NightSpire Ransomware Attack Chain, Tools and Tactics
Key Takeaways NightSpire is a ransomware family first identified in early 2025 using double extortion, stealing files before encryption and threatening to leak them on a Tor-based site if victims refuse to ...
What Is an Insider Threat?
Key Takeaways An insider threat is anyone with authorized access to systems, data, or facilities who uses access to cause harm, including current employees, contractors, vendors, business partners, and former staff with ...
Dirty Frag LPE: CVE-2026-43284 and CVE-2026-43500 Deep Dive
Key Takeaways Dirty Frag is a Linux kernel vulnerability class that chains two bugs (CVE-2026-43284 and CVE-2026-43500) to achieve root privileges on most Linux distributions by writing attacker-controlled data directly into read-only ...
CVE-2026-3055 & CVE-2026-4368: Inside the NetScaler “CitrixBleed 3” Memory Overread
Key Points CVE-2026-3055 is a critical (CVSS v4.0 9.3) unauthenticated memory overread vulnerability in Citrix NetScaler ADC and NetScaler Gateway appliances configured as SAML Identity Providers. Attackers send malformed requests to /saml/login ...
Vulnerability Prioritization in 2026: Why CVSS Isn’t Enough
Key Findings Volume vs. Capacity – Organizations face a 40% YoY increase in vulnerabilities (~135 new CVEs daily), yet the average enterprise only has the bandwidth to remediate 10–15% of its backlog ...
TTPs used by DEV-0586 APT Group in WhisperGate Attack Targeting Ukraine
On January 15, 2021, Microsoft Threat Intelligence Center (MSTIC) published a blog post stating that nation-state threat group DEV-0586 has been conducting destructive malware operations on Ukrainian organizations. In this blog, we ...
Picus Threat Library Is Updated for Flagpro Malware of BlackTech Group
Picus Labs has updated the Picus Threat Library with new attack methods for Flagpro malware of BlackTech. BlackTech APT group BlackTech (also known as Circuit Panda, Radio Panda, TEMP.Overboard, HUAPI, Palmerworm) is ...
TTPs and IOCs Used by MuddyWater APT Group in Latest Attack Campaign
United States Cyber Command (USCYBERCOM) issued an alert today (January 13, 2022), reporting malicious cyber operations by Iranian MOIS (Ministry of Intelligence and Security) sponsored MuddyWater APT (advanced persistent threat) group. MuddyWater ...
10 Lessons Learned from the Top Cyber Threats of 2021
2021 was a busy year for the cyber security community. Emerging threats posed many challenges to security professionals and created many opportunities for threat actors. Picus has curated a list of the ...
Picus Threat Library Is Updated for Trojans Targeting Banks in Latin America
Picus Labs has updated the Picus Threat Library with new attack methods for Krachulka, Lokorrito, Zumanek Trojans that are targeting banks in Brazil, Mexico, and Spain. In this blog, techniques used by ...
