The IT Nerd

Deepfake technology is increasingly being used in sophisticated fraud schemes, making it harder for individuals and businesses to distinguish real from fake. Scammers have used AI-generated voices to impersonate executives, leading to financial losses, while cybercriminals exploit deepfakes for identity theft and phishing attacks. Manipulated videos and AI-generated speeches can also be used to spread false information, particularly during elections or political events. With social media accelerating the spread of digital content, ensuring that news organizations and platforms can verify the authenticity of videos and images is more important than ever.

Businesses that rely on voice authentication and digital verification must now implement detection tools to protect sensitive data and prevent fraud. In industries such as banking, law enforcement, and cybersecurity, deepfake detection is crucial for preventing unauthorized access and maintaining secure authentication systems.

As a result, many organizations now use AI-powered tools to analyze biometric data, verify identities, and detect synthetic media before it can cause harm. As deepfake technology advances, having reliable detection solutions will be essential for maintaining trust and security in an increasingly AI-driven world.

Researchers at threat intelligence cybersecurity company SOCRadar have published a list of Top 10 AI Deepfake Detection Tools to Combat Digital Deception in 2025. This is worth your time to read.

Today, SOCRadar published an analysis on the Oracle E-Business Suite vulnerability. The flaw, already exploited in the wild, has been used in data theft and extortion attacks attributed to the Cl0p ransomware gang. As Oracle rushed out an emergency fix, the situation revealed a wider ecosystem of threat actors and exploit leaks that organizations must urgently address.

The analysis dives into what exactly this vulnerability is, who is impacted and how severe the risk is, who is behind the exploit — Cl0p — and what indicators of comprise organizations should look for. 

For full details, the analysis can be found here: https://socradar.io/cve-2025-61882-oracle-e-business-suite-exploited/

Today, SOCRadar researchers published an analysis looking at a recently revealed flaw in Fortra’s GoAnywhere MFT. 

This critical vulnerability in the platform’s License Servlet, tracked as CVE-2025-10035, could open the door to severe exploitation if left unpatched. With a maximum severity score, this issue demands immediate attention from administrators.

While at this time, there is no confirmed evidence of exploitation, history suggests that this risk is very real. GoAnywhere MFT was previously exploited through CVE-2023-0669; in these attacks, the Clop ransomware group claimed responsibility for breaching numerous organizations. That earlier flaw triggered a surge in ransomware incidents, making this newly disclosed CVE a prime candidate for future attacks.

The analysis reveals what exactly this CVE is, as well as its impact, and ideal mitigation steps for organizations at risk. 

For full details, the analysis can be found at this link: https://socradar.io/cve-2025-10035-goanywhere-mft-flaw-command-injection/

More than 700 organizations were affected by the recent Salesloft Drift Breach, one of the largest SaaS supply-chain breaches to date, including high-profile technology and security vendors such as Cloudflare, Zscaler, Palo Alto Networks, and PagerDuty. Investigators describe the incident as a “widespread supply-chain attack spree” targeting one of the most widely used SaaS integrations. Drift, acquired by Salesloft in 2024, integrates with customer systems such as Salesforce, Slack, and Google Workspace via OAuth tokens. Threat actors exploited this integration to steal authentication tokens and gain access to customer environments.

In a just-published blog post, threat intelligence company SOCRadar analyzes:

• How attackers got in/threat actor behind it
• Technical reasons behind it
• Type of info exposed/number of organizations affected
• How to determine if your company was affected
• How it compares to other supply chain attacks
• Steps should CISOs take to mitigate risks from this incident
• Indicators of Compromise (IOCs) related to Salesloft Drift breach

If you use Salesloft, this should be required reading: Salesloft Drift Breach: Everything You Need to Know 

Today, SOCRadar published its Europe Regional Threat Landscape Report. This research breaks down what exactly is happening since August 2024 when it comes to dark web, ransomware, and phishing. 

Key Takeaways Include:

• Finance and Insurance is the top exposed sector on the dark web with 14,08%, and when Commercial Banking and Crypto are added, total financial exposure reaches 22,8%. 

• Retail and e-commerce follow closely with 19,5%, confirming criminals’ focus on quick monetization. Selling dominates threat categories at 61,93%, while sharing stands at 24,34%, showing that over 70% of activity is trade-driven. 

• Data leaks remain the most common threat type at 58,23%, with access sales at 21,90%, meaning more than 80% of threats revolve around stolen information and entry points. 

• At the country level, France (5,62%), the UK (4,89%), and Germany (4,68%) lead in dark web targeting, while ransomware strikes are highest in the UK (22,94%), Germany (16,47%), and France (10,10%). 

• Ransomware activity is fragmented: Akira (8,7%), Qilin (8,1%), and RansomHub (6,8%) are visible, but smaller groups make up 76,4%. 

• Phishing shows a different pattern, with Bulgaria (24,26%) and Russia (21,06%) leading. 

• Information Services (19,77%), National Security & International Affairs (13,31%), and Banking (11,45%) are the main phishing targets.

• 73,44% of phishing sites use HTTPS, showing how attackers exploit encryption to build trust.

For full details, the Europe Regional Threat Landscape Report can be found at this link: https://socradar.io/wp-content/uploads/2025/08/Europe-Threat-Report.pdf

SOCRadar has released a new whitepaper diving deep into MCP (Model Context Protocol) Servers. MCP Servers are the new standard letting AI agents directly talk to security tools in one universal language.

The paper goes beyond the hype, covering:

• What MCP really is and why it’s a game-changer for SOCs, CISOs, and red/blue teams
• Real-world use cases including instant CVE lookups to complex incident response
• Security pitfalls like fake MCP servers, tool-poisoning, and supply chain risks
• Practical guidance with ready-to-deploy sample chains and code snippets

The full analysis can be found here: https://socradar.io/wp-content/uploads/2025/07/MCP-Servers-Everything-You-Need-to-Know.pdf

 SOCRadar today launched SOCRadar Agentic Threat Intelligence at Black Hat 2025. The new platform automates threat intelligence through the deployment of autonomous AI agents that proactively detect, analyze, and respond to external threats with minimal human intervention and unmatched speed and accuracy. 

Traditional threat intelligence is passive. It gives you data — like a weather forecast — but doesn’t act on it. It’s up to your team to interpret the risk and decide what to do. SOCRadar Agentic Threat Intelligence changes that. It works more like a smart irrigation system: it monitors the weather, checks the soil, and waters the plants only when needed. SOCRadar’s AI agents track threats, assess context, and trigger the right response — autonomously — leaving organizations more fully protected and supported. The platform delivers proactive, AI-driven insights that empower security teams to quickly detect, prioritize, and respond faster while reducing overhead. The platform doesn’t just collect data, it thinks, adapts, and enables real-time decision-making enabling organizations to stay one step ahead.

 The advantages of SOCRadar Agentic Threat Intelligence are:

• Diverse AI Agents: Delivers specialized agents targeting specific threats (e.g., phishing, brand abuse, credential leaks, and IP exposure).
• Modular Approach: Deploys only the agents needed along with unbundle capabilities for precise, cost‑effective protection.
• Autonomy & Flexibility: Allows the ability to mix and match agents in order to automate workflows and scale protection with minimal human intervention.
• Customizable Agents: Enables customization of agents to address an organization’s unique risk scenarios.
• First Cybersecurity AI Marketplace: Features the ability to browse, purchase, and manage agents all from one unified marketplace and dashboard.

In conjunction with the launch of its Agentic Threat Intelligence solution, SOCRadar is offering its first agentic workflow— Impersonating Domain Detection (link) — to the users of the Extended Threat Intelligence product. Benefits include:

• Reduced False Positive Rate: By allowing customers to fine-tune agent parameters and intervene at every step, the workflow minimizes incorrect flagging of legitimate domains, improving operational efficiency.
• Increased Accuracy: The combination of specialized agents ensures comprehensive analysis of both textual and visual elements, enhancing detection of sophisticated impersonation attempts.
• Customer-Centric Design: The workflow’s modular and configurable nature caters to diverse customer profiles, ensuring relevance and effectiveness for all customers.
• Enhanced Protection: New agents and customizable steps enable the system to adapt to evolving impersonation tactics, providing robust defense against emerging threats.
• Transparency and Control: Customers have complete visibility into the detection process and can adjust settings to align with their risk tolerance and business priorities.

SOCRadar continues to stay at the forefront of agentic threat intelligence. It recently launched its MCP Server, the first of its kind in the Threat Intelligence category. It also developed six specialized training programs focused on AI and Security, delivered AI for AI for Cybersecurity Training to over 2,000 professionals and is currently preparing to host AI for Cybersecurity Workshops in 25 countries.

SOCRadar has published a 2025 North American Threat Landscape Report looking at the critical cyber threats that are shaping North America’s digital environment. The research outlines major attack vectors, sector-specific threats, and dark web activities. 

Key insights include: 

1. Finance and Insurance Sectors at Highest Risk: Accounting for 12.11% of all incidents, this sector remains the most frequently targeted, reflecting its vast data and financial assets.
2. U.S. Dominates Cyber Targeting: The United States faced 82.15% of all regional cyber incidents, making it the primary focus of threat actors, especially in ransomware and phishing.
3. Ransomware Surge Led by PLAY Group: PLAY, RansomHub, and Akira top the list of active ransomware groups, with double-extortion tactics increasingly affecting public and private organizations.
4. Dark Web Exposure Escalates: Stolen data, unauthorized access sales, and compromised credentials dominate dark web listings—58.38% of all incidents involve selling sensitive digital assets.
5. Phishing Targets Public and Info Sectors: Public administration (18.75%) and information services (17.53%) lead phishing targets, with attackers mimicking trusted platforms and using HTTPS to deceive victims.
6. DDoS Attack Volume Alarming: Over 1.48 million DDoS attacks were recorded, with peak bandwidths exceeding 1857 Gbps, posing serious continuity threats.

The full report can be found here: https://socradar.io/wp-content/uploads/2025/07/North-America-Threat-Report.pdf

SOCRadar today launched its MCP Server to support its threat intelligence platform. MCP (Model Context Protocol) is a standardized interface that allows AI language models to securely connect with external data sources enabling AI assistants to access real-time information, interact with databases and APIs, and use various services while maintaining proper security boundaries.

As cybersecurity teams increasingly rely on AI agents for threat analysis and incident response, SOCRadar recognized the critical need for standardized, secure access to its extensive threat intelligence databases and security tools. SOCRadar’s MCP Server enables seamless integration between AI models and its platform, allowing security professionals to leverage AI capabilities while maintaining secure, controlled access to sensitive security data.

Leveraging SOCRadar’s threat intelligence data, AI-driven SOC teams will now be able to use AI agents to directly query SOCRadar’s threat intelligence feeds, perform automated threat hunting, and generate contextual security reports without switching between multiple interfaces.

The SOCRadar MCP server is not just another integration layer built by the company. Instead, the company specifically developed a way for security teams to talk to them like they would an analyst allowing the system to do the heavy lifting.

Here’s how it works:

1. No More Interface Overload. Just Ask. Cybersecurity teams no longer need to memorize SOCRadar’s UI or workflows. They just need to give a command and the MCP server will handle the rest. For example:

“Show me my critical assets exposed to the latest Citrix vulnerability.”

“Give me the top CVEs affecting my attack surface today.”

Behind the scenes, the MCP server interprets, executes, and delivers actionable answers. No clicks. No guesswork.

2. Instant Reports for CISOs and Analysts. Need a daily threat report, a geo-targeted actor profile or a vulnerability snapshot filtered by your environment? Just ask.

For example: “SOCRadar, create a report on threat actors targeting energy companies in the US over the past week.”

No templates or filters are required. The MCP server builds it dynamically — in just seconds.

3. Built for AI Agents and Autonomous System. Already using an AI-driven SOC platform or an internal AI agent?

The SOCRadar MCP server acts as a plug-and-play gateway to the company enabling systems to:

• Enrich IOCs on the fly
• Pull CVE intelligence
• Automate response actions
• Trigger custom playbooks

With SOCRadar’s MCP server, there’s no need to build brittle APIs. The agent just asks, and SOCRadar answers.

The Iran-Israel conflict illustrates how geopolitical tensions can trigger widespread cyber fallout, affecting allies, industries, and neutral nations alike. Organizations must prepare for spillover threats—including disinformation, hacktivist actions, and retaliatory cyberattacks—regardless of direct involvement

In its just-released Iran-Israel Conflict Threat Landscape Report, SOCRadar threat intelligence researchers analyzed over 600 unique cyberattack claims across 100+ Telegram channels revealing critical cyberattack patterns, geopolitical dynamics, and disinformation campaigns that are reshaping global cyber risk exposure.

Key Insights from the Iran-Israel Cyber Conflict:

• Surge in State-Sponsored and Hacktivist Activity: State-linked groups like Iran’s APT35 and Israel-associated Predatory Sparrow led aggressive cyber campaigns targeting critical infrastructure, media, finance, and telecommunications sectors.
• Massive Cyberattack Volume on Telegram: Over 600 cyberattack claims were reported across 100+ Telegram channels in just 15 days, marking an unprecedented level of hacktivist engagement.
• DDoS and Data Breaches Dominate: DDoS attacks, database leaks, and system defacements became key tactics. Israel faced over 440 attack claims, followed by the U.S., India, and Middle Eastern nations like Jordan and Saudi Arabia.
• Dark Web Exposure: Both nations saw spikes in dark web threats—51.9% of Israeli-targeted posts involved data leaks, while 80% of Iran-targeted posts were financially motivated.
• Disinformation and AI-Generated Content: Fake news, synthetic imagery, and manipulated video content proliferated, aiming to confuse civilians and destabilize perception on both sides of the conflict.

Other highlights include:

• Unique Dark Web Activity Comparison Between Iran and Israel:  SOCRadar tracked and compared dark web posts targeting both nations, distinguishing between politically motivated exposure (Israel) and financially driven data sales (Iran). This dual-focus perspective is rarely seen in competing reports.
• AI-Driven Disinformation Analysis with Visual Examples: The report includes a dedicated section exposing generative AI-powered fake news, images, and deepfake videos that circulated during the conflict. These are analyzed both visually and contextually, providing unmatched depth.
• Region-Specific Threat Assessments Across Three Continents: Beyond just Israel and Iran, the report covers cyber threats and spillover effects in the U.S., Europe, the Middle East, and South Asia—something largely absent in other threat intelligence coverage.
• Detailed Attribution of APTs and Hacktivist Groups: Instead of just focusing on a single APT group, SOCRadar profiles multiple threat actors (APT35, APT34, Predatory Sparrow, Cyber Av3ngers, etc.) with MITRE ATT&CK techniques, motivations, and cross-referenced dark web activity links.
• Real-Time Threat Statistics and Attack Trends: Temporal threat charts that show attack spikes in correlation with kinetic events—providing strategic insight into how digital threats evolve in wartime.

Even though there’s is a cessation to the fighting, it may start up again putting you at risk. Thus this is worth a few minutes to have a look at.