ViewState Deserialization Zero-Day in Sitecore Products — CVE-2025-53690
TL;DR Mandiant discovered an active ViewState deserialization attack against Sitecore instances that relied on a sample ASP.NET machine key published…
BRICKSTORM Backdoor Targeting Tech and Legal Sectors, Google and Mandiant Warn
TL;DR Google Threat Intelligence Group and Mandiant report renewed BRICKSTORM backdoor activity used to maintain long-term access in U.S. organizations,…
UNC6040 vishing attacks: Proactive hardening and detection for SaaS
TL;DR Google Threat Intelligence Group profiles UNC6040 as a financially motivated cluster using voice phishing to trick employees into granting…
Oracle E-Business Suite Zero-Day Used in Large-Scale Extortion Campaign
TL;DR Google Threat Intelligence Group and Mandiant tracked a mass extortion campaign beginning Sept. 29, 2025, in which an actor…
North Korea’s UNC5342 Uses EtherHiding to Deliver Malware via Blockchains
TL;DR Google Threat Intelligence Group reports that the DPRK-linked threat cluster UNC5342 has been using EtherHiding since February 2025 to…
UNC5142 Abuses BNB Smart Chain and EtherHiding to Spread Infostealers
TL;DR Mandiant Threat Defense and Google Threat Intelligence Group have tracked UNC5142 since late 2023; the financially motivated group compromises…
New ROBOT Malware Family Linked to Russian State-Sponsored COLDRIVER
TL;DR Google's Threat Intelligence Group links a set of new malware families to Russian state-sponsored actor COLDRIVER after the public…
Pro-Russia Influence Networks Exploit September Drone Incursion into Poland
TL;DR Google Threat Intelligence Group (GTIG) observed multiple pro‑Russia information operation (IO) actors amplifying narratives after reported Russian drone incursions…
Defending Privileged Accounts: Monitoring Strategies for Modern IT Environments
TL;DR Mandiant outlines a threat-informed approach to protecting privileged accounts as cloud migration and non-human identities expand the attack surface.…