company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO

Application Security Engineer

DevsecOps Engineer

IT Manager

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

CISA

loading..
loading..
loading..

Exploitation of Windows MSHTML Spoofing Vulnerability (CVE-2024-43461) by Void Banshee APT Group

Cybersecurity and Infrastructure Security Agency (CISA) recently issued a directive to all U.S. federal agencies

16-Sep-2024
6 min read

No content available.

Related Articles

loading..

Radix

Sarcoma ransomware attack on Radix leaks 1.3TB of Swiss government data, exposin...

Introduction A sophisticated ransomware attack has rocked Switzerland’s federal administration, exposing the nation’s persistent vulnerabilities to supply chain cyber threats. On June 16, 2025, the non-profit health foundation Radix, a trusted contractor for numerous Swiss federal offices, fell victim to the Sarcoma ransomware group. The fallout: 1.3 terabytes of sensitive data—ranging from official documents to private correspondence—now circulating on the dark web, and a government facing urgent questions about third-party risk management. H2: Anatomy of the Attack H3: The Sarcoma Group—A Rising Threat Sarcoma, first detected in late 2024, has rapidly evolved into a formidable cybercrime collective, specializing in double extortion attacks. Unlike traditional ransomware, Sarcoma’s operations blend data encryption with large-scale data theft, leveraging the threat of public leaks to pressure victims. The group’s tactics are highly targeted, relying on spear-phishing, exploitation of unpatched software, and lateral movement through remote access tools and credential theft. H3: Breaching Radix—Entry, Exfiltration, and Extortion Radix, based in Zurich, manages health and administrative projects for federal, cantonal, and municipal authorities. On June 16, Sarcoma infiltrated Radix’s systems, exfiltrated a massive trove of data, and encrypted internal files. When Radix refused to pay the ransom, Sarcoma published the stolen data—spanning financial records, contracts, and sensitive communications—on its dark web leak portal on June 29. H2: The Scale and Impact of the Data Leak H3: Federal Data in the Crosshairs Although Radix operates independently and holds no direct access to government IT systems, the breach’s impact is significant. As a contractor serving various federal offices, Radix stored and processed government data, now confirmed by Swiss authorities to have been leaked. The National Cyber Security Centre (NCSC) is leading the analysis to determine which agencies and datasets are affected, but the sheer volume—1.3TB—underscores the magnitude of the exposure. H3: What Was Exposed? The leaked archives reportedly include: Scans of official documents and IDs Financial statements and contracts Private correspondence and internal communications Potentially, personal data of individuals involved in government projects While Radix has notified affected individuals and maintains that there is no evidence of partner organization data being compromised, the investigation is ongoing and the risk of phishing, fraud, and identity theft remains high. H2: Supply Chain Attacks—A Recurring Swiss Vulnerability H3: Not an Isolated Incident This breach follows a troubling pattern in Switzerland. In 2024, a ransomware attack on Xplain, another government IT contractor, led to the leak of over 65,000 sensitive documents, including classified files and login credentials for federal agencies. These incidents highlight how attackers increasingly target third-party suppliers to circumvent direct government defenses. H3: Double Extortion and Public Leaks Sarcoma’s modus operandi—double extortion—mirrors a broader shift in ransomware strategy. By exfiltrating data before encryption, attackers gain leverage: even if victims refuse to pay, the threat of public exposure persists. In Radix’s case, the refusal to pay led directly to the data’s publication, amplifying the breach’s consequences and complicating incident response. H2: The Swiss Response and Lessons for the Future H3: Immediate Actions and Ongoing Investigation The NCSC, in coordination with Radix, law enforcement, and affected federal units, is conducting a comprehensive review to map the full extent of the breach. Authorities have urged vigilance, warning of increased phishing attempts leveraging leaked data. Radix has pledged transparency and is working to inform all potentially impacted individuals. H3: The Urgent Need for Supply Chain Security This incident underscores the critical importance of robust third-party risk management in government IT. As cybercriminals increasingly exploit supply chain weaknesses, Swiss authorities—and governments worldwide—face mounting pressure to enforce stricter security standards, conduct regular audits, and ensure rapid incident detection and response across all contractors and partners. Conclusion The Sarcoma ransomware attack on Radix is a stark reminder that a government’s cybersecurity posture is only as strong as its weakest supplier. As investigations continue and the scale of the exposure comes into sharper focus, Switzerland’s experience offers a cautionary tale for any nation reliant on third-party contractors to manage sensitive data and critical infrastructure. The challenge ahead: closing the supply chain gap before the next breach strikes. Relate

loading..   01-Jul-2025
loading..   4 min read
loading..

Cloudflare

Cloudflare has made a decisive leap in secure communications by open-sourcing Or...

Cloudflare has made a decisive leap in secure communications by open-sourcing Orange Meets, its group video calling app now equipped with robust end-to-end encryption (E2EE) based on the Messaging Layer Security (MLS) protocol[1][2][3]. This move positions Orange Meets as a transparent, standards-driven alternative for privacy-conscious developers, researchers, and encryption enthusiasts. **A New Standard for Video Call Security** Unlike most group video platforms that rely on a central Selective Forwarding Unit (SFU)—which can potentially access unencrypted media—Orange Meets encrypts all audio and video entirely on the client side using MLS, an IETF-standardized group key exchange protocol[1][2][3]. This ensures that even Cloudflare’s own infrastructure cannot access call content, closing a major privacy gap in scalable video conferencing. **Technical Innovations: MLS and the Designated Committer Algorithm** Orange Meets leverages a Rust-based MLS implementation, compiled to WebAssembly for browser compatibility, to provide continuous group key agreement. This enables forward secrecy and post-compromise security, essential for dynamic environments where participants may join or leave at any time[1][4][2][3]. To securely manage these membership changes, Cloudflare introduced the “Designated Committer Algorithm”—a client-side protocol that designates a participant to handle cryptographic updates, verified for correctness using formal TLA+ modeling[1][4][2][3]. **Transparency and Trust by Design** Each session displays a unique “safety number” for participants to verify out-of-band, preventing man-in-the-middle attacks and boosting user confidence in the system’s integrity[2][3]. The entire E2EE implementation is open source, allowing independent scrutiny and adaptation by the broader community. **A Prototype, Not a Zoom Rival—Yet** Cloudflare is clear: Orange Meets is a technical showcase and not a consumer-ready rival to Zoom or Teams[4][2]. It lacks many enterprise features and hasn’t undergone extensive security audits. However, as a proof-of-concept, it sets a new bar for open, verifiable E2EE in group video calls and provides a modular foundation for future secure communication tools[4][2][3]. **Implications for the Future of Encrypted Communications** Orange Meets’ open, standards-based approach could accelerate adoption of MLS across the industry, offering a blueprint for privacy-first video platforms at a time when trust in centralized infrastructure is waning[4][2][3]. Developers can experiment with the live demo or deploy their own instance using the public codebase, marking a significant step forward for transparent, secure, and scalable group communications.

loading..   30-Jun-2025
loading..   3 min read
loading..

ADC

Citrix

New CitrixBleed 2 flaw lets hackers hijack NetScaler sessions. Patch now and ter...

A newly discovered vulnerability in Citrix NetScaler ADC and Gateway, dubbed "CitrixBleed 2," enables unauthenticated attackers to hijack user sessions by exploiting a flaw in out-of-bounds memory [read](https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420) (CVE-2025-5777). This critical issue enables attackers to access sensitive data—including session tokens and credentials—from memory, potentially bypassing multi-factor authentication and taking over user sessions on public-facing gateways and virtual servers. The flaw affects NetScaler devices configured as a Gateway (such as VPN virtual servers, ICA Proxy, Clientless VPN, RDP Proxy) or an AAA virtual server, and impacts versions before 14.1-43.56, 13.1-58.32, and certain FIPS/NDcPP releases. A related high-severity vulnerability (CVE-2025-5349) also affects the NetScaler Management Interface, but requires access to specific management IPs. Security experts warn that, similar to the original "CitrixBleed" flaw (CVE-2023-4966), attackers can replay stolen session tokens to hijack accounts even after patching—unless all active sessions are terminated after the update. Mandiant CTO Charles Carmakal emphasized that failure to terminate sessions after patching led to significant breaches, including nation-state espionage and ransomware attacks, during the 2023 incident. Citrix urges administrators to: - Immediately update to the latest supported versions (14.1-43.56, 13.1-58.32, or relevant FIPS releases) - Review and terminate all active ICA and PCoIP sessions after updating, using commands like `kill icaconnection -all` and `kill pcoipconnection -all` - Upgrade from end-of-life versions (such as ADC/Gateway 12.1 non-FIPS and 13.0), which will not receive patches. Over 56,500 NetScaler endpoints are currently exposed online, underscoring the urgency for organizations to patch and secure their systems against this new threat.

loading..   27-Jun-2025
loading..   2 min read