Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the vast landscape of cybersecurity, it’s often not the zero-click iPhone exploits or flashy ransomware variants that expose the most users — sometimes it’s the tools we’ve trusted for decades. One such example is CVE-2025-33028, a vulnerability in WinZip, a program that’s been a staple in personal and corporate environments for over 30 years.

Organizations operating in today's rapidly changing digital age face mounting threats to the level of security. Deployment of conventional methods to vulnerability management by periodic scans and blanket scoring will no longer be adequate. Instead, strategy should shift direction toward risk-based vulnerability management towards protection of digital assets.

Cybersecurity is not merely about firewalls and antivirus anymore—now, your biggest vulnerability might be a third-party vendor. As companies more and more depend on outside partners, third-party hacks have become one of the biggest threats to business security.

Researchers at Foresiet have analyzed a Remote Access Trojan (RAT) known as NetSupport Manager. Originally developed as a legitimate remote access and IT support tool, NetSupport Manager has a history spanning over two decades. It provides features such as file transfer, remote desktop sharing, chat support, screen monitoring, and inventory tracking. However, in recent years, threat actors have increasingly weaponized this tool in malicious campaigns.

A newly disclosed vulnerability in Ivanti Connect Secure (ICS) VPN appliances has been weaponized in the wild by a Chinese nation-state threat actor, UNC5221. Tracked as CVE-2025-22457, this critical stack-based buffer overflow vulnerability allows unauthenticated remote attackers to execute arbitrary code, posing a significant risk to enterprise networks.

With an information era in which information equals money and threats change daily, Artificial Intelligence (AI) has become a frontline watchman of the world against cyberattacks. From credential stuffing discovery to darknet monitoring capabilities, AI is empowering security teams with the capability to predict, identify, and defeat threats quicker than ever before. But while AI tools redefine defense systems, they also introduce new challenges of transparency, compliance, and ethical governance.

Mobile banking has quickly become a way of life — whether you're transferring cash on the go, checking your balance from your wristwatch, or paying dinner bills with a QR code. But with convenience, there is risk. Cybercrooks are tuning in, testing, and coming up with more ways to get in. From synthetic identities to fake apps, the threats are imminent and continuous.

Recently, a new ransomware group, Anubis, has emerged, making its presence known on Twitter. The Foresiet Threat Intel team monitored their activity and observed a new ransomware operation being advertised on their account. The group updated their profile picture and began posting about their latest breaches. Through analysis of their communication patterns and language, Foresiet has determined that the operators behind Anubis likely belong to a Russian-speaking threat group.

Over the past few days, we have been in direct contact with a hacker who goes by the alias Rose87168. He claims to have breached Oracle Cloud systems, specifically targeting Oracle WebLogic and Oracle Access Manager (OAM). The hacker has provided us with multiple files and data samples, including a tree file and a 10,000-line dataset, which allegedly contain sensitive configuration files, user authentication data, and directory structures from Oracle's infrastructure.

The virtual world is ever-changing, as are the cybercriminals who continue to evolve in order to circumvent even the strongest security systems. The newest threat to hit the headlines is CoffeeLoader—a second-stage payload dropper designed to bypass endpoint security tools, digital forensic tools, and EDR (Endpoint Detection and Response) tools.