On July 18th, 2025, ESET researchers publicly disclosed the CVE-2025-8088 vulnerability.  Although WinRAR’s response was swift with the release of a patch (version 7.13) on July 30, 2025 the window between disclosure and patch availability was long enough for adversaries to weaponize the flaw and conduct successful intrusions.   This campaign explores in depth how CVE-2025-8088 […]

Microsoft recently faced critical vulnerabilities in on-premises SharePoint servers that have been actively exploited in the wild.   To mitigate these threats, Microsoft issued customer guidance and released security updates for CVE-2025-53770 and CVE-2025-53771, covering all supported SharePoint versions.  In this month’s campaign, we’re dissecting this multi-stage exploit chain, known as the ToolShell campaign.   Let’s dig […]

Threat actors are increasingly exploiting legitimate signed software to gain elevated privileges and bypass system defenses.  In this month’s campaign, we will explore the RTCore driver (RTCore64.sys) from MSI™ Afterburner, used for overclocking graphics cards, and how, when running in kernel mode, it can provide low-level access to hardware. Overview of the RTCore driver exploitation  […]

In this month’s campaign, we’re featuring a spotlight on a BYOVD attack enabled by Paragon vulnerabilities in the BioNTdrv.sys driver. The Paragon driver BioNTdrv.sys is a kernel-mode driver that is primarily associated with Paragon’s Hard Disk Manager. Let’s take a closer look. The BioNTdrv.sys driver is used in operations such as:  Paragon Hard Disk Manager […]

This month’s campaign features a spotlight on CVE-2024-45595, a critical eval injection flaw in D-Tale.   Access the full spotlight below. What is D-Tale?  D-Tale is a free, open source tool built with Python that provides a web interface for exploring and visualizing pandas DataFrames. It helps data scientists and analysts to inspect, filter, and […]

Silent. Precise. Lethal.   They don’t just breach systems. They infiltrate clouds, compromise supply chains, and vanish without a trace.   Meet APT10, one of the world’s most dangerous nation-backed threat groups.  Who is the APT10 threat group?  APT10, also known as menuPass, Stone Panda, POTASSIUM, CVNX, and others, is a sophisticated threat group widely attributed to […]

Banshee InfoStealer: The Threat You Can’t Ignore  A Next-Gen Malware Demands Next-Level Defense: Banshee InfoStealer is rewriting the rules with stealth tactics that evade even the sharpest security tools and most seasoned professionals. Traditional defenses aren’t enough—it’s time to outthink the adversary.  Our latest Spotlight uncovers how Banshee operates, from its inner workings to real-world […]

Spotlight on APT44 (Sandworm): Defend Against a Notorious Threat APT44—also known as Sandworm, ELECTRUM, and VOODOO BEAR—is a destructive threat group linked to Russia’s Unit 74455. Active since 2009, it targets governments, defense, energy, media, and civil organizations, disrupting elections, leaking data, and attacking critical infrastructure. This month’s Spotlight equips you with the insights and […]

Inside This Campaign: Stay Ahead of Emerging ThreatsDiscover Fancy Bear (APT28)•Who they are: A Russian cyber-espionage group linked to military intelligence.•Their mission: Advanced geopolitical intelligence gathering.Here’s What You’ll Do in this Month’s Spotlight Campaign:•Learn about Fancy Bear Group.•Unpack the “”Nearest Neighbor”” attack.•Explore critical mitigation strategies.•Strengthen defenses to counter evolving tactics.Equip yourself today with the knowledge […]