Threat Intelligence Executive Report – Volume 2025, Number 5
This issue of the Counter Threat Unit’s high-level bimonthly report discusses noteworthy updates in the threat landscape during July and August
Similar Posts
159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure
Bys sAs many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 2024. “We continue to see vulnerabilities being exploited at a fast pace with 28.3% of vulnerabilities being exploited within 1-day of their CVE disclosure,” VulnCheck said in a report shared…
Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure
Bys sIvanti is warning that a critical security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA Gateways has come under active exploitation in the wild beginning mid-December 2024. The security vulnerability in question is CVE-2025-0282 (CVSS score: 9.0), a stack-based buffer overflow that affects Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version…
Europol and partners shut down ‘Cryptomixer’
Bys sFrom 24 to 28 November 2025, Europol supported an action week conducted by law enforcement authorities from Switzerland and Germany in Zurich, Switzerland. The operation focused on taking down the illegal cryptocurrency mixing service ‘Cryptomixer’, which is suspected of facilitating cybercrime and money laundering. Three servers were seized in Switzerland, along with the cryptomixer.io domain…….
Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update
Bys sMicrosoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks starting a year from now. The update to its Content Security Policy (CSP) aims to enhance the Entra ID sign-in experience at “login.microsoftonline[.]com” by only letting scripts from trusted Microsoft domains run. “This update strengthens security and…
CISA: No Wider Federal Impact from Treasury Cyber Attack, Investigation Ongoing
Bys sThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday said there are no indications that the cyber attack targeting the Treasury Department impacted other federal agencies. The agency said it’s working closely with the Treasury Department and BeyondTrust to get a better understanding of the breach and mitigate its impacts. “The security of federal…
Bill raising the bar for class-action suits in data breach incidents advances
Bys sRural Radio reports: A measure that would raise the bar for filing class-action lawsuits in state courts against private entities that suffer a cybersecurity breach has received first round approval in the Nebraska Legislature. Lawmakers spent a considerable amount of floor debate Tuesday and today discussing LB 241, which would require willful, wanton, or gross…