The leaked internal chat communications of the Black Basta ransomware group offer an unprecedented view into how cybercriminals operate, plan attacks, and evade detection. The Veriti Research team analyzed these chat logs, revealing our favorite exploits, security measures they bypass, and the defenses they fear most. Veriti Research analyzed these ... Read More

A newly discovered 0-click NTLM authentication bypass vulnerability has resurfaced within Microsoft Telnet Server implementations, exposing a dangerous flaw in outdated yet still-operational systems. Veriti research reveals that this vulnerability, requiring no user interaction, enables remote attackers to exploit NTLM authentication mechanisms and potentially gain unauthorized access. This attack vector ... Read More

By Veriti Research, April 24th  The infamous “Nigerian prince” scam, once a laughable email trope, has taken on a far more dangerous form in the era of Generative AI (GenAI). Veriti Research has uncovered a new campaign that demonstrates just how sophisticated and personalized these scams have become, leveraging deepfake ... Read More

We asked an AI agent to analyze the latest shift in U.S. cybersecurity policy, comparing past strategies under Biden to the new 2025 Trump Executive Order. The result? A surprisingly structured analysis that maps out the core philosophical and operational differences, from federal-led resilience to localized risk ownership.  But this ... Read More

Veriti Research has identified a significant rise in tax-related malware samples across multiple platforms. The research team discovered malware samples targeting Android, Linux, and Windows, all connected to the same adversary operating from a single IP address.  We believe the attacker is running multiple parallel campaigns and using “Malware-as-a-Service” tools ... Read More

Veriti research recently analyzed stolen data that was published in a telegram group named “Daisy Cloud” (potentially associated with the RedLine Stealer), exposing the inner workings of a cybercrime marketplace. This group offers thousands of stolen credentials in an ongoing basis across a wide range of services, from crypto exchanges ... Read More

In 2023, a massive data breach at 23andMe shook the foundation of the consumer genomics industry. Fast forward to today, the company has filed for bankruptcy. From Veriti’s perspective, this incident highlights the devastating consequences of failing to secure deeply sensitive personal data, especially when that data reaches beyond individuals ... Read More

As the new Snow White movie arrives in theaters with lackluster audience attendance (source), the absence of streaming options on platforms like Disney+ has nudged many users to seek pirated versions online.  From our perspective, this kind of consumer behavior isn’t new, every high-profile movie release without a digital option ... Read More

The Veriti research team has analyzed the latest cloud vulnerabilities, revealing critical security risks, attack patterns, and real world exploitation cases.  Our findings highlight the top vulnerability categories, the most exploited CVEs, and the actors leveraging these weaknesses. In this report, we delve into key cloud security threats and provide ... Read More

Attackers are actively targeting OpenAI, exploiting CVE-2024-27564, a Server-Side Request Forgery (SSRF) vulnerability in OpenAI’s ChatGPT infrastructure. Veriti’s latest research reveals that this vulnerability, despite being classified as medium severity, has already been weaponized in real world attacks.  Our research uncovers:  This research highlights a crucial takeaway: No vulnerability is ... Read More