SENTINEL INTELLIGENCE PROTOCOL  ·  TLP:WHITE  ·  AUTHORIZED DISTRIBUTION ONLY

BREAKING
CRITICAL · CVE-2025-7731 actively exploited in Fortinet FortiGate — CISA Emergency Directive 25-04 issued — patch immediatelyAPT28 attributed to coordinated attacks on European energy grid infrastructure — NATO cyber alliance emergency session convenedNew Windows CLFS kernel zero-day exploited in targeted campaigns against defense contractors — patch in KB5040528FBI: $4.73B lost to cybercrime in FY2024 — ransomware primary vector for critical infrastructure attacks for third consecutive yearJoint FBI-Europol operation dismantles 403,000-node HYDRUS botnet across 47 countries — three arrests confirmedCloudflare reports 412% surge in DDoS amplification attacks targeting financial services sector Q1 2025Salt Typhoon remains active in U.S. telecommunications networks — Senate Intelligence Committee briefed on scopeCRITICAL · CVE-2025-7731 actively exploited in Fortinet FortiGate — CISA Emergency Directive 25-04 issued — patch immediatelyAPT28 attributed to coordinated attacks on European energy grid infrastructure — NATO cyber alliance emergency session convenedNew Windows CLFS kernel zero-day exploited in targeted campaigns against defense contractors — patch in KB5040528FBI: $4.73B lost to cybercrime in FY2024 — ransomware primary vector for critical infrastructure attacks for third consecutive yearJoint FBI-Europol operation dismantles 403,000-node HYDRUS botnet across 47 countries — three arrests confirmedCloudflare reports 412% surge in DDoS amplification attacks targeting financial services sector Q1 2025Salt Typhoon remains active in U.S. telecommunications networks — Senate Intelligence Committee briefed on scope
CRITICAL
THREAT LEVEL ASSESSMENT
CRITICAL INFRASTRUCTURE·FEATURED BRIEF

Zero-Day in Siemens SCADA Software Actively Exploited Across 340 North American Grid Operators

A previously undisclosed vulnerability in Siemens WinCC OA SCADA software has been confirmed under active exploitation by a threat actor assessed with high confidence as a nation-state affiliate targeting energy grid control infrastructure.

Marcus Reinholt·2025-06-10·8 MIN READ
LATEST INTELLIGENCE
HIGH

Kimsuky Threat Group Integrates LLM-Generated Content Into Spear-Phishing Infrastructure

2025-06-06·THREAT INTELLIGENCE
MEDIUM

Operation NEXUS DRAIN: Joint Task Force Dismantles 403,000-Node Botnet Infrastructure

2025-06-04·LAW ENFORCEMENT
ANALYSIS

The Widening Gap: Critical Infrastructure Cyber Defense in an Era of Persistent Nation-State Threats

2025-06-02·ANALYSIS
HIGH

Ransomware Group Claims Breach of Major US Water Utility Affecting 2.1 Million Customers

2025-06-01·CRITICAL INFRASTRUCTURE
RECENT INTELLIGENCE BRIEFS(3)
VIEW ALL →
VULNERABILITIESCRITICAL

CISA Issues Emergency Directive Following Confirmed FortiGate Zero-Day Exploitation

Emergency Directive 25-04 mandates federal agencies apply critical patches to Fortinet FortiGate SSL-VPN appliances within 48 hours after confirmation of active exploitation by a nation-state adversary.

Devon Marchetti·2025-06-11·4 MIN READ
THREAT INTELLIGENCEHIGH

APT41 Deploys Novel PhantomStrike Ransomware in Coordinated Healthcare Sector Campaign

China-nexus threat group APT41 has pivoted to double-extortion ransomware operations targeting hospital networks across six countries, deploying a previously unseen payload researchers are calling PhantomStrike.

Lena Kirchberg·2025-06-09·6 MIN READ
ANALYSISANALYSIS

Anatomy of a Supply Chain Intrusion: Tracking the Lazarus Group's 18-Month Operation

An exclusive deep-dive investigation into a sophisticated software supply chain campaign attributed to North Korea's Lazarus Group that compromised 47 downstream organizations through a single poisoned open-source dependency.

Ingrid Solberg·2025-06-07·14 MIN READ
ACTIVE THREAT INTELLIGENCE
VIEW ALL →
CVE IDENTIFIERAFFECTED SYSTEMTHREAT ACTORCVSS SEVERITYSTATUSPUBLISHED
CVE-2025-7731Fortinet FortiGate SSL-VPNUNC4841CRITICALACTIVE2025-06-10
CVE-2025-1147Windows CLFS DriverLAPSUS$CRITICALACTIVE2025-06-08
CVE-2025-3892Apache Kafka 3.xUnknownHIGHPATCH AVAILABLE2025-06-05
CVE-2024-9934VMware vSphere 8.0APT41HIGHPoC PUBLIC2025-05-29
CVE-2025-0089Cisco IOS XE 17.xSalt TyphoonCRITICALACTIVE2025-05-21
PREMIUM ANALYSIS
IN-DEPTH REPORTING
ANALYSIS
PREMIUM ANALYSIS

Anatomy of a Supply Chain Intrusion: Tracking the Lazarus Group's 18-Month Operation

An exclusive deep-dive investigation into a sophisticated software supply chain campaign attributed to North Korea's Lazarus Group that compromised 47 downstream organizations through a single poisoned open-source dependency.

Ingrid Solberg·2025-06-07·14 MIN READ
READ ANALYSIS →
ANALYSIS
PREMIUM ANALYSIS

The Widening Gap: Critical Infrastructure Cyber Defense in an Era of Persistent Nation-State Threats

A comprehensive analysis of the structural vulnerabilities that continue to expose water, energy, and transportation systems to adversarial exploitation—and the policy, technology, and organizational reforms required to close the gap.

Dr. Priya Venkataraman·2025-06-02·18 MIN READ
READ ANALYSIS →

INTELLIGENCE SUBSCRIPTION

Stay Ahead of the Threat Landscape

Receive real-time alerts for critical vulnerabilities, threat actor activity, and exclusive analysis directly to your inbox.