A new day, a new menace for cyber defenders. A novel vulnerability in Medixant RadiAnt DICOM Viewer—a popular PACS DICOM viewer for medical imaging—allows hackers to execute machine-in-the-middle (MitM) attacks.  GitHub reports that by late 2024, an average of 115 CVEs were disclosed daily, with a 124% rise in cyberattacks exploiting vulnerabilities in Q3 2024. […]

The post CVE-2025-1001 Vulnerability in Medixant RadiAnt DICOM Viewer Enables Threat Actors to Perform Machine-in-the-Middle Attacks  appeared first on SOC Prime.

Following the investigation into UAC-0212’s increasing activity against multiple organizations in Ukraine’s critical infrastructure sector, CERT-UA notifies the global cyber defender community of the reemergence of another hacking group in the Ukrainian cyber threat arena. The organized criminal group tracked as UAC-0173 has been conducting a series of phishing attacks against notaries impersonating the sender […]

The post UAC-0173 Activity Detection: Hackers Launch Phishing Attacks Against Ukrainian Notaries Using the DARKCRYSTALRAT Malware appeared first on SOC Prime.

A novel max-severity RCE vulnerability (CVE-2025-27364) in MITRE Caldera poses a serious risk of system compromise. The flaw can also be chained with another Parallels Desktop security issue, CVE-2024-34331, to double the risks of threats. If exploited, these security issues could provide hackers with full system control, causing unauthorized access, data breaches, and further lateral […]

The post CVE-2025–27364 in MITRE Caldera: Exploitation of a New Max-Severity RCE Vulnerability via Linker Flag Manipulation Can Lead to Full System Compromise  appeared first on SOC Prime.

In Q1 2024, defenders uncovered destructive cyberattacks against the information and communication technology systems (ICT) of approximately 20 organizations in the critical infrastructure sector across 10 regions of Ukraine. CERT-UA has been observing this activity tracked as a separate threat cluster, UAC-0133, which, with a high level of confidence, is linked to a nefarious russia-afiliated […]

The post UAC-0212 Attack Detection: Hackers Linked to UAC-0002 aka Sandworm APT Subcluster Launch Targeted Attacks Against the Ukrainian Critical Infrastructure  appeared first on SOC Prime.

Hard on the heels of the recent disclosure of CVE-2025-0108 exploitation affecting Palo Alto Networks PAN-OS products, another critical vulnerability comes to light. Defenders identified a new critical relative path traversal vulnerability in Ping Identity PingAM Java Policy Agent, CVE-2025-20059, which gives attackers the green light to inject malicious parameters spreading the infection further. The […]

The post CVE-2025-20059: Relative Path Traversal Vulnerability in Ping Identity PingAM Java Policy Agent appeared first on SOC Prime.

A recently patched firewall flaw in Palo Alto Networks PAN-OS, tracked as CVE-2025-0108, lets cybercriminals with network access to the management web interface bypass authentication and execute certain PHP scripts. Although this doesn’t lead to remote execution of malicious code, this critical flaw still poses risks to the integrity and security of PAN-OS products. The […]

The post CVE-2025-0108 Detection: Active Exploitation of an Authentication Bypass Palo Alto Networks PAN-OS Software appeared first on SOC Prime.

Increasing ransomware volumes, expanding hacker collectives, and record-breaking damage costs are redefining the cyber risk arena. The FBI, CISA, and partners have recently issued a joint cybersecurity alert warning the global cyber defender community of increasing Ghost (Cring) ransomware attacks aimed at financial gain. China-affiliated hackers have compromised organizations from multiple industries, including the critical […]

The post Ghost (Cring) Ransomware Detection: The FBI, CISA, and Partners Warn of Increasing China-Backed Group’s Attacks for Financial Gain appeared first on SOC Prime.

Two newly uncovered security flaws in the open-source OpenSSH suite tracked as CVE-2025-26465 and CVE-2025-26466 could enable adversaries to launch machine-in-the-middle/man-in-the-middle (MitM) or denial-of-service (DoS) attacks.  With the growing number of weaponized CVEs, proactive detection of vulnerability exploitation is more critical than ever. In just the first two months of 2025, 6,127 new vulnerabilities have […]

The post CVE-2025-26465 & CVE-2025-26466 Vulnerabilities Expose Systems to Man-in-the-Middle and DoS Attacks appeared first on SOC Prime.

A novel PostgreSQL flaw, CVE-2025-1094, has hit the headlines. Defenders recently revealed that attackers responsible for weaponizing a BeyondTrust zero-day RCE are also in charge of abusing another critical security issue in PostgreSQL. SOC Prime Platform for collective cyber defense helps organizations proactively detect vulnerability exploitation attempts using relevant context-enriched Sigma rules compatible with dozens of SIEM, […]

The post CVE-2025-1094 Exploitation, a Critical SQL Injection Vulnerability in PostgreSQL That Can Lead to Arbitrary Code Execution  appeared first on SOC Prime.

The nefarious cyber-espionage hacking collective tracked as EarthKapre or RedCurl APT has resurfaced to target legal sector organizations using Indeed-themed phishing. In the latest attack, adversaries notorious for highly sophisticated offensive capabilities applied reconnaissance commands and tools, exfiltrated data, and deployed the EarthKapre/RedCurl loader. Detect RedCurl/EarthKapre APT Attacks In 2024, state-sponsored cyber groups from China, […]

The post RedCurl/EarthKapre APT Attack Detection: A Sophisticated Cyber-Espionage Group Uses a Legitimate Adobe Executable to Deploy a Loader appeared first on SOC Prime.