All Posts

All Posts

Outbreak Alert - Google Chrome 0-Day Vulnerability

ICS Labs’ CTI team has identified alerts regarding a critical vulnerability in the Google Chrome browser, tracked under ID 466192044 in Chromium, which is being actively exploited. The flaw, classified as high severity, affects the Almost Native Graphics Layer Engine (ANGLE) library, specifically in the Metal renderer, due to an error in buffer sizing based on pixelsDepthPitch. This issue can lead to memory corruption, execution failures, or allow arbitrary code execution.

Security Team

Dec 19, 20251 min read

Announcement- FortiCloud Single Sign-On (SSO) - [FG-IR-25-647]

Dear Clients, The FG-IR-25-647 vulnerability affects the FortiCloud Single Sign-On (SSO) authentication mechanism used as an alternative to access platforms such as FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. The flaw could allow an unauthenticated attacker to manipulate the login flow and attempt to gain unauthorized access to the environment. Because it is present in widely used solutions, this vulnerability required immediate attention to prevent exploitation r

Security Team

Dec 12, 20251 min read

Ransomware Attack Compromises Marquis Software Solutions’ Customer and Bank Data

ICS Labs has identified in its research news about a ransomware attack that affected the fintech Marquis Software Solutions , compromising data from 42,784 customers and 67 banks. The provider issued a statement informing that the incident occurred on August 14 through its SonicWall firewall. According to the company, “The investigation revealed that an unauthorized third party accessed Marquis’ network through its SonicWall firewall on August 14, 2025, and may have obtain

Security Team

Dec 10, 20251 min read

Grafana Enterprise – Critical Security Fix (CVE-2025-41115)

ICS Labs' CTI has identified a critical vulnerability in Grafana Enterprise (CVE-2025-41115), with a CVSS score of 10.0 , affecting versions 12.0.0 through 12.2.1. The flaw is related to the SCIM (System for Cross-domain Identity Management) feature, introduced for automated user and team management. In specific configurations, a malicious or compromised SCIM client can provision users with a numeric externalId, allowing internal ID overwriting and enabling impersonation or

Security Team

Dec 4, 20252 min read

Curly COMrades (Hyper-V Abuse for EDR Bypass)

ICS Labs’ CTI has identified an advanced EDR evasion technique actively exploited by the group Curly COMrades , a threat actor associated with Russian interests. This technique involves creating a virtual machine where malicious actions are executed, in order to establish an administrative interface within this hidden environment. Threat Overview: The key differentiator of this campaign is the use of legitimate virtualization ( Hyper-V ) as an evasion mechanism. Instead of i

Security Team

Nov 28, 20252 min read

Bank attack via WhatsApp Web - Maverick

Since the beginning of October 2025, ICS Labs has identified a massive campaign to spread banking malware called Maverick , with over 62,000 observed attacks targeting Brazil . The threat exhibits characteristics of advanced social engineering, fileless execution, and automatic propagation via WhatsApp , affecting both home users and corporate environments. Threat overview: The infection begins with receiving a message on WhatsApp containing a compressed file (.zip), di

Security Team

Nov 13, 20252 min read

BOF Tool targets Microsoft Team's Cookies

ICSLabs has identified a technique that allows malicious actors to interact with the Microsoft Teams, Skype, and Microsoft Graph APIs to read and send messages on behalf of the victim, enabling data exfiltration, internal spear-phishing, and lateral movement without needing a password or bypassing MFA directly. The technique exploits the way Microsoft Teams uses WebView processes (msedgewebview2.exe) and stores cookies in a local SQLite database. Tools adapted from "Cookie-M

Security Team

Nov 10, 20252 min read