Threat actors operating the Interlock ransomware, known for executing high-impact double-extortion attacks across various global industries, have re-emerged in the cyber threat landscape. Attackers have recently deployed a new PHP-based version of its custom RAT in a large-scale campaign, leveraging a modified ClickFix variant known as FileFix to target organizations across multiple sectors. Detect Interlock […]

The post Interlock Ransomware Detection: Adversaries Deploy a Novel PHP-Based RAT Variant via FileFix appeared first on SOC Prime.

Following the recent disclosure of CVE-2025-47981, a critical heap-based buffer overflow in Windows SPNEGO Extended Negotiation, security teams now face another major threat, this time affecting Fortinet’s FortiWeb web application firewall. Designated as CVE-2025-25257 and assigned a CVSS score of 9.6, this vulnerability is an unauthenticated SQL injection flaw that allows attackers to execute arbitrary […]

The post CVE-2025-25257 Vulnerability: Critical SQL Injection in Fortinet FortiWeb Enables Unauthenticated Remote Code Execution appeared first on SOC Prime.

With over 1.4 billion devices running Windows and widespread adoption of Microsoft 365 and Azure, Microsoft technologies continue to form the foundation of modern enterprise infrastructure. However, this ubiquity also makes them an attractive target for threat actors. According to the 2025 BeyondTrust Microsoft Vulnerabilities Report findings, 2024 saw a record-breaking 1,360 Microsoft-related vulnerabilities — […]

The post CVE-2025-47981: Critical Heap-Based Buffer Overflow Vulnerability in Windows SPNEGO Extended Negotiation Leads to RCE appeared first on SOC Prime.

The 2025 Verizon Data Breach Investigations Report (DBIR) underscores that ransomware remains a prevalent threat, detected in 44% of breaches—an increase from 32% in the previous year’s analysis. With average ransom payments reaching $2 million in 2024, the financial reward is fueling the rise of ransomware activity. As a result, more cybercriminals are turning to […]

The post BERT Ransomware Group Activity Detection: Attacks Across Asia, Europe, and the U.S. Targeting Windows and Linux Platforms appeared first on SOC Prime.

Shortly after the disclosure of two Sudo-related local privilege escalation vulnerabilities affecting major Linux distributions, attention has shifted to a critical security issue in NetScaler ADC, which has already been exploited in the wild. The vulnerability tracked as CVE-2025-5777 is characterized as a memory overflow issue that may lead to unexpected control flow and potential […]

The post CVE-2025-5777 Detection: A New Critical Vulnerability Dubbed “CitrixBleed 2” in NetScaler ADC Faces Exploitation Risk appeared first on SOC Prime.

Following the disclosure of two local privilege escalation (LPE) vulnerabilities, CVE-2025-6018 and CVE-2025-6019, less than a month ago, that impact major Linux distributions, a new wave of security flaws targeting Linux systems has recently emerged. Security researchers have identified two local privilege escalation vulnerabilities, tracked as CVE-2025-32462 and CVE-2025-32463, that affect a widely used Sudo […]

The post CVE-2025-32463 and CVE-2025-32462: Sudo Local Privilege Escalation Vulnerabilities Threaten Linux Environments appeared first on SOC Prime.

As the summer heat intensifies, so does the wave of critical vulnerabilities heating up the cyber threat landscape. Hot on the heels of the disclosure of the CVE-2025-49144 vulnerability in Notepad++, multiple critical flaws in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) have come to light. The newly identified flaws tracked […]

The post CVE-2025-20281 and CVE-2025-20282 Vulnerabilities: Critical RCE Flaws in Cisco ISE and ISE-PIC Enable Root Access appeared first on SOC Prime.

The summer season has proven to be alarmingly hot, not due to rising temperatures, but because of a surge in critical cybersecurity vulnerabilities. Threat actors have ramped up exploitation efforts, targeting widely used software and systems. Recent examples include CVE-2025-6018 and CVE-2025-6019, two local privilege escalation (LPE) flaws targeting major Linux distributions, as well as […]

The post CVE-2025-49144 Vulnerability: Critical Privilege Escalation Flaw in Notepad++ Leads to Full System Takeover appeared first on SOC Prime.

The nefarious nation-backed russian hacking collective known as UAC-0001 (aka APT28) reemerges in the cybersecurity spotlight. Over a year ago, in the spring of 2024, the CERT-UA team was investigating an incident targeting state executive bodies and identified a Windows-based server. In May 2025, ESET shared timely intelligence indicating unauthorized access to an email account […]

The post UAC-0001 (APT28) Activity Detection: The russian State-Sponsored Group Targets Government Agencies Using BEARDSHELL and COVENANT Malware appeared first on SOC Prime.

June has been a challenging month for cybersecurity teams, with a wave of high-impact vulnerabilities disrupting the threat landscape. After the disclosure of a newly patched XSS zero-day in Grafana (CVE-2025-4123), affecting over 46,500 active instances, two other critical flaws have surfaced that can be chained together, significantly increasing the potential for exploitation. Adversaries can […]

The post CVE-2025-6018 and CVE-2025-6019 Vulnerability Exploitation: Chaining Local Privilege Escalation Flaws Lets Attackers Gain Root Access on Most Linux Distributions appeared first on SOC Prime.