Security bulletin
Selected alerts, vulnerabilities and attack campaigns we track and respond to. Short, technical summaries for IT teams.
The entries below are illustrative and show the type of alerts we send to clients under monitoring. Notifications are tailored to specific infrastructure.
RCE-class vulnerability in a popular application server
An actively exploited flaw allowing remote code execution without authentication. We are observing scanning of vulnerable instances across Polish address space.
- Apply the vendor's patch immediately or restrict access from the public network.
- Check logs for unusual requests and new processes on the server.
- Verify that the service is not needlessly exposed to the internet.
Ransomware campaign abusing compromised VPN accounts
Attackers log in to corporate VPNs with stolen passwords without MFA, then move laterally to domain controllers.
- Enforce MFA on all remote-access accounts.
- Introduce network segmentation and limit service-account privileges.
- Test backup restores and keep them offline.
Phishing impersonating e-delivery services and invoices
A mass email campaign with attachments and links to fake login panels. The goal is to capture mail and corporate banking credentials.
- Train employees and remind them how to verify the sender.
- Deploy mail filtering and flag external messages.
- Enable MFA for mail and privileged accounts.
Publicly accessible object storage (S3 / Blob)
During reconnaissance we regularly find misconfigured buckets with customer data and backups accessible without authentication.
- Block public access at the account and individual-resource level.
- Enable encryption and access logging for storage.
- Review IAM policies for excessive privileges.
Rise in supply chain attacks across the npm ecosystem
Malicious packages impersonating popular libraries are reaching public repositories and stealing environment variables and tokens.
- Pin dependency versions and verify checksums.
- Add dependency scanning to your CI/CD pipeline.
- Restrict token and secret access during the build stage.
Want alerts like these in real time?
We deploy threat monitoring and notify you about vulnerabilities relevant to your infrastructure before they hit the headlines.
Ask about monitoring