In June 2026, the U.S. government stopped using severity scores to decide what to patch first. The model that replaces it is better, but it asks a question most security programs cannot yet answer. On June 10, 2026, CISA issued Binding Operational Directive 26-04, “Prioritizing Security Updates Based on Risk.” ... Read More

United States Cyber Command (USCYBERCOM) issued an alert today (January 13, 2022),  reporting malicious cyber operations by Iranian MOIS (Ministry of Intelligence and Security) sponsored MuddyWater APT (advanced persistent threat) group. MuddyWater (also known as TEMP.Zagros, Static Kitten, Seedworm, and Mercury) is a threat group that primarily targets telecommunications, government, ... Read More

Picus Labs has updated the Picus Threat Library with new attack methods for Krachulka, Lokorrito, Zumanek Trojans that are targeting banks in Brazil, Mexico, and Spain. In this blog, techniques used by these malware families will be explored. Banking trojans have a significant role in the cybercrime scene in Latin ... Read More

The Apache Log4j vulnerability wreaking havoc has a far greater impact than anticipated. We published a detailed blog post about the CVE-2021-44228 Log4j vulnerability and its exploitation on Friday, 10th December. However, in the past three days, we have seen that there is still a great panic despite a patch ... Read More

Picus Labs has updated the Picus Threat Library with attacks that exploit CVE-2021-44228 Remote Code Execution (RCE) vulnerability affecting Apache Log4j - the ubiquitous Java logging library. What is the CVE-2021-44228 Log4j Unauthenticated RCE Vulnerability? Apache Log4j versions prior to 2.15.0 do not protect against attacker-controlled LDAP and other JNDI-related ... Read More

US CISA (Cybersecurity and Infrastructure Security Agency), the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC) issued a joint alert (AA21-321A)  on November 17, 2021,  highlighting that ongoing malicious cyber activity by an advanced persistent threat (APT) group ... Read More

As we all observed, the number of ransomware attacks increased dramatically in 2021. Since late 2020, the Ranzy Locker ransomware has been responsible for dozens of high-profile breaches. Essentially, Ranzy is a rebranded and improved version of the ThunderX ransomware. Since a free decryption tool of ThunderX is released, Ranzy ... Read More

Summary BlackMatter is a ransomware-as-a-service (RaaS) affiliate program launched in July 2021. "The project has incorporated in itself the best features of DarkSide, REvil, and LockBit," according to the BlackMatter ransomware group. They typically attack Windows and Linux servers and frequently collaborate with initial access brokers (IABs) to facilitate further ... Read More