Aggregator

Submit #602509 / VDB-308218

Submit #602374 / VDB-314092

Submit #602373 / VDB-314091

A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file middlewares/jwt.go. The manipulation with the input sublink leads to use of hard-coded cryptographic key . This vulnerability was named CVE-2025-6669. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

关键词恶意软件近日，卡巴斯基（Kaspersky）安全研究人员披露，一种名为 SparkKitty 的新型间谍

关键词人工智能人工智能正悄然取代人类黑客。

关键词Windows微软近日发布公告，提醒所有 Windows 用户及 IT 管理员注意：用于 Secure

随着纸媒收入下降，越来越多的媒体拥抱了付费订阅模式。但当用户在上网冲浪时遇到需要付费的新闻内容，有多少人会愿意付费？美国皮尤研究中心的一项调查显示，绝大多数人都不愿意付费。调查显示，83% 的被调查者表示过去一年没有为新闻付费，17% 的人通过订阅、捐赠或成为会员的方式向新闻机构付费。74% 的人在搜索新闻时遇到过付费墙，38% 的人经常遇到付费墙。大多数情况下，遇到付费墙后，53% 的人会寻找其他信息来源，32% 的人放弃，只有 1% 的人在遇到付费墙后会选择付费访问。受过高等教育的成年人、民主党人和老年人等更有可能为新闻付费，民主党人比共和党人的付费意愿更高（21% 对 14%）。

We need to talk about data integrity.

Narrowly, the term refers to ensuring that data isn’t tampered with, either in transit or in storage. Manipulating account balances in bank databases, removing entries from criminal records, and murder by removing notations about allergies from medical records are all integrity attacks.

More broadly, integrity refers to ensuring that data is correct and accurate from the point it is collected, through all the ways it is used, modified, transformed, and eventually deleted. Integrity-related incidents include malicious actions, but also inadvertent mistakes...

The post The Age of Integrity appeared first on Security Boulevard.

文章探讨了数据完整性的关键作用及其在AI和Web 3.0时代的重要性。数据完整性不仅涉及防止篡改，还包括从数据收集到删除的全生命周期准确性。作者指出，数据完整性是AI系统安全的核心问题，并提出了“integrous”一词来描述具备完整性的系统设计。

文章探讨了数据完整性的关键作用及其对人工智能和未来网络（如Web 3.0）的重要性。数据完整性不仅涉及防止篡改和错误，还包括从收集到删除的全生命周期准确性。作者指出，数据完整性是构建可信AI系统的核心安全问题，并呼吁研究“integrous”（可靠）系统设计以应对日益复杂的挑战。

Вы смотрите на досудебку,  а она смотрит на вас через Cobalt Strike.

The current geopolitical climate demands a proactive, comprehensive approach to cybersecurity. Here’s what you need to know — and how Tenable can help.

The cybersecurity landscape is in constant flux, but rarely do we see such a rapid escalation of threats as we are currently experiencing. The U.S. Department of Homeland Security's (DHS) National Terrorism Advisory System (NTAS) bulletin, issued on June 22, 2025, serves as a stark reminder of the volatile environment that organizations and their cyber leaders operate in. It specifically highlights the "heightened threat environment" stemming from U.S. involvement in the ongoing conflict between Israel and Iran, noting the likelihood of cyberattacks from both pro-Iranian hacktivists and state-affiliated actors.

Likewise, U.K. Prime Minister Sir Keir Starmer remarked at a NATO summit this week that the likes of Iran and Russia were carrying out cyber attacks "on a regular basis" and the U.K. needs to be prepared for them.

And in fact, according to a report by ABC News, hackers backing Tehran have already targeted U.S. banks, defense contractors and oil industry companies since the military bombings, although no widespread disruptions have been caused yet.

According to the article, “Two pro-Palestinian hacking groups claimed they targeted more than a dozen aviation firms, banks and oil companies following the U.S. strikes over the weekend. The hackers detailed their work in a post on the Telegram messaging service and urged other hackers to follow their lead, according to researchers at the SITE Intelligence Group, which tracks the groups' activity.”

This isn't just a geopolitical issue; it's a direct and immediate challenge to every organization, public and private, operating within the U.S. and beyond. As the DHS bulletin explicitly states, these actors "routinely target poorly secured U.S. networks and Internet-connected devices for disruptive cyber attacks." This isn't about if you'll be targeted, but when and, more importantly, how prepared you are to weather the storm.

The new normal: Geopolitical conflict and cyber reckoning

For too long, cybersecurity has often been viewed as a reactive discipline. Exposure Whac-a-Mole®. But in an era where geopolitical tensions translate directly into digital aggression, a reactive stance is a recipe for disaster. We're seeing critical infrastructure, often including operational technology (OT) environments, in the crosshairs. These are the systems that power our cities, deliver our water and fuel our economies. A disruption here can have catastrophic, real-world consequences.

Learn how you can use Tenable products to shore up your defenses. Read the blog Frequently Asked Questions About Iranian Cyber Operations.

Consider the recent history of Iranian-linked cyber activity, which includes breaches of U.S. water infrastructure and attempts to disrupt critical sectors. These aren't abstract threats. They’re documented and impactful. The DHS bulletin, in addition to insights from the Tenable Research Special Operations team, underscores that the risk extends beyond traditional IT networks, emphasizing the need for comprehensive security across all interconnected systems.

Mitigation recommendations

From a practical perspective in this heightened threat environment, we recommend the following immediate steps to strengthen your cyber defenses:

• Use strong passwords and enforce a strong password policy
• Change default passwords, especially on OT hardware
• Scan for and patch vulnerabilities in assets exposed to the internet
• Enable multi-factor authentication (MFA)
• Identify and prioritize your most valuable assets for remediation
• Develop a remediation plan and continue to test and improve it

Securing the foundation: A call to action for OT environments

The specific mention of critical infrastructure in the DHS bulletin is a call to action for every U.S. organization that even touches operational technology (OT) systems. These environments, often characterized by legacy equipment and unique protocols, present distinct cybersecurity challenges. Tenable's expertise in OT security is more vital than ever and gives organizations the immediate ability to:

• Automate asset discovery and mapping: Gain a complete, up-to-date inventory of all your OT assets, from programmable logic controllers (PLCs) and remote terminal units (RTUs) to human-machine interfaces (HMIs), ensuring no critical component is left unmonitored.
• Detect and mitigate OT-specific threats: Leverage advanced detection engines tailored to industrial control systems to identify anomalous network behavior, enforce security policies, and track changes that could signal a breach in progress.
• Contextualize OT vulnerabilities: Understand the specific risks posed by vulnerabilities within your OT environment, taking into account firmware versions, proprietary research and the potential impact on operational continuity.

Embracing exposure management

Beyond practicing strong cyber hygiene across IT and OT infrastructure, what more can organizations do to protect themselves? The answer lies in shifting their mindset from simply managing vulnerabilities to proactively managing exposure. Vulnerability management is crucial, but it's only one piece of the puzzle. Exposure management, however, provides a holistic view of your entire attack surface, allowing you to understand and prioritize risk in a way that traditional approaches simply cannot. This only becomes more important in the age of accelerated, AI-led attacks, which require incredible speed to outmaneuver.

At Tenable, we believe that understanding your exposure is the only way to truly understand and reduce your cyber risk. Our Tenable One Exposure Management Platform empowers organizations to:

• See everything: You can't protect what you can't see. Our exposure management platform provides comprehensive visibility across your entire modern attack surface, scanning everything from IT assets to cloud resources, containers, web applications, identity systems and, critically, your OT environments. This unified view is paramount when adversaries are looking for the weakest link, regardless of whether it resides in your IT or OT infrastructure.
• Anticipate and prioritize: The sheer volume of vulnerabilities can be overwhelming. Tenable's platform goes beyond just identifying vulnerabilities. We leverage advanced analytics, including our industry-leading Vulnerability Priority Rating (VPR), to help you understand the true risk each vulnerability poses to your unique environment. This means you can focus your limited resources on addressing the exposures that matter most, the ones most likely to be exploited by threat actors like those highlighted in the DHS bulletin. This includes pinpointing weaknesses in your OT systems that could be leveraged for disruptive attacks.
• Communicate cyber risk effectively: Security is no longer just an IT concern. It's also a business imperative. The Tenable One platform enables you to translate technical jargon into clear, actionable insights that resonate with leadership. This allows for informed decision-making and ensures that cybersecurity is integrated into the broader business strategy, rather than operating in a silo.

For details about the specific tools, tactics and techniques employed by Iranian nation-state actors and hactivists, and how you can use Tenable products to shore up your defenses, read the blog Frequently Asked Questions About Iranian Cyber Operations.

Conclusion

The current geopolitical climate demands a proactive, comprehensive approach to cybersecurity. It's no longer enough to react to threats, organizations need to anticipate them, understand their exposure and prioritize their defenses where they matter most. The DHS bulletin is a critical warning. Let it be the catalyst for your organization to embrace exposure management and fortify your digital infrastructure, from the data center to the factory floor. The time for action is now.

当前地缘政治冲突加剧网络攻击风险，美伊冲突背景下黑客攻击频发。关键基础设施面临威胁，需加强防御措施如多因素认证、漏洞修复等。Tenable提供暴露管理平台以全面监控风险。

当前地缘政治紧张局势加剧了网络安全威胁，尤其是针对关键基础设施的攻击。美国国土安全部警告称，伊朗及其支持的黑客组织可能对美国银行、国防承包商和能源公司发起网络攻击。文章强调组织需采取主动措施加强防御能力，并建议通过Tenable平台进行漏洞管理和风险评估以应对威胁。

本文介绍了Drupal网站安全的最佳实践和配置方法。通过定期更新核心和模块、使用可信模块、安装Security Kit增强HTTP头保护、限制文件上传类型、配置强密码策略和两步验证等措施，构建多层次防御体系以抵御网络攻击。

Security operations centers (SOCs) are under pressure from both sides: threats are growing more complex and frequent, while security budgets are no longer keeping pace. Today’s security leaders are expected to reduce risk and deliver results without relying on larger teams or increased spending. At the same time, SOC inefficiencies are draining resources. Studies show that up to half of all

Tenable’s Research Special Operations team focuses on some frequently asked questions about Iranian cyber operations, including the tactics, techniques and procedures employed by Iran-based threat actors.

Background

Tenable’s Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding Iranian cyber operations in the wake of the recent conflict and warnings from U.S. government agencies, including the Department of Homeland Security (DHS), about potential retaliatory attacks from cyber actors affiliated with the Iranian government as well as hacktivists.

This FAQ provides a focused analysis of Iranian state-sponsored cyber threats, detailing the types of threats used by Advanced Persistent Threat (APT) groups, tactics, techniques and procedures (TTPs) mapped to the MITRE ATT&CK framework and the specific vulnerabilities they consistently exploit. We also provide guidance about Tenable product coverage you can use to reduce your cyber exposure to these threats.

FAQ

Has there been an increase in threat activity related to Iran-based threat actors?

While there have been ample warnings from U.S. government agencies about retaliatory attacks, we’re also seeing a slight increase in reported activity by threat actors. Reports have cited that threat actors have begun targeting U.S. finance, defense, and energy sectors. While this activity has been limited to distributed-denial-of-service (DDoS) attacks, there have also been recent reports of an increase in targeted phishing attacks.

Which threat actors are believed to be Iran-based or linked to the Iranian government?

In recent years, several Iran-based groups have been identified by security vendors and U.S. government agencies, including the Cybersecurity and Infrastructure Security Agency (CISA). In some alerts, threat activity has been linked to the Iranian Islamic Revolutionary Guard Corps (IRGC), while other APT groups and hacktivist groups have been identified as having ties to Iran. The table below outlines the groups and known activities linked to them. While this is not an exhaustive list of all known APTs and threat actors known to have previously been attributed to Iran, these groups have been recent subjects of CISA and other U.S. government alerts and have been featured in reports from multiple security vendors.

Threat actorActivityHomeLand JusticeCarried out destructive attacks against the Government of Albania in 2022, utilizing ransomware and disk wiping malware.

Pioneer Kitten

Fox Kitten

UNC757

Parisite

RUBIDIUM

Lemon Sandstorm

Br0k3r

xplfinder

Collaborates with ransomware groups in order to monetize access to victim networks. Known to exploit common and well-known vulnerabilities in internet-facing devices and critical infrastructure.CyberAv3ngersAttacked and defaced OT devices, including Unitronics PLC devices commonly used in water and wastewater systems.

APT35

CALANQUE

Charming Kitten

CharmingCypress

ITG18

Mint Sandstorm (formerly Phosphorus)

Newscaster

TA453

Yellow Garuda

Educated Manticore

APT42*

Agent Serpens

UNC788

Social engineering campaigns targeting journalists and internet-facing applications

*APT42 is a subcluster of APT35 and also poses as journalists in order to harvest credentials. Some aliases overlap between these groups.

APT34

OilRig

Helix Kitten

Hazel Sandstorm

Earth Simnavaz

Exploits internet-facing servers and uses supply chain attacks to target finance, energy, chemical, telecommunications and government sectors.

MuddyWater

Earth Vetala

MERCURY

Static Kitten

Seedworm

TEMP.Zagros

Uses remote monitoring and management tools to target telecom companies in the Middle East and North Africa, Europe and North America.

Agrius

Pink Sandstorm

Targets Israeli companies with wiper malware disguised as ransomwareImperial KittenAn APT group that has targeted Israeli transportation/logistics and technology sectors

Banished Kitten

Dune

Known as "Faketivist" for its attempts to masquerade as hacktivist groups due to their adoption of TTPs used by hacktivist groups

What are the vulnerabilities that have been targeted by Iranian threat actors?

The following table contains a list of CVEs that have been known to be exploited by Iran-based threat actors. This list of CVEs covers a wide range of commonly exploited vulnerabilities that have also been abused by a wide variety of threat actors beyond just Iran-based APTs or state-sponsored actors.

CVEDescriptionCVSSv3 ScoreVPRCVE-2017-11774Microsoft Outlook Security Feature Bypass Vulnerability7.88.9CVE-2018-13379Fortinet FortiOS SSL VPN Web Portal Path Traversal Vulnerability [1] [2] [3]9.89.0CVE-2019-0604Microsoft SharePoint Remote Code Execution (RCE) Vulnerability [1]9.88.9CVE-2019-11510Pulse Connect Secure Arbitrary File Disclosure [1] [2] [3] [4]10.08.1CVE-2019-19781Citrix Application Delivery Controller (ADC) and Gateway Directory Traversal [1] [2] [3] [4] [5] [6] [7] [8] [9]9.88.9CVE-2019-5591Fortinet FortiOS Default Configuration [1] [2]6.56.6CVE-2020-12812Fortinet FortiOS Improper Authentication [1] [2]9.88.9CVE-2020-1472Windows Netlogon Elevation of Privilege (EoP) Vulnerability (Zerologon) [1] [2] [3] [4] [5]1010CVE-2021-31207Microsoft Exchange Server Security Feature Bypass Vulnerability (Part of ProxyShell) [1] [2] [3]6.66.6CVE-2021-34473Microsoft Exchange Server RCE (ProxyShell) [1] [2] [3]9.89.2CVE-2021-34523Microsoft Exchange Server EoP (Part of ProxyShell) [1] [2] [3]9.09.6CVE-2021-44228Apache Log4j RCE (Log4Shell) [1] [2] [3] [4]1010CVE-2021-45046Apache Log4j2 Denial of Service (DoS) and RCE [1] [2]9.08.1CVE-2021-45105Apache Log4j2 DoS [1] [2]5.96.6CVE-2022-1388F5 Networks F5 BIG-IP Authentication Bypass Vulnerability [1] [2] [3]9.89.0CVE-2022-26134Atlassian Confluence Server and Data Center OGNL Injection [1] [2]9.89.6CVE-2022-30190Microsoft Windows Support Diagnostic Tool (MSDT) RCE (Follina) [1] [2] [3]7.89.8CVE-2022-42475Fortinet ForiOS Heap-Based Buffer Overflow [1] [2]9.88.9CVE-2022-47966Zoho ManageEngine RCE [1]9.89.7CVE-2022-47986IBM Aspera Faspex RCE9.89.0CVE-2023-27350PaperCut NG Authentication Bypass9.89.0CVE-2023-3519Citrix Application Delivery Controller (ADC) and Gateway (formerly NetScaler ADC and Netscaler Gateway) Unauthenticated RCE Vulnerability [1] [2]9.89.0CVE-2023-38831RARLAB WinRAR Arbitrary Code Execution7.89.7CVE-2023-46805Ivanti Connect Secure and Ivanti Policy Secure Authentication Bypass Vulnerability [1] [2]8.26.7CVE-2023-6448Unitronics VisiLogic Default Administrative Password9.87.4CVE-2024-21887Ivanti Connect Secure and Ivanti Policy Secure Command Injection Vulnerability [1] [2] [3]9.19.8CVE-2024-24919Check Point Security Gateway Information Disclosure Vulnerability [1] [2]8.67.1CVE-2024-30088Windows Kernel Elevation of Privilege Vulnerability [1] [2]7.09.6CVE-2024-3400Palo Alto PAN-OS Command Injection Vulnerability [1] [2]10.010.0

*Please note: Tenable’s Vulnerability Priority Rating (VPR) scores are calculated nightly. This blog post was published on June 27 and reflects VPR at that time.

Has Tenable released any product coverage for these vulnerabilities?

The CVEs covered in this blog have product coverage from Tenable. A list of Tenable plugins for these vulnerabilities can be found on the individual CVE pages:

• CVE-2017-11774
• CVE-2018-13379
• CVE-2019-0604
• CVE-2019-11510
• CVE-2019-19781
• CVE-2019-5591
• CVE-2020-12812
• CVE-2020-1472
• CVE-2021-31207
• CVE-2021-34473
• CVE-2021-34523
• CVE-2021-44228
• CVE-2021-45046
• CVE-2021-45105
• CVE-2022-1388
• CVE-2022-26134
• CVE-2022-30190
• CVE-2022-42475
• CVE-2022-47966
• CVE-2022-47986
• CVE-2023-27350
• CVE-2023-3519
• CVE-2023-38831
• CVE-2023-46805
• CVE-2023-6448
• CVE-2024-21887
• CVE-2024-24919
• CVE-2024-30088
• CVE-2024-3400

These links will display all available plugins for the listed vulnerabilities, including upcoming plugins in our Plugins Pipeline. In addition to plugin coverage, the tables below highlight additional Tenable product coverage for the MITRE ATT&CK IDs that are known to be associated with Iran-based threat actors.

Tenable attack path techniques

MITRE ATT&CK IDDescriptionTenable attack path techniquesT1003.001OS Credential Dumping: LSASS MemoryT1003.001_WindowsT1012Query RegistryT1012_WindowsT1021.001Remote Services: Remote Desktop ProtocolT1021.001_WindowsT1047Windows Management InstrumentationT1047_WindowsT1053.005Scheduled Task/Job: Scheduled TaskT1053.005_WindowsT1059.001Command and Scripting Interpreter: PowerShellT1059.001_WindowsT1068Exploitation for Privilege EscalationT1068_WindowsT1069.002Permission Groups Discovery: Domain GroupsT1069.002_WindowsT1069.003Permission Groups Discovery: Cloud Groups

T1069.003_Azure

T1069.003_AWS

T1078.001Valid Accounts: Default AccountsT1078.001_ICST1078.002Valid Accounts: Domain AccountsT1078.002_WindowsT1078.003Valid Accounts: Local AccountsT1078.003_WindowsT1078.004Valid Accounts: Cloud AccountsT1078.004_AzureT1082System Information DiscoveryT1082T1098Account Manipulation

T1098.001_Azure

T1098.001_AWS

T1098.003_Azure

T1098.004

T1133External Remote Services

T1133_AWS

T1133_Azure

T1133_Windows

T1190Exploit Public-Facing ApplicationT1190_AwsT1219Remote Access SoftwareT1219_WindowsT1482Domain Trust DiscoveryT1482_WindowsT1484.002Domain or Tenant Policy Modification: Trust ModificationT1484.002_AzureT1499Endpoint Denial of ServiceT1499.004T1555Credentials from Password Stores

T1555.004_Windows

T1555.006

T1558.003Steal or Forge Kerberos Tickets: KerberoastingT1558.003_Windows

Tenable Identity Exposure Indicators of Exposure and Indicators of Attack

MITRE ATT&CK IDDescriptionIndicatorsT1003.001OS Credential Dumping: LSASS Memory

C-PROTECTED-USERS-GROUP-UNUSED

I-ProcessInjectionLsass

T1068Exploitation for Privilege EscalationI-SamNameImpersonationT1078Valid Accounts

C-AAD-PRIV-SYNC

C-AAD-SSO-PASSWORD

C-ADM-ACC-USAGE

C-ADMIN-RESTRICT-AUTH

C-ADMINCOUNT-ACCOUNT-PROPS

C-AUTH-SILO

C-BAD-SUCCESSOR

C-CLEARTEXT-PASSWORD

C-DANG-PRIMGROUPID

C-DANGEROUS-SENSITIVE-PRIVILEGES

C-DC-ACCESS-CONSISTENCY

C-DSHEURISTICS

C-EXCHANGE-MEMBERS

C-KERBEROS-CONFIG-ACCOUNT

C-KRBTGT-PASSWORD

C-MSA-COMPLIANCE

C-NATIVE-ADM-GROUP-MEMBERS

C-PASSWORD-DONT-EXPIRE

C-PASSWORD-HASHES-ANALYSIS

C-PASSWORD-NOT-REQUIRED

C-PASSWORD-POLICY

C-PKI-DANG-ACCESS

C-PRIV-ACCOUNTS-SPN

C-PROP-SET-SANITY

C-REVER-PWD-GPO

C-SERVICE-ACCOUNT

C-SLEEPING-ACCOUNTS

C-USER-PASSWORD

HIGH-NUMBER-OF-ADMINISTRATORS

MISSING-MFA-FOR-NON-PRIVILEGED-ACCOUNT

MISSING-MFA-FOR-PRIVILEGED-ACCOUNT

T1078.001Valid Accounts: Default Accounts

UNRESTRICTED-GUEST-ACCOUNTS

C-GUEST-ACCOUNT

GUEST-ACCOUNT-WITH-A-PRIVILEGED-ROLE

GUEST-ACCOUNTS-WITH-EQUAL-ACCESS-TO-NORMAL-ACCOUNTS

T1098Account Manipulation

C-AAD-CONNECT

C-ABNORMAL-ENTRIES-IN-SCHEMA

C-CREDENTIAL-ROAMING

C-DANG-PRIMGROUPID

C-DC-ACCESS-CONSISTENCY

C-EXCHANGE-PERMISSIONS

C-PROP-SET-SANITY

C-SDPROP-CONSISTENCY

C-SENSITIVE-CERTIFICATES-ON-USER

C-SHADOW-CREDENTIALS

CONDITIONAL-ACCESS-POLICY-DISABLES-CONTINUOUS-ACCESS-EVALUATION

ENTRA-SECURITY-DEFAULTS-NOT-ENABLED

LEGACY-AUTHENTICATION-NOT-BLOCKED

MFA-NOT-REQUIRED-FOR-A-PRIVILEGED-ROLE

MFA-NOT-REQUIRED-FOR-RISKY-SIGN-INS

MISSING-MFA-FOR-NON-PRIVILEGED-ACCOUNT

MISSING-MFA-FOR-PRIVILEGED-ACCOUNT

SHOW-ADDITIONAL-CONTEXT-IN-MICROSOFT-AUTHENTICATOR-NOTIFICATIONS

USER-WITH-API-TOKEN

T1110Brute Force

C-PASSWORD-HASHES-ANALYSIS

C-PASSWORD-POLICY

I-PasswordSpraying

T1190Exploit Public-Facing ApplicationAPPLICATION-ALLOWING-MULTI-TENANT-AUTHENTICATIONT1589Gather Victim Identity Information

C-DSHEURISTICS

C-PRE-WIN2000-ACCESS-MEMBERS

T1556Modify Authentication Process

C-AAD-PRIV-SYNC

C-SHADOW-CREDENTIALS

T1558.003Steal or Forge Kerberos Tickets: Kerberoasting

I-Kerberoasting

I-UnauthKerberoasting

Tenable Web App Scanning

MITRE ATT&CK IDDescriptionIndicatorsT1190Exploit Public-Facing ApplicationT1190_WAS

Tenable OT Security

MITRE ATT&CK IDDescriptionIndicatorsT0812Exploit Public-Facing ApplicationT0812_ICS

What else should I do to remain secure?

Cyber hygiene is even more critical in the face of heightened awareness than it is in normal times. Many of the attacks stemming from Iranian-sponsored threat actors mirror tactics used by other cyber actors, including exploiting software and devices that use weak authentication. Attacks have also targeted operational technology (OT) devices. To strengthen your cyber defenses, we recommend:

• Using strong passwords and enforcing a strong password policy
• Enabling multi-factor authentication (MFA)
• Changing default passwords, especially on OT hardware
• Patching vulnerabilities in assets exposed to the internet
• Identifying and prioritizing your most valuable assets for remediation
• Developing a remediation plan and continuing to test and improve it

Get more information

• Tenable Blog: Navigating a Heightened Cyber Threat Landscape: Military Conflict Increases Attack Risks
• Tenable Blog: AA24-241A : Joint Cybersecurity Advisory on Iran-based Cyber Actors Targeting US Organizations
• Tenable Blog: AA22-257A: Cybersecurity Agencies Issue Joint Advisory on Iranian Islamic Revolutionary Guard Corps-Affiliated Attacks
• Department of Homeland Security National Terrorism Advisory System Bulletin - June 22, 2025

Join Tenable's Research Special Operations (RSO) Team on the Tenable Community.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.