Global Patching Scramble as Critical &quot;React2Shell&quot; RCE Vulnerability Sees Widespread Exploitation

DeadLock Ransomware Deploys New "Bring Your Own Vulnerable Driver" Tactic to Disable Security Tools

A new DeadLock ransomware campaign is leveraging a novel "Bring Your Own Vulnerable Driver" (BYOVD) loader to exploit a vulnerability (CVE-2024-51324) in a legitimate Baidu Antivirus driver, `BdApiUtil.sys`. This technique allows the threat actors to terminate any process, including endpoint detection and response (EDR) and antivirus solutions, from the kernel level. By blinding security tools, the attackers can deploy the ransomware unimpeded. The attack chain, analyzed by Cisco Talos, also involves PowerShell scripts to disable Windows Defender and delete volume shadow copies, severely hindering detection and recovery efforts.

RansomwareDeadLockBYOVDEDR EvasionKernel +1 more

DeadLock Ransomware Uses Vulnerable Baidu Driver to Blind EDRs

Code-to-Cloud Attacks: Leaked GitHub Tokens Become Keys to the Kingdom

New "Code-to-Cloud" Attack Vector Sees Threat Actors Pivot From GitHub to Cloud Environments via Leaked PATs

Security researchers at Wiz have detailed an emerging "code-to-cloud" attack vector where threat actors leverage compromised GitHub Personal Access Tokens (PATs) to pivot from code repositories directly into production cloud environments. By abusing the trust between GitHub and connected Cloud Service Providers (CSPs), attackers with even basic read permissions can discover secret names, then use write permissions to execute malicious GitHub Actions that exfiltrate CSP credentials. The attack is particularly stealthy as API calls to search for secret names are not logged by GitHub Enterprise, creating a major visibility gap for defenders.

DevSecOpsGitHubCloud SecurityCI/CDPersonal Access Token +2 more

6 min read

Code-to-Cloud Attacks: Leaked GitHub Tokens Become Keys to the Kingdom

New 'Broadside' Botnet Exploits DVRs to Target Maritime Logistics

'Broadside' Botnet Exploits DVR Flaw, Posing Significant Threat to Maritime Logistics Sector

A new, sophisticated variant of the Mirai botnet, dubbed "Broadside," is actively exploiting a command injection vulnerability (CVE-2024-3721) in TBK Digital Video Recorder (DVR) devices. According to research from Cydome, the campaign specifically targets the maritime logistics sector, where these DVRs are common. Broadside is more advanced than typical Mirai variants, using stealthier techniques and a custom C2 protocol. Crucially, its goals extend beyond DDoS to include credential harvesting and lateral movement, turning compromised DVRs into strategic footholds on vessel networks.

BotnetMiraiBroadsideMaritime SecurityIoT +3 more

6 min read

New 'Broadside' Botnet Exploits DVRs to Target Maritime Logistics

AI Threat Hunting Exposes 'GhostPenguin,' a Linux Backdoor Undetected for Months

MEDIUM

Undetected for Over Four Months, 'GhostPenguin' Linux Backdoor Exposed by AI-Powered Threat Hunting

Researchers at Trend Micro have discovered "GhostPenguin," a sophisticated, multi-threaded Linux backdoor written in C++. The malware remained completely undetected on VirusTotal for over four months after its initial submission. It was ultimately found using an AI-driven automated threat hunting pipeline designed to analyze zero-detection samples. GhostPenguin provides attackers with full remote shell access and file system control over an RC5-encrypted UDP channel, using port 53 to masquerade as DNS traffic, highlighting the growing need for AI in detecting emerging, stealthy threats.

LinuxBackdoorGhostPenguinThreat HuntingAI +2 more

AI Threat Hunting Exposes 'GhostPenguin,' a Linux Backdoor Undetected for Months

Vishing Attackers Impersonate IT on Teams, Trick Users into Running Fileless Malware

MEDIUM

Vishing Campaign Abuses Microsoft Teams and QuickAssist to Deploy Fileless .NET Malware

A sophisticated vishing (voice phishing) campaign is abusing trusted enterprise tools to deploy stealthy malware. Attackers impersonate IT support staff on Microsoft Teams, convincing users to initiate a Windows Quick Assist session. Once they have remote access, the attackers direct the user to a malicious site to download a loader. This loader then fetches an encrypted payload and executes it directly in memory using .NET reflection, a fileless technique designed to evade traditional antivirus and endpoint detection solutions. The campaign highlights the increasing trend of blending social engineering with the abuse of legitimate software.

VishingSocial EngineeringMicrosoft TeamsQuickAssistFileless Malware +1 more

Vishing Attackers Impersonate IT on Teams, Trick Users into Running Fileless Malware

IBM Rolls Out Critical Patches for AIX, Cloud Pak, and Other Enterprise Software

MEDIUM

IBM Issues Critical Security Updates for AIX, Aspera Shares, Cloud Pak, and More

IBM has released a wave of security updates addressing vulnerabilities in numerous enterprise products, prompting an advisory from the Canadian Centre for Cyber Security. The bulletins, published between December 1 and December 7, 2025, include critical patches for IBM AIX, VIOS, Aspera Shares, Business Automation Workflow, and Cloud Pak System, among others. Administrators are strongly urged to review the advisories and apply the necessary updates promptly to protect their infrastructure from potential exploitation.

IBMPatch ManagementVulnerabilityAIXCloud Pak +2 more

4 min read

IBM Rolls Out Critical Patches for AIX, Cloud Pak, and Other Enterprise Software

Race for Secure Digital Identity Heats Up with New Platforms from IBM and Turing Space

INFORMATIONAL

IBM and Turing Space Launch New Digital Credential and Identity Platforms to Counter AI Threats

The digital identity space is seeing rapid innovation as IBM launches "Verify Digital Credentials," a new platform for issuing and authenticating secure digital documents like licenses and academic records. Built on open standards, it aims to reduce breach risk by decentralizing data storage. Concurrently, decentralized identity provider Turing Space is partnering with the IOTA blockchain to enhance its own verification offering, aiming to lower costs for enterprise-scale deployment. These moves highlight an industry-wide push towards verifiable credentials as a foundational defense against the growing threat of AI-powered deepfakes and identity fraud.

Digital IdentityVerifiable CredentialsSelf-Sovereign IdentitySSIBlockchain +1 more

4 min read

Race for Secure Digital Identity Heats Up with New Platforms from IBM and Turing Space

Updated Articles (1)

Supply Chain Attack: Marquis Software Breach Hits 74 Banks, Akira Ransomware Suspected

Updated: December 9, 2025

Marquis Software Solutions Breach Exposes Data of Over 400,000 Customers from 74 U.S. Financial Institutions

Update:

New information reveals the Marquis Software breach may affect up to 780,000 customers, an increase from initial estimates. The attack, detected August 14, 2025, specifically exploited SonicWall vulnerability CVE-2024-40766. Reports suggest Marquis may have paid a ransom to prevent data release. Compromised data includes Social Security numbers and financial account details. New cyber observables include Mimikatz for credential access and `vssadmin.exe delete shadows` for impact, providing critical TTPs for detection.

December 8, 2025