Skip to content
You can now search across every topic, entity and event.What's new
MonitoringTechnology· Active since 17 April 2026

Cybersecurity: Threats and Defences

10 updates · 341 entities · 90 days active

Current Assessment

Ransomware brand names and KEV freshness are both losing value as prioritisation signals; access exposure is the more reliable read.

#10
14Jul08:46

One operator worked both ransomware brands

SOCRadar traced the FortiBleed credential haul to 12 confirmed ransomware deployments and found one operator working the negotiation panels for both INC Ransom and Lynx. Microsoft closed the Nightmare Eclipse zero-day series with an out-of-band Defender patch. NCSC and 18 agencies named Russia's FSB Centre 16 over SNMP router attacks, and the UK cyber bill reached the Lords with a £17m fine ceiling.

One operator worked both ransomware brands
Read full update
#9
4Jul11:00

FortiBleed harvest linked to Lynx crew

SOCRadar has tied the 86,644-credential FortiGate harvest to the Lynx ransomware crew, cracked offline against legacy FortiOS passwords never re-hashed to PBKDF2. A SharePoint code-execution deadline falls today under CISA's new triage regime, Cisco leads a five-vendor KEV batch, and the BlueHammer Defender flaw is now weaponised for SYSTEM access. Spring's disclosures are being cashed in as the federal machine that forced prioritisation is dismantled.

FortiBleed harvest linked to Lynx crew
Read full update
#8
24Jun09:20

CISA tears up the KEV deadline rulebook

CISA revoked the directive behind its patch-deadline regime on 10 June and replaced it with a risk-tiered model, four days before Arista's deadline under the old order fell. The same fortnight produced Splunk's first-ever KEV entry, a triple CVSS-10 Ubiquiti chain, an 86,644-credential Fortinet leak, and a Five Eyes warning that AI will compress the exploit window to months.

CISA tears up the KEV deadline rulebook
Read full update
#7
14Jun11:51

VPN zero-day, no-patch KEV, late Exchange

Check Point's Remote Access VPN carried a critical authentication-bypass flaw for roughly a month before its 8 June hotfix, and a Qilin ransomware affiliate is already inside one victim. CISA set a three-day federal deadline. The same fortnight, Arista declined to patch an exploited flaw at all and Microsoft shipped its overdue Exchange fix 16 days late.

VPN zero-day, no-patch KEV, late Exchange
Read full update
#6
7Jun10:08

The 2024 patch that is breaking now

CISA added four exploited flaws to its catalogue between 1 and 3 June, spanning Oracle WebLogic, Linux containers, Android and Magento. Two were patched years ago; only the Magento bug is near-fresh. ENISA put water, rail and waste water in the EU risk zone the same week, and May ransomware ran at 95 disclosed victims with no sign of consolidation.

The 2024 patch that is breaking now
Read full update
#5
29May14:17

GitHub's own code cloned via VS Code add-on

A poisoned Nx Console extension sat on the VS Code Marketplace for 18 minutes, long enough to steal a GitHub employee's tokens and clone roughly 3,800 internal repositories. The same actor that hit Cisco's source last fortnight has now breached the registry operator itself. CISA added two AI-tier flaws and a Drupal SQL bug to KEV; the UK cyber sector cleared 14.7 billion pounds.

GitHub's own code cloned via VS Code add-on
Read full update
#3
8May10:57

CISA's deadline outruns Palo Alto's patch

CISA gave federal agencies until 9 May to fix a Palo Alto firewall flaw. The patch ships on 13 May. State-nexus attackers have been inside the same firewalls since 16 April. Trellix, cPanel and Ivanti round out a week in which the perimeter device stopped pretending to hold.

CISA's deadline outruns Palo Alto's patch
Read full update
#2
30Apr08:16

FIRESTARTER puts Cisco below the patch line

Sixteen agencies admitted on 23 April that indicators of compromise vanish faster than blocklists can absorb them. A day later, CISA and NCSC named FIRESTARTER, a Cisco firewall implant that survives every patch. The defender's job has shifted from removing the indicator to rearchitecting the device.

FIRESTARTER puts Cisco below the patch line
Read full update
#1
17Apr13:56

Stryker MDM wipe exposes identity perimeter

Iran-linked Handala wiped 80,000 to 200,000 Stryker devices across 79 countries on 11 March using one stolen Microsoft Intune admin credential, with no malware deployed. NHS Supply Chain issued a UK disruption alert; Stryker filed an SEC 8-K/A. US defenders face this with a proposed $707m CISA cut and a Citrix/F5 vendor stack still burning.

Stryker MDM wipe exposes identity perimeter
Read full update