intelligence,
Briefed Daily