Gatlab Security Blog

Gatlab Security BlogCVE digest, threat intelligence, and cybersecurity research by Gatlab.https://blog.gatlab.id/enCVE Weekly Digest — Week 17, 2026https://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/Top CRITICAL & HIGH CVEs this week: CVE-2026-6643, CVE-2026-6644, CVE-2026-5963 and more.Sun, 26 Apr 2026 00:00:00 GMTCVEcvedigestweeklythreat-intelWelcome to Gatlab Security Bloghttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/CVE digests, threat intelligence, security tutorials, and research from PT Global Adicita Teknologi. Everything you need to stay ahead of attackers.Sun, 26 Apr 2026 00:00:00 GMTNewsgatlabsecurityblogannouncementCISA Releases 2025 Top Routinely Exploited Vulnerabilities — Key Takeawayshttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/CISA's annual list of most exploited vulnerabilities reveals attackers are consistently targeting known flaws in perimeter devices, VPNs, and web applications. Here's what you need to know.Fri, 24 Apr 2026 00:00:00 GMTNewsnewscisavulnerabilitiespatch-managementindustryADVISORY: Critical Privilege Escalation in Cisco IOS XE Web UI — 50,000 Devices Exposedhttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/Gatlab Security Advisory: Cisco IOS XE management interface vulnerabilities allow unauthenticated attackers to create privileged accounts. Over 50,000 devices remain unpatched and internet-exposed.Thu, 23 Apr 2026 00:00:00 GMTAdvisoryadvisoryciscoios-xenetworkcriticalpatch-nowAPT29 Targets European Diplomatic Missions with Novel Spear-Phishing Campaignhttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/Russia's APT29 (Cozy Bear) is conducting a sophisticated spear-phishing campaign against European embassies using wine-tasting event lures and a new malware loader called WINELOADER.Wed, 22 Apr 2026 00:00:00 GMTThreat Intelthreat-intelapt29russiaspearphishingdiplomacyespionageCVE-2025-0282: Critical RCE in Ivanti Connect Secure Actively Exploitedhttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/A stack-based buffer overflow in Ivanti Connect Secure allows unauthenticated remote code execution. CISA confirms active exploitation in the wild. Patch immediately.Mon, 20 Apr 2026 00:00:00 GMTCVEcveivantivpnrcecriticalzero-daySetting Up Wazuh SIEM: A Complete Beginner's Guidehttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/Step-by-step guide to deploying Wazuh — the open-source SIEM and XDR platform — on a single server, enrolling agents, and writing your first detection rules.Sat, 18 Apr 2026 00:00:00 GMTTutorialtutorialwazuhsiemdetectionmonitoringblue-teamCVE-2025-24085: Apple Core Media Zero-Day Exploited in the Wildhttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/A use-after-free vulnerability in Apple's Core Media framework allows a malicious application to elevate privileges. Apple confirms active exploitation against iOS versions prior to 17.2.Wed, 15 Apr 2026 00:00:00 GMTCVEcveappleiosmacosprivilege-escalationzero-dayModern Browser Memory Corruption: From Bug to Full Compromisehttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/A technical research breakdown of how memory corruption vulnerabilities in browsers are discovered, exploited, and chained to achieve full system compromise in modern web browsers.Tue, 14 Apr 2026 00:00:00 GMTResearchresearchbrowsermemory-corruptionexploitv8chromepwnMajor Healthcare Provider Breach: 10M Patient Records Exposed via Unpatched VPNhttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/A healthcare provider suffered a massive data breach affecting 10 million patients after attackers exploited an unpatched Ivanti VPN vulnerability. HIPAA violations expected, $50M+ in fines projected.Sun, 12 Apr 2026 00:00:00 GMTNewsnewsdata-breachhealthcarehipaavpnivantiADVISORY: Mass Exploitation of WordPress Plugins — 1M+ Sites at Riskhttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/Multiple critical vulnerabilities in popular WordPress plugins are being mass-exploited by automated bots. Sites running LiteSpeed Cache, Elementor Pro, and WP Fastest Cache should update immediately.Fri, 10 Apr 2026 00:00:00 GMTAdvisoryadvisorywordpressplugincmswebserverpatch-nowBlackCat/ALPHV Ransomware: Technical Deep Dive and Defense Strategieshttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/A comprehensive technical analysis of the BlackCat/ALPHV ransomware-as-a-service operation, including TTPs, encryption mechanisms, and effective defensive countermeasures.Wed, 08 Apr 2026 00:00:00 GMTThreat Intelthreat-intelransomwareblackcatalphvanalysisdefenseBurp Suite for Web Pentesting: From Zero to First Findinghttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/A hands-on introduction to Burp Suite Community Edition — setting up your proxy, intercepting requests, using Repeater, and finding your first web vulnerability.Sun, 05 Apr 2026 00:00:00 GMTTutorialtutorialburp-suitewebpentestingowaspproxySupply Chain Attacks in Open Source: Anatomy of the xz-utils Backdoorhttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/A deep technical analysis of the XZ Utils backdoor (CVE-2024-3094) — how a sophisticated 2-year social engineering campaign nearly compromised most Linux systems globally.Wed, 01 Apr 2026 00:00:00 GMTResearchresearchsupply-chainxz-utilsbackdooropen-sourcesocial-engineeringBSSN Launches Indonesia National Cyber Drill 2026: What Organizations Need to Knowhttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/Indonesia's national cybersecurity agency BSSN is conducting its largest-ever cyber drill involving 300+ government agencies and critical infrastructure operators. Preparation guide and key dates inside.Mon, 30 Mar 2026 00:00:00 GMTNewsnewsbssnindonesiacyber-drillgovernmentincident-responseCVE-2024-55591: Fortinet FortiGate Auth Bypass — Mass Exploitation Underwayhttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/An authentication bypass vulnerability in Fortinet FortiOS management interface allows attackers to gain super-admin privileges. Over 15,000 firewalls confirmed compromised globally.Sat, 28 Mar 2026 00:00:00 GMTCVEcvefortinetfortigatefirewallauth-bypasscriticalADVISORY: VMware vCenter Critical RCE — Patch Your Virtualization Infrastructure Nowhttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/Critical unauthenticated remote code execution vulnerabilities in VMware vCenter Server are being exploited by ransomware groups to compromise entire virtualized infrastructures.Wed, 25 Mar 2026 00:00:00 GMTAdvisoryadvisoryvmwarevcentervirtualizationrcecriticalransomwareWriting YARA Rules for Malware Detection: A Practical Guidehttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/Learn to write effective YARA rules from scratch — from basic string matching to advanced conditions, byte patterns, and PE module usage for detecting malware families.Sun, 22 Mar 2026 00:00:00 GMTTutorialtutorialyaramalwaredetectionthreat-huntingblue-teamLazarus Group's $1.5B Cryptocurrency Exchange Heist: A Full Post-Mortemhttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/North Korea's Lazarus Group executed the largest cryptocurrency theft in history by compromising a developer's machine via a fake job interview. We break down the full attack chain.Fri, 20 Mar 2026 00:00:00 GMTThreat Intelthreat-intellazarusnorth-koreacryptoaptsupply-chainAI-Powered Phishing: How LLMs Are Transforming Social Engineering Attackshttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/Research findings on how threat actors leverage large language models to generate hyper-personalized phishing emails, bypass spam filters, and scale spear-phishing attacks previously requiring manual effort.Sun, 15 Mar 2026 00:00:00 GMTResearchresearchaillmphishingsocial-engineeringgptADVISORY: Palo Alto Networks GlobalProtect Command Injection — Unauthenticated RCEhttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/A command injection vulnerability in Palo Alto Networks PAN-OS GlobalProtect gateway enables unauthenticated remote code execution. CISA confirms active exploitation by state-sponsored actors.Thu, 12 Mar 2026 00:00:00 GMTAdvisoryadvisorypalo-altopan-osvpncommand-injectionrcestate-actorCVE-2025-21298: Windows OLE Zero-Click RCE via Email — Patch Nowhttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/A critical zero-click vulnerability in Windows OLE allows remote code execution simply by previewing a malicious email in Outlook. No user interaction required.Tue, 10 Mar 2026 00:00:00 GMTCVEcvewindowsoleoutlookrcezero-clickmicrosoftNetwork Traffic Analysis with Wireshark: Blue Team Essentialshttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/Master Wireshark for security analysis — capture filters, display filters, following streams, detecting port scans, and identifying C2 traffic in network captures.Sun, 08 Mar 2026 00:00:00 GMTTutorialtutorialwiresharknetworktraffic-analysisblue-teampcapSalt Typhoon: Inside the Largest Telecom Espionage Campaign in US Historyhttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/Chinese APT Salt Typhoon breached at least 9 major US telecommunications providers, accessing wiretap systems and senior officials' communications. A deep dive into the TTPs and geopolitical implications.Thu, 05 Mar 2026 00:00:00 GMTThreat Intelthreat-intelsalt-typhoonchinatelecomespionageaptlawful-interceptDNS Tunneling for C2: Detection and Mitigation Deep Divehttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/A technical examination of how attackers use DNS as a covert command-and-control channel, the encoding techniques employed, and proven detection methods for defenders.Sat, 28 Feb 2026 00:00:00 GMTResearchresearchdnstunnelingc2detectionthreat-huntingEU NIS2 Directive Now Fully Enforceable: What Global Organizations Must Dohttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/The EU's NIS2 Directive entered full enforcement in 2025 with penalties of up to €10M or 2% of global revenue. We break down who's covered, what's required, and how to comply.Wed, 25 Feb 2026 00:00:00 GMTNewsnewsnis2eucomplianceregulationgovernanceADVISORY: regreSSHion — Critical OpenSSH RCE Returns After 18 Yearshttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/CVE-2024-6387 (regreSSHion) is a race condition in OpenSSH's signal handler that allows unauthenticated remote code execution as root. Affects 14 million internet-exposed servers.Fri, 20 Feb 2026 00:00:00 GMTAdvisoryadvisoryopensshrcelinuxcriticalrace-conditionVolt Typhoon: Chinese APT Pre-Positioning in US Critical Infrastructurehttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/CISA, NSA, and FBI jointly warn that Volt Typhoon has maintained persistent access to US critical infrastructure for 5+ years, pre-positioning for potential disruption during geopolitical conflict.Wed, 18 Feb 2026 00:00:00 GMTThreat Intelthreat-intelvolt-typhoonchinacritical-infrastructureicsscadaaptBuild a Cybersecurity Home Lab in 2026: Complete Setup Guidehttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/Everything you need to build a professional-grade security home lab for under $0 — using free virtualization, vulnerable VMs, and open-source security tools to practice real-world skills.Sun, 15 Feb 2026 00:00:00 GMTTutorialtutorialhome-labvirtualboxkalipracticered-teamblue-teamIoT Firmware Security Analysis: Finding Vulnerabilities in Embedded Deviceshttps://blog.gatlab.id/posts/undefined/https://blog.gatlab.id/posts/undefined/A practical guide to IoT firmware analysis — extracting firmware, emulating with QEMU, finding hardcoded credentials, and identifying vulnerable services using open-source tools.Tue, 10 Feb 2026 00:00:00 GMTResearchresearchiotfirmwareembeddedbinwalkqemuhardware-security