MSHTML CVE-2021-40444 vulnerability
MSHTML CVE-2021-40444 technical analysis: ActiveX abuse via Office documents, exploitation chain, mitigation steps and IOC indicators.
Blog · research & analysis
Latest analysis
Read the analysis
REvil/Sodinokibi Ransomware decryptor
Universal decryptor released for REvil/Sodinokibi: scope of recovery, conditions of usability and operational guidance for victims with encrypted backups.
OMIGOD: critical vulnerabilities in Azure cloud services
OMIGOD vulnerability set in Azure Open Management Infrastructure (OMI): unauthenticated RCE, automatic agent installation and remediation guidance for Azure tenants.
REvil infrastructure back online
REvil ransomware infrastructure resurfaces after the July 2021 shutdown: leak site, payment portal status and tracking signals for the rebuilt operation.
MSHTML vulnerability — Defence and Threat Hunting
MSHTML vulnerability defensive approach: telemetry sources, hunting queries, indicators of exploitation and detection rules for SOC teams.
Fortinet Firewall: compromises in Italy
Fortinet firewall compromises observed across Italian organisations: leaked credentials, exploitation patterns and remediation priorities.
STRRAT malware and JRE abuse
STRRAT remote access trojan leveraging Java Runtime Environment for cross-platform persistence: capabilities, distribution patterns and detection considerations.
Atlassian Confluence: ongoing attacks
Active exploitation of Atlassian Confluence vulnerabilities: CVEs targeted, post-exploitation behaviour, IOCs observed and remediation steps for affected deployments.
Babuk ransomware source code leaked
Babuk ransomware source code leak: implications for clone development, copycat groups, detection-engineering opportunities and downstream variant tracking.
