Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Researchers at Foresiet have analyzed a Remote Access Trojan (RAT) known as NetSupport Manager. Originally developed as a legitimate remote access and IT support tool, NetSupport Manager has a history spanning over two decades. It provides features such as file transfer, remote desktop sharing, chat support, screen monitoring, and inventory tracking. However, in recent years, threat actors have increasingly weaponized this tool in malicious campaigns.

A newly disclosed vulnerability in Ivanti Connect Secure (ICS) VPN appliances has been weaponized in the wild by a Chinese nation-state threat actor, UNC5221. Tracked as CVE-2025-22457, this critical stack-based buffer overflow vulnerability allows unauthenticated remote attackers to execute arbitrary code, posing a significant risk to enterprise networks.

With an information era in which information equals money and threats change daily, Artificial Intelligence (AI) has become a frontline watchman of the world against cyberattacks. From credential stuffing discovery to darknet monitoring capabilities, AI is empowering security teams with the capability to predict, identify, and defeat threats quicker than ever before. But while AI tools redefine defense systems, they also introduce new challenges of transparency, compliance, and ethical governance.

Mobile banking has quickly become a way of life — whether you're transferring cash on the go, checking your balance from your wristwatch, or paying dinner bills with a QR code. But with convenience, there is risk. Cybercrooks are tuning in, testing, and coming up with more ways to get in. From synthetic identities to fake apps, the threats are imminent and continuous.

The virtual world is ever-changing, as are the cybercriminals who continue to evolve in order to circumvent even the strongest security systems. The newest threat to hit the headlines is CoffeeLoader—a second-stage payload dropper designed to bypass endpoint security tools, digital forensic tools, and EDR (Endpoint Detection and Response) tools.

Recently, a new ransomware group, Anubis, has emerged, making its presence known on Twitter. The Foresiet Threat Intel team monitored their activity and observed a new ransomware operation being advertised on their account. The group updated their profile picture and began posting about their latest breaches. Through analysis of their communication patterns and language, Foresiet has determined that the operators behind Anubis likely belong to a Russian-speaking threat group.

Over the past few days, we have been in direct contact with a hacker who goes by the alias Rose87168. He claims to have breached Oracle Cloud systems, specifically targeting Oracle WebLogic and Oracle Access Manager (OAM). The hacker has provided us with multiple files and data samples, including a tree file and a 10,000-line dataset, which allegedly contain sensitive configuration files, user authentication data, and directory structures from Oracle's infrastructure.

On March 20, 2025, a threat actor known as Rose87168 posted on the dark web, claiming to be selling breached Oracle Cloud Traditional servers along with approximately 6 million exfiltrated user records. The hacker did not mention the price for the stolen data. He alleged that critical information, including SSO (Single Sign-On) and LDAP credentials, Java Keystore (JKS) files, passwords, and authentication keys, was stolen from Oracle’s login infrastructure.

In a record-breaking transaction that reflects the increasing importance of multicloud security, Google is to acquire cloud security giant Wiz in a whopping $32 billion all-cash deal. The largest deal by Google so far, the buyout marks a seismic step ahead in its cloud security offerings. As cyber threats continue to evolve at a record pace, businesses are looking for better, AI-driven solutions to protect their cloud-based digital properties.