Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Defined by Gartner as the next evolution of breach and attack simulation (BAS), adversarial exposure validation (AEV) is a security solution that continuously assesses how well security controls prevent, detect, and respond to real-world adversarial behaviors—across multiple environments and the entire attack lifecycle.

On May 21, 2025, the FBI and CISA released a joint Cybersecurity Advisory (CSA), designated AA25-141B, warning about the rise in attacks leveraging LummaC2, attributed to a threat group referred to internally as Sticky Werewolf, this cyber espionage campaign has used LummaC2 malware since at least April 2023 to target Russian and Belarusian government agencies, science centers, and aviation manufacturers.

Authors: Or Yair, Security Research Team Lead Last August, I shared a blog on my most recent research project with Shmuel Cohen called QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share, which we initially presented at DEF CON 32 (2024). In it, we explained how we discovered 10 unique vulnerabilities in Google’s Quick Share data transfer utility, some of which we were able to assemble into an innovative remote code execution (RCE) attack chain against the Windows version.

On March 12, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), issued a joint Cybersecurity Advisory (CSA) titled “#StopRansomware: Medusa Ransomware” (Alert Code: AA25-071A).

On February 19, 2025, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint advisory to disseminate known Ghost (Cring)—(“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025. Detailed information about this threat and the associated IOCs and TTPs can be seen in the advisory: Ghost (Cring) Ransomware.

I could not be more proud to share exciting news that has been more than a decade in the making. Today, we are launching the next evolution of the SafeBreach platform, which will give large enterprise security teams the power to see into the future and gain unprecedented insight into their cyber risk.

Happy new year! 2025 is underway and the SafeBreach team is off to a strong start after a record-breaking 2024. We are keenly focused on the vision, goals, and opportunities that lie ahead in the new year—some of which we are excited to share in much more detail soon. But, before we close the books on 2024, I wanted to take a moment to reflect on all that we accomplished over the last year with the support and partnership of the SafeBreach community.

SafeBreach Labs Researchers have developed a zero-click PoC exploit that crashes unpatched Windows Servers using the Windows Lightweight Directory Access Protocol (LDAP) remote code execution vulnerability. Active Directory Domain Controllers (DCs) are considered to be one of the crown jewels in organizational computer networks. Vulnerabilities found in DCs are usually much more critical than those found in usual workstations.

In this version of the Hacker’s Playbook Threat Coverage round-up, we highlight attack coverage for several new threats. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook to ensure coverage against these advanced threats. Additional details about the threats and our coverage can be seen below.

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for several new threats. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook to ensure coverage against these advanced threats.