Insights

In our latest interview with Ryan Vargas, we got a firsthand look at what's fuelling his drive this season-upcoming races, continued team growth, and the strong foundation built through our ongoing partnership with Critical Path Security. All Eyes on Chicago and Canada Ryan shared his excitement about the next stops on the schedule: Chicago and Canada. With travel plans in motion and preparations underway, the team is dialed in for what promises to be a high-stakes stretch of the season. These events offer not just track time, but the chance to go head-to-head with some of the best in the business. A Dream Realized at CTMP One standout on the calendar? Canadian Tire Motorsport Park (CTMP). For Ryan, this race carries personal significance. "CTMP has always been on my bucket list," he told us. "To finally get the chance to race there is huge-it's something I've looked forward to for…

On May 21, 2025, CISA and international cybersecurity authorities issued CSA AA25-141A, attributing a sophisticated espionage campaign to GRU Unit 26165 (APT28/Fancy Bear). These operations have targeted logistics and IT support organizations involved in foreign aid to Ukraine. Zeek Threat Intelligence Feed - Download Summary of Threat Campaign APT28 uses diverse tactics to infiltrate and persist in networks, combining spearphishing, zero-day exploitation, credential attacks, and post-exploitation frameworks to exfiltrate sensitive operational data. Common Techniques Used: Initial Access Credential stuffing and brute-force attacks via Tor and commercial VPNs Spearphishing with links to spoofed login pages Exploitation of CVEs, including: CVE-2023-23397 (Outlook NTLM hash leak) CVE-2023-38831 (WinRAR exploit) Roundcube CVEs: 2020-12641, 2020-35730, 2021-44026 Lateral Movement & Persistence Deployment of OpenSSH for command/control Use of native tools like Impacket, PsExec, Certipy, ADExplorer Lateral RDP access and NTDS.dit extraction Scheduled task creation with schtasks Data Collection & Exfiltration Abuse of mailbox permissions for persistent…

Modern software is built on open-source. Developers rely on public repositories like npm, PyPI, and Maven Central to move fast, avoid reinventing the wheel, and ship updates continuously. But this speed and openness come at a cost: your software supply chain is now a primary attack surface. Attackers have figured this out-and they're exploiting it. How Open-Source Dependencies Become Attack Vectors Open-source packages are easy to install and often trusted implicitly. That's exactly what makes them so appealing to threat actors. Here's how attackers are weaponizing open-source: 1. Typosquatting Malicious packages are uploaded with names that closely mimic legitimate libraries (e.g., expresss instead of express). If a developer makes a typo or auto-installs a dependency, they may unknowingly install malware. 2. Hijacked or Abandoned Projects Attackers take over dormant projects-sometimes by buying expired domains or credentials-and inject malicious code into new releases. Users update as usual, unaware of the compromise.…