🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
CATEGORIES

Adversary Intelligence

Articles in Blog Posts

April 17, 2026

RedSun: Windows 0day when Defender becomes the attacker

RedSun exposes a critical logic flaw in Windows Defender that allows a standard user to escalate privileges to SYSTEM without admin rights or kernel exploits. By exploiting a missing reparse point validation during file restoration, attackers can redirect Defender’s write operation into System32 and execute arbitrary code. The attack is reliable, unpatched, and affects modern Windows systems with Defender enabled, making it a serious security concern.

Written by

CloudSEK TRIAD

April 9, 2026

Kitten Had the Map all Along : RAISING GCC TENSIONS & THE PRE-POSITIONING MAP

A new CloudSEK report reveals that Iran-linked APT35 (Charming Kitten) conducted years of cyber reconnaissance across GCC nations before coordinated missile strikes, suggesting cyber operations directly enabled kinetic targeting. Critical infrastructure across UAE, Saudi Arabia, Qatar, and others was pre-profiled and in some cases breached. The report highlights a dangerous shift—cyber warfare is no longer support, but a frontline weapon in modern conflict.

Written by

April 7, 2026

Hardcoded Google API Keys in Top Android Apps Now Expose Gemini AI

CloudSEK's BeVigil has identified 32 hardcoded Google API keys across 22 popular Android applications that inadvertently grant unauthorized access to Google's Gemini AI (Generative Language API) including uploaded datasets and cached contents.

Written by

Tuhin Bose

April 7, 2026

Large Scale Traffic Brokerage Campaign using Fake Lures targeting Global Brands Across Multiple Regions

This isn’t just another phishing campaign—it’s a global, industrial-scale traffic brokerage operation. CloudSEK uncovers how attackers are using over 300 trusted brands across 100+ countries to lure users through fake offers, profile them in real time, and funnel high-value victims into scams like crypto fraud and account takeovers. With thousands of active domains and highly localized tactics, the report exposes how cybercrime is becoming smarter, scalable, and dangerously efficient.

Written by

Bhavarth Karmarkar

April 1, 2026

The Scanner Was the Weapon: 36 Months of Precision Supply Chain Attacks Against DevSecOps Infrastructure

CloudSEK’s report uncovers a worrying pattern: over 36 months, attackers systematically targeted DevSecOps tools themselves—compromising trusted scanners, CI/CD pipelines, and open-source dependencies to steal credentials at scale. From 23,000 affected repositories to blockchain-based C2 infrastructure, these precision attacks show one thing clearly—security tools are now the most valuable attack surface.

Written by

Irshad Ahamed

The Rise and Fall of RAMP: Inside the Forum Where Ransomware Was Always Welcome

CloudSEK’s latest report traces the lifecycle of RAMP, a ransomware-friendly underground forum that operated from 2021 until its FBI seizure in January 2026. Built as a safe haven for cybercriminals, it connected ransomware groups, affiliates, and access brokers at scale. Its takedown has fragmented the ecosystem, pushing actors into smaller, harder-to-track communities—raising new challenges for global cyber defense. Read the full report for a deeper look into how ransomware networks evolve and adapt.

Written by

CloudSEK TRIAD

Articles in Threat Intelligence

November 15, 2023

Critical CSRF Vulnerability in IBM CICS TX - CVE-2023-42027 Demands Immediate Action

CVE-2023-42027 IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multi platforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts

November 6, 2023

CVE-2023-43792 baserCMS is a website development framework vulnerable to Code Injection attacks

CVE-2023-43792 is a code injection vulnerability in the mail form of baserCMS versions 4.6.0 to 4.7.6. This vulnerability allows an attacker to inject arbitrary code into the baserCMS application, which could then be executed by other users of the application.

November 6, 2023

CVE-2023-4197 Vulnerability in Dolibarr ERP CRM 18.0.1 Allows PHP Code Injection

CVE-2023-4197 Improper input validation in Dolibarr ERP CRM v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code

September 8, 2023

Hoze shell script dropped along with XMRig miners on misconfigured SSH Servers by Brute Forcing

CloudSEK’s Threat Intelligence Team uncovered a campaign, actively running from the past 1.8 years, that attacks and brute forces the SSH. 

September 4, 2023

3,20,000+ Patient Records From Ayush Jharkhand Gov. In Shared On Dark Web Hacking Forums

A hacker known as Tanaka has exposed over 320,000 patient records from ayush.jharkhand.gov.in, detailing personal and medical information. The 7.3 MB database leak includes sensitive data from the AYUSH ministry's site

August 28, 2023

Rogue Scripts Are Exploiting OTP Verification APIs To Send Heaps of OTP SMSes, Hold The Potential Of Triggering Service Disruptions.

Discover how CloudSEK's AI-powered XVigil platform identified concerning GitHub repositories mentioning Indian companies and their APIs.

Join 10,000+ subscribers

Keep up with the latest news about strains of Malware, Phishing Lures,
Indicators of Compromise, and Data Leaks.