Marking Your Own Homework (Check Point Remote Access VPN IKEv1 Authentication Bypass CVE-2026-50751)

It is yet another day in this parallel universe of security, where the devices we bolt onto the edge of our networks to keep the bad people out are, with remarkable consistency, the exact thing that let the bad people in. While we’ve seemingly had a breather from traditional

APT28, an evolution of tradecraft

Context Sekoia’s Threat Detection & Research (TDR) team has been tracking APT28 for several years. The intrusion set, also known as Fancy Bear, Forest Blizzard, Sofacy, Pawn Storm or Sednit and publicly attributed to the GRU’s Unit 26165, is one of the most prolific and persistent state-sponsored actors we monitor. Its operations span in two […]

SHEET#CREEP Espionage Return

Securonix Threat Research: Securonix analyzes SHEET#CREEP, a stealthy RAT that uses Google Sheets as a command-and-control channel, enabling persistent access, espionage, and cloud-based evasion.

RoguePlanet: Anatomy of the Nightmare Eclipse Microsoft Defender Zero-Day

Learn how autonomous penetration testing platforms use AI agents to scope, execute, validate, and revalidate real attack paths.

From SQLi to RCE - Exploiting LangGraph’s Checkpointer - Check Point Research

By Yarden Porat AI agents need memory. Frameworks like LangGraph provide it through checkpointers – persistence layers that store execution state. But what happens when that persistence layer isn’t locked down? Key Points Background LangGraph is an open-source framework for building stateful, multi-agent AI systems with built-in persistence. It’s an extension of LangChain, with over […]

Zscaler ThreatLabz 2026 Phishing and Initial Access Report

ThreatLabz 2026 report highlights: AI-driven phishing, encrypted delivery, real-time session compromise, and reconnaissance at scale—plus guidance to reduce initial acces

Deceptive Installers: How Fake Apps Target macOS | Huntress

Deceptive installers disguised as legit macOS software deliver infostealers that grab passwords, cookies, and crypto wallets. Learn how to detect them.

SilabRAT, What’s Your Power?

SilabRAT is an advanced Remote Access Trojan (RAT) sold as a Malware-as-a-Service (MaaS) on Darkweb forums. Developed by the threat actor "o1oo1," SilabRAT is heavily focused on financial gain through credential theft. It offers stability and is capable of bypassing existing security measures.

Seeing Through the Tunnel: Leveraging SIEM  Detections to Expose Malicious SSL VPN Authentications 

Threat actors are increasingly using compromised SSL VPN credentials to access corporate networks. Learn how SIEM detections identify malicious VPN authentications before lateral movement and ransomware attacks begin.

Who Runs the Ransomware Group ‘The Gentlemen?’ – Krebs on Security