Unveiling TITAN AI: A New Era of Threat-Informed Third-Party Risk Management
Request a demo Get started for free

Resources

Cybersecurity white papers, data sheets, webinars, videos and more

Resource Library

Clear filters

Beyond the Hype: Moltbot’s Real Risk Is Exposed Infrastructure, Not AI Superintelligence

February 9, 2026

Beyond the Hype: Moltbot’s Real Risk Is Exposed Infrastructure, Not AI Superintelligence
STRIKE Uncovers Widespread OpenClaw (Moltbot) Exposure Across the Internet Why are AI agents becoming a new attack surface? Over the past several days, OpenClaw (formerly known as Clawdbot and and Moltbot) has drawn intense attention across social media and headlines. Much of that attention has focused on… Read More
STRIKE Team
What Are Moltbot and Moltbook and What Happens When Agentic AI Assistants Scale Without Security

February 3, 2026

What Are Moltbot and Moltbook and What Happens When Agentic AI Assistants Scale Without Security
Moltbot, Moltbook, and the Real Risk Behind the AI Hype Moltbot, which offers users agentic artificial intelligence (AI) personal assistants, and its companion platform Moltbook have provided a useful case study over the last several days in how automation, poor… Read More
The Quiet Siege II

January 23, 2026

The Quiet Siege II
The following depiction described here is fictional and does not represent a real attack, organization, or incident.   Part II: Life, Interrupted The Echo of the Siege   Amara sat at the head of a smaller table now,… Read More
The Quiet Siege I

January 23, 2026

The Quiet Siege I
The following depiction described here is fictional and does not represent a real attack, organization, or incident. A Distributed Denial of Service (DDoS) attack is a digital ambush: thousands of compromised systems flooding a service with so many requests… Read More
Latin America as a Proving Ground: Cybercriminal Innovation and Escalation

January 23, 2026

Latin America as a Proving Ground: Cybercriminal Innovation and Escalation
Conti Ransomware (Costa Rica, 2022) The Conti ransomware group, active since late 2019, quickly became one of the most aggressive forces in the world of cybercrime. Known for “big game hunting” and its double-extortion model: stealing data before encrypting systems, Conti targeted major institutions in healthcare,… Read More
Operation WrtHug Exposed: The Router Hack You Need to Know

December 10, 2025

Operation WrtHug Exposed: The Router Hack You Need to Know
Why Router Hacking Is Not Just a Patching Issue Your home router can become someone else’s covert infrastructure without you ever noticing. SecurityScorecard’s Field Chief Threat Intelligence Officer Ryan Sherstobitoff, Security Researcher Gilad Maizles, and Signals Collection Engineer Marty Kareem joined SecurityScorecard’s Senior Content Writer Shannon Vavra to… Read More
Operation WrtHug, The Global Espionage Campaign Hiding in Your Home Router

November 19, 2025

Operation WrtHug, The Global Espionage Campaign Hiding in Your Home Router
Your home router, the device that connects you to the internet, may have been turned into a tool for a global espionage campaign. A new report, “Operation WrtHug,” has uncovered a massive, coordinated effort that has compromised thousands of ASUS routers worldwide. This is a meticulously planned operation… Read More
STRIKE Team
When SaaS Trust Becomes a Threat: Insights from the Salesloft Drift Compromise

September 10, 2025

When SaaS Trust Becomes a Threat: Insights from the Salesloft Drift Compromise
A recent breach at Salesloft shows how attackers can use trusted tools against the very companies that rely on them. Attackers used OAuth tokens for the “Drift” chat agent integration with Salesforce to gain access to sensitive customer data in recent days. The series of incidents highlights how… Read More
STRIKE Team
From the Depths of the Shadows: IRGC and Hacker Collectives Of The 12-Day War

August 5, 2025

From the Depths of the Shadows: IRGC and Hacker Collectives Of The 12-Day War
In June 2025, during the 12-day conflict between Israel and Iran, a network of Iran-linked hackers launched a flurry of cyber-operations aligned with the war. As air strikes crossed borders, a vast array of hacking groups began working to sway public opinion, disrupt businesses, and intimidate and undermine… Read More
STRIKE Team
9 Year Old Vulnerability Still Affecting Thousands (CVE-2016-10033)

July 8, 2025

9 Year Old Vulnerability Still Affecting Thousands (CVE-2016-10033)
SecurityScorecard July 7 Advisory On July 07, 2025, CVE-2016-10033 was added to CISA’s list of Known Exploited Vulnerabilities (CISA-KEV).  This vulnerability is a critical vulnerability affecting various versions of PHPMailer, Joomla and WordPress with a CVSS score of 9.8. Severity: Critical… Read More
STRIKE Alert
Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability (CVE-2025-6543) Added to CISA KEV

July 1, 2025

Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability (CVE-2025-6543) Added to CISA KEV
SecurityScorecard June 30 Advisory CVE-2025-6543 is a critical vulnerability affecting Citrix Netscaler Application Delivery Controller with a CVSS score of 9.2. On June 30, 2025, this vulnerability was added to CISA’s list of Known Exploited Vulnerabilities (CISA-KEV). Severity: Critical Impact:… Read More
STRIKE Alert
Unmasking A New China-Linked Covert ORB Network: Inside the LapDogs Campaign

June 23, 2025

Unmasking A New China-Linked Covert ORB Network: Inside the LapDogs Campaign
LapDogs: China-Linked ORB Network Revealed in Global Espionage Campaign   SecurityScorecard’s STRIKE team has identified a previously unreported Operational Relay Box (ORB) Network—LapDogs—a novel and prolonged espionage infrastructure campaign that marks yet another instance of China-Nexus cyber actors leveraging ORB Networks.   Key Takeaways… Read More
STRIKE Team
Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability (CVE-2025-32433) Added to CISA KEV

June 10, 2025

Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability (CVE-2025-32433) Added to CISA KEV
SecurityScorecard June 10 Advisory CVE-2025-32433 is a critical vulnerability affecting Erlang OTP with a CVSS score of 10.0. On June 09, 2025, this vulnerability was added to CISA’s list of Known Exploited Vulnerabilities (CISA-KEV). Severity: Critical Impact: Severe impact, high… Read More
STRIKE Alert
SecurityScorecard Advisory: Synacor Zimbra Collaboration Suite XSS Vulnerability (CVE-2024-27443) Added to CISA KEV

May 20, 2025

SecurityScorecard Advisory: Synacor Zimbra Collaboration Suite XSS Vulnerability (CVE-2024-27443) Added to CISA KEV
CVE-2024-27443 is a vulnerability affecting Zimbra Collaboration.  As described in a blog post by ESET Research, this vulnerability is currently being exploited in the wild and is found to be targeting government entities and defense companies. On May… Read More
STRIKE Alert
SecurityScorecard Advisory: Apache HTTP Server Improper Escaping of Output Vulnerability (CVE-2024-38475) Added to CISA KEV

May 6, 2025

SecurityScorecard Advisory: Apache HTTP Server Improper Escaping of Output Vulnerability (CVE-2024-38475) Added to CISA KEV
CVE-2024-38475 is a vulnerability affecting Apache HTTP Servers with a CVSS score of 9.1.  By sending specially crafted HTTP requests, this flaw allows remote attackers to retrieve sensitive files on the target machine.  As described by watchTowr Labs and Orange Tsai in their blogs (… Read More
STRIKE Alert
SecurityScorecard Advisory: Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability (CVE-2025-21590) Added to CISA KEV

April 7, 2025

SecurityScorecard Advisory: Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability (CVE-2025-21590) Added to CISA KEV
CVE-2025-21590 is a vulnerability affecting Juniper Routers with a CVSS score of 6.7.  The flaw is found in Juniper routers running end-of-life hardware and software.  As described by Mandiant in a blog post, the threat actor known as UNC3886 was… Read More
STRIKE Alert