Threat Advisories:

Unmasking Airstalk’s Covert Supply Chain Intrusion WordPress Plugin Bug CVE-2025-11833 Hands Hackers the Admin Throne Silent Lynx APT: Espionage Operations Targeting Central Asia’s Critical Infrastructure SleepyDuck: Trojan Nesting in the Open VSX Marketplace Operation SkyCloak: Covert Cyber Strikes on Russian and Belarusian Military Personnel Typosquatted npm Packages Execute Stealthy CredentialTheft Operation Hijackloader Strikes Colombia with PureHVNC Vietnamese Actors Use Recruitment Lures for Espionage and Theft Qilin Ransomware Surge: A Growing Global Threat to Critical Sectors ClickOnce Deception: SideWinder’s New Path to Diplomats The Gift Card Grinch Uncovered in the Jingle Thief Campaign WordPress Sites Under Siege by Old Critical Flaws Transparent Tribe’s DeskRAT Campaign Targets Indian Military Systems SessionReaper Flaw Enables Seamless Session Hijacking on Adobe Commerce CVE‑2025‑61932: Critical Lanscope Endpoint Manager Flaw Actively Exploited Lazarus Targets Europe’s UAV Innovation October 2025 Linux Patch Roundup MuddyWater Deploys Phoenix Backdoor in Targeted Espionage Campaign Critical Cloud Threat: Azure Blob Storage Under Active Attack Operation Silk Lure Scam: When Job Hunts Leads to Malware

Highlights of Our CISO Dinner

Upgrading struggling vulnerability management programs to Threat Exposure Management, with Host, CISO Al Lindseth formerly from Plains All American Pipeline and PWC - 6 minute podcast

0:00

0:00

Play Count: Loading...

Partner Program

Book a Demo Threat Digest - Subscribe

A Deserialization Vulnerability Found in Apache Dubbo

Threat Level – Amber | Vulnerability Report

Apache has released a security notice for a deserialization vulnerability (CVE-2023-23638) in Apache Dubbo that allows remote attackers to execute arbitrary code on the target system.

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox