Report
Comprehensive CTI Report: Insights from the LockBit Ransomware Group Data Dump
Executive Summary This report analyzes a leaked database dump from the LockBit ransomware group, providing actionable insights into their operations, tactics, and infrastructure. Key findings include the identification of Bitcoin addresses used for ransom payments, operator activity patterns, negotiation tactics, and targeted industries. These insights can help security professionals detect, mitigate, and respond to LockBit…
Read MoreComprehensive CTI Report: Scattered Spider Threat Actor Group
Purpose: To provide an exhaustive analysis of the Scattered Spider threat actor group, detailing their profile, payloads, tactics, techniques, and procedures (TTPs), MITRE ATT&CK framework mappings, methods for proactively tracking their networks using tools like Shodan, and their affiliations with other threat actor groups, incorporating recent insights from the Google Mandiant report. Executive Summary Scattered…
Read MoreCritical CVEs and Associated Threats
This report was prepared by Barricade Cyber Solutions and aims to inform our clients and prospects about critical Common Vulnerabilities and Exposures (CVEs) identified in the CrowdStrike 2025 Global Threat Report. These known critical vulnerabilities pose significant risks; understanding these risks can help protect your systems from emerging cyber threats. Critical CVEs and Associated Threats…
Read MoreSPOTREP: Exploitation of Windows CLFS Zero-Day Vulnerability (CVE-2025-29824)
Vulnerability Details: Zero-day elevation of privilege vulnerability in Windows Common Log File System (CLFS) Tracked as CVE-2025-29824 Allows escalation from standard user to SYSTEM privileges Exploitation Details: Post-compromise exploitation observed against a small number of targets Exploit delivered via PipeMagic malware Used to deploy ransomware payloads Affected Systems/Targets: Known targets include: IT and real estate…
Read MoreSituational Awareness Report: CVE-2025-24813 Apache Tomcat RCE
Overview CVE-2025-24813 is a critical Remote Code Execution (RCE) vulnerability affecting Apache Tomcat, a widely used open-source web server and servlet container. This vulnerability enables attackers to upload a malicious serialized payload to a vulnerable server, leading to arbitrary code execution through a deserialization flaw under specific conditions. The recent release of a Proof of…
Read MoreSPOTREP: SuperBlack Ransomware Campaign
Executive Summary: SuperBlack Ransomware Campaign The SuperBlack ransomware campaign, active since late January 2025, presents a serious threat to organizations utilizing Fortinet firewall appliances. Orchestrated by the threat actor Mora_001, this campaign exploits two critical authentication bypass vulnerabilities—CVE-2025-24472 and an unspecified flaw—to gain super-admin privileges. Attackers employ WebSocket-based attacks or crafted HTTPS requests to infiltrate…
Read MoreExecutive Summary: Continued Attacks on USA Law Firms
Executive Summary A cybercriminal operating under the alias CeFarir0ne has put up for sale unauthorized Remote Desktop Protocol (RDP) access to an unidentified law firm based in the United States. According to the forum listing, the law firm generates approximately $5 million in annual revenue. The access being sold includes: A user-level domain account One domain controller One domain trust…
Read MoreExecutive Summary: ShadowSyndicate Threat Group
Executive Summary In late 2024, Darktrace identified multiple instances of RansomHub ransomware attacks linked to the ShadowSyndicate threat group. ShadowSyndicate, active since 2022, has been associated with several ransomware families and sophisticated tools, including Cobalt Strike and Sliver. Their latest collaboration with RansomHub, a rising Ransomware-as-a-Service (RaaS) operator, underscores an evolving threat landscape. This report…
Read More