company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO

Application Security Engineer

DevsecOps Engineer

IT Manager

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Healthcare

ANPD

CoVID19

loading..
loading..
loading..

50TB of COVID19 vaccination data risked in a cyberattack at Brazilian Ministry of Health, linked to Lapsus$

Lapsus$ group strikes at the website of the Brazilian Ministry of Health twice within a week and extracts 50TB of vaccine and immunization data of citizens...

18-Dec-2021
2 min read

No content available.

Related Articles

loading..

Vulnerability

Cisco fixes a severe Unified CM flaw exposing systems to root access. Learn abou...

Cisco has released a critical security update for its Unified Communications Manager (Unified CM, formerly CallManager), addressing a severe vulnerability that left enterprise telephony systems exposed to remote root access. The flaw, tracked as CVE-2025-20309, was caused by a hardcoded root SSH account present in several recent Engineering Special (ES) releases, allowing unauthenticated attackers to gain full control over affected systems. This vulnerability underscores the ongoing challenge of secure software development and the risks posed by overlooked backdoors in widely deployed enterprise infrastructure. ### What Is the Cisco Unified CM Backdoor Vulnerability? The vulnerability was discovered in Unified CM and Unified CM SME ES releases 15.0.1.13010-1 through 15.0.1.13017-1. Due to a static root credential left over from development and testing, attackers could remotely log in via SSH as root, bypassing all authentication and security controls. Once inside, an attacker could execute arbitrary commands, access sensitive data, disrupt communications, or pivot deeper into enterprise networks. Cisco confirmed that all deployments running the affected ES releases are at risk, regardless of configuration. There are currently no workarounds—patching is mandatory to mitigate exposure. ### Who Is at Risk? Organizations using Cisco Unified CM or Unified CM SME in the specified versions are directly at risk. Unified CM is a core component of enterprise communication, managing VoIP, video, messaging, and conferencing for thousands of organizations worldwide. The presence of a root backdoor in such a critical system elevates the risk profile, as a compromise could lead to widespread operational disruption and data breaches. ### How Was the Issue Discovered and Addressed? Cisco’s internal security team identified the hardcoded account during a routine review. The company responded by releasing a patch in July 2025 (15SU3) and a targeted fix (CSCwp27755) that removes the backdoor account. Cisco has also published indicators of compromise to help administrators detect any unauthorized root access attempts, including guidance to review SSH logs for suspicious activity. No active exploitation or public proof-of-concept code has been reported as of publication, but Cisco’s transparency and rapid response reflect the criticality of the threat. Detection and Remediation Steps Immediate actions for administrators: Patch immediately: Upgrade to Unified CM or Unified CM SME 15SU3 or apply the CSCwp27755 patch. ### Recurring Backdoor Risks This is not the first time Cisco has addressed hardcoded credentials in its products. Similar backdoors have been discovered in IOS XE, WAAS, DNA Center, and other Cisco software over recent years, highlighting a persistent industry challenge: ensuring that development artifacts and test accounts are fully removed before release. The recurrence of such issues emphasizes the need for rigorous code audits, secure development practices, and continuous security testing. ### Best Practices for Enterprise Security - **Apply security patches promptly:** Delays in patching expose organizations to preventable risks. - **Conduct regular audits:** Routinely review systems for unauthorized accounts, unexpected open ports, and suspicious activity. - **Implement least privilege:** Restrict administrative access and monitor privileged account usage. The discovery and swift remediation of the Unified CM backdoor root account serve as a critical reminder of the importance of secure software development and proactive vulnerability management in enterprise environments. Organizations running Cisco Unified CM must act immediately to patch affected systems, audit for compromise, and reinforce security best practices to protect their communications infrastructure from evolving threats.

loading..   02-Jul-2025
loading..   3 min read
loading..

Radix

Sarcoma ransomware attack on Radix leaks 1.3TB of Swiss government data, exposin...

A sophisticated ransomware attack has rocked Switzerland’s federal administration, exposing the nation’s persistent vulnerabilities to supply chain cyber threats. On June 16, 2025, the non-profit health foundation Radix, a trusted contractor for numerous Swiss federal offices, fell victim to the Sarcoma ransomware group. The fallout: 1.3 terabytes of sensitive data—ranging from official documents to private correspondence—now circulating on the dark web, and a government facing urgent questions about third-party risk management. ## Anatomy of the Attack ### Sarcoma Group—A Rising Threat Sarcoma, first detected in late 2024, has rapidly evolved into a formidable cybercrime collective, specializing in double extortion attacks. Unlike traditional ransomware, Sarcoma’s operations blend data encryption with large-scale data theft, leveraging the threat of public leaks to pressure victims. The group’s tactics are highly targeted, relying on spear-phishing, exploitation of unpatched software, and lateral movement through remote access tools and credential theft. ### Breaching Radix—Entry, Exfiltration, and Extortion Radix, based in Zurich, manages health and administrative projects for federal, cantonal, and municipal authorities. On June 16, Sarcoma infiltrated Radix’s systems, exfiltrated a massive trove of data, and encrypted internal files. When Radix refused to pay the ransom, Sarcoma published the stolen data—spanning financial records, contracts, and sensitive communications—on its dark web leak portal on June 29. ## Scale and Impact of the Data Leak ### Federal Data in the Crosshairs Although Radix operates independently and holds no direct access to government IT systems, the breach’s impact is significant. As a contractor serving various federal offices, Radix stored and processed government data, now confirmed by Swiss authorities to have been leaked. The National Cyber Security Centre (NCSC) is leading the analysis to determine which agencies and datasets are affected, but the sheer volume—1.3TB—underscores the magnitude of the exposure. ### What Was Exposed? The leaked archives reportedly include: - Scans of official documents and IDs - Financial statements and contracts - Private correspondence and internal communications - Potentially, the personal data of individuals involved in government projects While Radix has notified affected individuals and maintains that there is no evidence of partner organization data being compromised, the investigation is ongoing, and the risk of phishing, fraud, and identity theft remains high. ## Supply Chain Attacks—A Recurring Swiss Vulnerability ### Not an Isolated Incident This breach follows a troubling pattern in Switzerland. In 2024, a ransomware attack on Xplain, another government IT contractor, led to the leak of over 65,000 sensitive documents, including classified files and login credentials for federal agencies. These incidents highlight how attackers increasingly target third-party suppliers to circumvent direct government defenses. ### Double Extortion and Public Leaks Sarcoma’s modus operandi—double extortion—mirrors a broader shift in ransomware strategy. By exfiltrating data before encryption, attackers gain leverage: even if victims refuse to pay, the threat of public exposure persists. In Radix’s case, the refusal to pay led directly to the publication of the data, amplifying the breach’s consequences and complicating the incident response. ## Swiss Response and Lessons for the Future ### Immediate Actions and Ongoing Investigation. The NCSC, in coordination with Radix, law enforcement, and affected federal units, is conducting a comprehensive review to map the full extent of the breach. Authorities have urged vigilance, warning of increased phishing attempts leveraging leaked data. Radix has pledged transparency and is working to inform all individuals who may be potentially impacted. ## Urgent Need for Supply Chain Security This incident underscores the critical importance of robust third-party risk management in government IT. As cybercriminals increasingly exploit supply chain weaknesses, Swiss authorities—and governments worldwide—face mounting pressure to enforce stricter security standards, conduct regular audits, and ensure rapid incident detection and response across all contractors and partners.

loading..   01-Jul-2025
loading..   4 min read
loading..

Cloudflare

Cloudflare has made a decisive leap in secure communications by open-sourcing Or...

Cloudflare has made a decisive leap in secure communications by open-sourcing Orange Meets, its group video calling app now equipped with robust end-to-end encryption (E2EE) based on the Messaging Layer Security (MLS) protocol[1][2][3]. This move positions Orange Meets as a transparent, standards-driven alternative for privacy-conscious developers, researchers, and encryption enthusiasts. **A New Standard for Video Call Security** Unlike most group video platforms that rely on a central Selective Forwarding Unit (SFU)—which can potentially access unencrypted media—Orange Meets encrypts all audio and video entirely on the client side using MLS, an IETF-standardized group key exchange protocol[1][2][3]. This ensures that even Cloudflare’s own infrastructure cannot access call content, closing a major privacy gap in scalable video conferencing. **Technical Innovations: MLS and the Designated Committer Algorithm** Orange Meets leverages a Rust-based MLS implementation, compiled to WebAssembly for browser compatibility, to provide continuous group key agreement. This enables forward secrecy and post-compromise security, essential for dynamic environments where participants may join or leave at any time[1][4][2][3]. To securely manage these membership changes, Cloudflare introduced the “Designated Committer Algorithm”—a client-side protocol that designates a participant to handle cryptographic updates, verified for correctness using formal TLA+ modeling[1][4][2][3]. **Transparency and Trust by Design** Each session displays a unique “safety number” for participants to verify out-of-band, preventing man-in-the-middle attacks and boosting user confidence in the system’s integrity[2][3]. The entire E2EE implementation is open source, allowing independent scrutiny and adaptation by the broader community. **A Prototype, Not a Zoom Rival—Yet** Cloudflare is clear: Orange Meets is a technical showcase and not a consumer-ready rival to Zoom or Teams[4][2]. It lacks many enterprise features and hasn’t undergone extensive security audits. However, as a proof-of-concept, it sets a new bar for open, verifiable E2EE in group video calls and provides a modular foundation for future secure communication tools[4][2][3]. **Implications for the Future of Encrypted Communications** Orange Meets’ open, standards-based approach could accelerate adoption of MLS across the industry, offering a blueprint for privacy-first video platforms at a time when trust in centralized infrastructure is waning[4][2][3]. Developers can experiment with the live demo or deploy their own instance using the public codebase, marking a significant step forward for transparent, secure, and scalable group communications.

loading..   30-Jun-2025
loading..   3 min read