Skip to main content

Tag: mandiant

48 articles

Network operations room with a central controller device on a desk amidst computer equipment.

Cisco SD-WAN Zero-Day Exploited for Root Access

A shocking new discovery reveals that a Cisco SD-WAN zero-day vulnerability, CVE-2026-20245, was exploited for root access at least two months before its public disclosure. This highly critical flaw, with a CVSS score of 7.8, allows attackers to execute arbitrary commands with elevated privileges.

Analyst 207
Server room with rows of equipment and a blurred laptop screen in the foreground.

Hackers Exploit KnowledgeDeliver Flaw to Install Web Shells

Hackers have exploited a critical flaw in KnowledgeDeliver, using it as a zero-day to sneakily install a powerful .NET web shell called Godzilla on vulnerable servers. This sneaky attack was made possible by a deserialization vulnerability, CVE-2026-5426, that allowed threat actors to execute code at the operating-system level.

Analyst 207
A computer workstation with a laptop and large monitor sits in a university computer lab or corporate training room.

Mandiant Exposes KnowledgeDeliver Vulnerability via ViewState Deserialization

A critical vulnerability, CVE-2026-5426, was discovered in KnowledgeDeliver installations, allowing unauthenticated remote code execution across multiple customer sites due to identical ASP.NET machineKey values. This widespread flaw was caused by a standardized web.config with hardcoded keys, used across deployments, leaving sites vulnerable to attack.

Analyst 207
Disarrayed computer network operations center with analysts at work amidst scattered papers and idle equipment.

Remediation Programs Often Fail to Validate Fixes

The alarming truth is that remediation programs often fall short, with a staggering mismatch between the speed of exploits and fixes - Mandiant's report reveals a mean time to exploit of just -7 days, while Verizon's data shows a median remediation time of 32 days.

Analyst 207
Laptop screen displays Microsoft Teams conversation in bright office setting.

Microsoft Teams Used to Deploy Sophisticated Snow Malware

Cyber attackers have cleverly used Microsoft Teams to deploy a sophisticated malware suite, dubbed Snow, by tricking victims into installing a fake anti-spam patch that ultimately led to prolonged access, credential theft, and domain compromise. They started by creating a sense of urgency through email bombing, then followed up with a direct message on Microsoft Teams.

Analyst 207
Empty conference hall with podium and blurred laptop screen.

Mandiant VP Warns of Resurgent Cybersecurity Risks in AI Deployments

As organizations rush to adopt AI, they're reviving long-standing cybersecurity failures, warns Mandiant VP Jurgen Kutscher, who urges a focus on basic security controls over new AI-specific threats. Neglecting these fundamentals leaves AI-enabled environments vulnerable to measurable operational weaknesses.

Analyst 207
Person in a hoodie with obscured face sits in front of laptop displaying cityscape, surrounded by network-like lines and…

Mandiant Report Reveals Evolving Cyber Threat Tactics

Discover the alarming evolution of cyber threats in Mandiant's M-Trends 2026 report, which reveals a stark reality: attackers are now operating under two distinct playbooks, drastically changing the detection, response, and risk landscape. The report uncovers a significant increase in global median dwell time to 14 days, with some attacks lingering for as long as 122 days.

Analyst 207
Unfortunately you didn't provide the article title or the image prompt. Please provide them so I can generate the alt text.

A single unpatched flaw in a Dell storage appliance became a playground for hackers, allowing months of undetected espionage and the deployment of sneaky new backdoors. A joint investigation by Mandiant and Google Threat Intelligence Group uncovered this alarming zero-day exploit, which has been wreaking havoc since mid-2024.

Analyst 207
Iran Launches Alarming Password-Spraying Attacks on M365 Accounts

Iran Launches Alarming Password-Spraying Attacks on M365 Accounts

As Iran's missile strikes leave destruction in their wake, a stealthier threat is emerging: coordinated password-spraying attacks targeting Microsoft 365 accounts of municipal authorities in the region. This sinister campaign seems to be exploiting the chaos, striking when defenses are down.

Analyst 207
MonsterV2 malware: Dangerous Stunning Threat

MonsterV2 malware: Dangerous Stunning Threat

Researchers uncovered TA585’s sophisticated campaign delivering a new MonsterV2 variant, using modular malware, resilient infrastructure and advanced obfuscation that can bypass signature-based defenses. Organizations should adopt layered detection, tighten email gateways and share intelligence now to stay ahead of these increasingly professionalized criminal operators.

Analyst 207
Oracle E-Business Suite: Stunning Critical Breach Risk

Oracle E-Business Suite: Stunning Critical Breach Risk

A zero-day in Oracle E-Business Suite, actively exploited by CL0P since Aug. 9, 2025, likely hit dozens of organizations and put payroll, financial and HR data at risk. Security teams and leaders are racing to contain the damage, patch systems and lock down access before attackers strike again.

Analyst 207
Clop ransomware: Exclusive Risky Extortion Alert

Clop ransomware: Exclusive Risky Extortion Alert

Extortion emails claiming stolen Oracle E‑Business Suite data are rattling execs — but Google and Mandiant say they’ve found no proof, leaving companies stuck between precaution and panic. The result: tough choices about trust, disclosure and whether to pay up for silence when the evidence is murky.

Analyst 207
Google Threat Intelligence: Exclusive Risky 393-Day Breach

Google Threat Intelligence: Exclusive Risky 393-Day Breach

Google says China-linked attackers have quietly lived inside many enterprise networks since March — an average of 393 days — installing persistent backdoors and exfiltrating sensitive IP. The takeaway: tighten access, boost detection, and treat long dwell times as an urgent business and security priority.

Analyst 207
ViewState deserialization: Critical Must-Have Patch

ViewState deserialization: Critical Must-Have Patch

When Sitecore patches were abused in an active ViewState deserialization attack, Google Cloud’s Mandiant stepped in to disrupt the campaign — a stark reminder to inventory Sitecore instances, apply patches immediately, and enable ViewState protections to prevent fast-moving compromises.

Analyst 207
OAuth tokens: Stunning Risky Drift AI Data Breach

OAuth tokens: Stunning Risky Drift AI Data Breach

A recent campaign abused compromised OAuth and refresh tokens tied to the Drift AI chat agent to siphon data from Salesloft—potentially creating a corridor into downstream Salesforce records. If you used Salesloft–Drift integrations, assume exposure: revoke tokens, rotate credentials, enable MFA, and audit access immediately.

Analyst 207
CORNFLAKEV3 backdoor: Dangerous, Stunning Threat

CORNFLAKEV3 backdoor: Dangerous, Stunning Threat

Cybercriminals are tricking people into clicking fake CAPTCHA boxes with a social-engineering tactic called ClickFix, which silently installs the powerful CORNFLAKE.V3 backdoor and hands attackers long-term access. Stay cautious: treat unexpected verification prompts as suspicious, keep your browser and extensions up to date, and use script-blockers in untrusted contexts.

Analyst 207
SharePoint RCE flaw: Urgent Critical Must-Have Patch

SharePoint RCE flaw: Urgent Critical Must-Have Patch

A newly disclosed SharePoint RCE is being actively exploited—apply Microsoft’s emergency patches immediately and scan for signs of compromise. Then harden access controls, rotate credentials, and verify backups so a single flaw can’t turn into a major breach.

Analyst 207
Security Leaders Warn on Marco Rubio AI Imposter Risks

Security Leaders Warn on Marco Rubio AI Imposter Risks

Imagine receiving a text and voice message that sound exactly like a trusted political leader—only to discover it’s a convincing AI impersonation designed to deceive. Security experts warn that these digital doppelgängers are not just sci-fi—they’re a growing threat to trust and safety in today’s political landscape.

Analyst 207
Rising MOVEit Transfers May Reveal Emerging Cyber Threats

Rising MOVEit Transfers May Reveal Emerging Cyber Threats

With cybercriminals increasingly targeting MOVEit Transfer, it’s time to ask: how safe is the sensitive data you trust to these platforms? Discover why rising scans could signal a looming wave of cyber threats and what that means for your security.

Analyst 207
Patch Tuesday June 2025 Updates: Essential Security Fixes Reviewed

Patch Tuesday June 2025 Updates: Essential Security Fixes Reviewed

Wondering if your computer is truly secure? This June’s Patch Tuesday brings crucial updates fixing 67 vulnerabilities— including actively exploited flaws—making it a must for everyone to patch now and stay one step ahead of cyber threats.

Analyst 207
Why LLMs Fail in Vulnerability Discovery and Exploitation

Why LLMs Fail in Vulnerability Discovery and Exploitation

Think AI can effortlessly spot and exploit cybersecurity flaws? Discover why even the smartest large language models still stumble when it comes to real-world vulnerability hunting and hacking.

Analyst 207
NimDoor Malware on macOS: A Resilient Crypto-Theft Threat

NimDoor Malware on macOS: A Resilient Crypto-Theft Threat

Discover the resilient NimDoor malware on macOS, a potent crypto-theft threat targeting users and compromising digital assets. Stay informed and protected.

Analyst 207
Weak Protection Relays Endanger Power Grid Security

Weak Protection Relays Endanger Power Grid Security

Weak protection relays compromise power grid security, increasing the risk of outages and failures. Strengthening these systems is crucial for reliability.

Analyst 207
Rethinking Asset Inventory: The Need for a Fresh Approach in OT

Rethinking Asset Inventory: The Need for a Fresh Approach in OT

Discover innovative strategies for asset inventory in operational technology (OT) to enhance efficiency, accuracy, and security in today’s dynamic environments.

Analyst 207