Elles De Yeager
-
Unnamed APT Exploits Zero-Days in Citrix and Cisco, Targeting Critical Infrastructure
An unnamed advanced persistent threat (APT) group exploited zero-day vulnerabilities in Citrix NetScaler ADC and Gateway, dubbed “CitrixBleed 2,” and a critical flaw in Cisco Identity Service Engine (ISE). The attacks targeted essential identity and network access control infrastructure.
-
WhatsApp to Face Stricter EU Oversight Under Digital Services Act
The European Commission is set to classify WhatsApp as a ‘very large online platform’ under the Digital Services Act (DSA), imposing stricter regulatory oversight due to its over 45 million monthly active users in the EU. This move mandates enhanced content moderation, transparency, and continuous risk assessment for the messaging service.
-
Ukraine Conflict Spurs Anti-Drone Netting for Armored Vehicles
The Ukraine conflict has spurred significant advancements in anti-drone netting for armored vehicles, leading defense manufacturers to develop innovative protective systems like TAC-Q-Net to counter evolving low-altitude drone threats.
-
Microsoft Patches Actively Exploited Windows Kernel Zero-Day in November Update
Microsoft has addressed an actively exploited Windows Kernel zero-day vulnerability (CVE-2025-62215) in its November security updates, urging users to apply patches immediately to mitigate exploitation risks.
-
Fantasy Hub: New Android RAT Leverages Telegram for MaaS Operations
Security researchers discovered “Fantasy Hub,” a new Android remote access trojan (RAT) operating as a Malware-as-a-Service (MaaS) platform.
-
Russian Initial Access Broker Pleads Guilty in US for Yanluowang Ransomware Attacks
A Russian initial access broker (IAB) pleaded guilty in the United States for facilitating at least seven Yanluowang ransomware attacks, demanding $24 million from American organizations. This case highlights the crucial role of IABs in the cybercriminal ecosystem and international law enforcement efforts to combat ransomware.
-
GootLoader Returns with Novel WOFF2 Font Obfuscation and WordPress Exploits
GootLoader returns with novel WOFF2 font obfuscation and WordPress exploits, rapidly compromising networks. The malware uses custom WOFF2 fonts and exploits WordPress comment sections to deliver malicious payloads.
-
Russia Claims to Foil Anglo-Ukrainian Fighter Jet Hijack Plot
Russia’s Federal Security Service (FSB) claims to have foiled an Anglo-Ukrainian plot to hijack a Russian MiG-31 fighter jet equipped with Kinzhal hypersonic missiles, highlighting the ongoing intelligence efforts in the conflict.
-
Critical XSS Flaw Found in GitHub Enterprise Server: Immediate Update Recommended
A critical DOM-based Cross-Site Scripting (XSS) vulnerability, identified as CVE-2025-11892, has been uncovered in GitHub Enterprise Server, posing a significant risk of privilege escalation and unauthorized workflow triggers. Immediate update to affected systems is highly recommended to mitigate this high-severity flaw.
-
Critical Flaw in Combodo iTop Exposes Systems to Remote Code Execution
A critical security flaw in Combodo iTop, a widely adopted IT service management platform, could allow attackers to achieve remote code execution (RCE) and gain full control over affected systems.