LIVETHREAT INTELLIGENCE
NVD/NISTCVE-2025-29927 β€” Next.js Middleware Auth Bypass Β· All versions <15.2.3 affectedCRITICAL 9.1β—†AlienVault OTXAPT29 (Cozy Bear) β€” Active Spear-Phishing Campaign Targeting NATO DiplomatsCRITICAL 9.3β—†Recorded FutureCl0p Ransomware β€” MOVEit-style Campaign Targeting MFT Solutions GloballyCRITICAL 9.5β—†Shodan22,000+ Redis Instances Exposed on Port 6379 β€” No Auth β€” Cryptominer RiskHIGH 8.9β—†VirusTotalCVE-2025-21298 β€” Windows OLE Remote Code Execution Β· CISA KEV Catalog AddedCRITICAL 9.8β—†Censys14,500+ Exposed Kubernetes API Servers Detected β€” Anonymous Access EnabledHIGH 8.7β—†AlienVault OTXFIN7 Carbanak Group β€” New JavaScript Backdoor Targeting Retail POS SystemsHIGH 8.4β—†NVD/NISTCVE-2025-24813 β€” Apache Tomcat RCE via Partial PUT Β· Exploit Code PublicCRITICAL 9.8β—†Recorded FutureDark Web Auction: 2.1M U.S. Healthcare Records Listed Β· PII + Insurance DataHIGH 8.1β—†VirusTotalLumma Stealer v4.1 β€” New Evasion Bypass for Windows Defender SmartScreenHIGH 8.6β—†NVD/NISTCVE-2025-30065 β€” Apache Parquet RCE via Schema Parsing Β· CVSS Maximum ScoreCRITICAL 10.0β—†Recorded FutureSalt Typhoon (China) β€” Telco Backdoors Persist in 3 U.S. Carriers Post-DisclosureCRITICAL 9.2β—†VirusTotalDragonForce Ransomware β€” New Affiliate Program Attracting LockBit DefectorsHIGH 8.5β—†ShodanCitrix NetScaler Bleed (CVE-2023-4966) β€” 4,800 Unpatched Hosts Still ExploitableCRITICAL 9.4β—†CensysIvanti Connect Secure 0-Day Chain β€” Nation-State Actor Exploitation ConfirmedCRITICAL 9.0β—†AlienVault OTXBEC Surge Q1 2026 β€” $3.1B in Wire Fraud Β· AI Voice Cloning in UseHIGH 7.9β—†NVD/NISTCVE-2025-29927 β€” Next.js Middleware Auth Bypass Β· All versions <15.2.3 affectedCRITICAL 9.1β—†AlienVault OTXAPT29 (Cozy Bear) β€” Active Spear-Phishing Campaign Targeting NATO DiplomatsCRITICAL 9.3β—†Recorded FutureCl0p Ransomware β€” MOVEit-style Campaign Targeting MFT Solutions GloballyCRITICAL 9.5β—†Shodan22,000+ Redis Instances Exposed on Port 6379 β€” No Auth β€” Cryptominer RiskHIGH 8.9β—†VirusTotalCVE-2025-21298 β€” Windows OLE Remote Code Execution Β· CISA KEV Catalog AddedCRITICAL 9.8β—†Censys14,500+ Exposed Kubernetes API Servers Detected β€” Anonymous Access EnabledHIGH 8.7β—†AlienVault OTXFIN7 Carbanak Group β€” New JavaScript Backdoor Targeting Retail POS SystemsHIGH 8.4β—†NVD/NISTCVE-2025-24813 β€” Apache Tomcat RCE via Partial PUT Β· Exploit Code PublicCRITICAL 9.8β—†Recorded FutureDark Web Auction: 2.1M U.S. Healthcare Records Listed Β· PII + Insurance DataHIGH 8.1β—†VirusTotalLumma Stealer v4.1 β€” New Evasion Bypass for Windows Defender SmartScreenHIGH 8.6β—†NVD/NISTCVE-2025-30065 β€” Apache Parquet RCE via Schema Parsing Β· CVSS Maximum ScoreCRITICAL 10.0β—†Recorded FutureSalt Typhoon (China) β€” Telco Backdoors Persist in 3 U.S. Carriers Post-DisclosureCRITICAL 9.2β—†VirusTotalDragonForce Ransomware β€” New Affiliate Program Attracting LockBit DefectorsHIGH 8.5β—†ShodanCitrix NetScaler Bleed (CVE-2023-4966) β€” 4,800 Unpatched Hosts Still ExploitableCRITICAL 9.4β—†CensysIvanti Connect Secure 0-Day Chain β€” Nation-State Actor Exploitation ConfirmedCRITICAL 9.0β—†AlienVault OTXBEC Surge Q1 2026 β€” $3.1B in Wire Fraud Β· AI Voice Cloning in UseHIGH 7.9β—†
Our Services

Enterprise-Grade Cybersecurity Services

From simulated adversarial attacks to board-level risk reporting β€” HorizonShield delivers a unified security operations suite that anticipates threats, contains breaches, and strengthens every layer of your posture.

Request Consultation Free Pilot Program
Service 01

Penetration Testing

Our certified ethical hackers simulate real-world attacks against your systems before malicious actors do. We find the vulnerabilities so you can fix them first.

β†’Network Penetration Testing
β†’Web Application Testing
β†’API Security Testing
β†’Mobile App Testing
β†’Cloud Infrastructure Testing
β†’Social Engineering
β†’Red Team Operations
β†’Purple Team Exercises
Request Penetration Test β†’
nmap β€” reconnaissance
$ nmap -sV -sC -p- target.horizonshield.net
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.9
80/tcp open http nginx 1.24
443/tcp open https nginx 1.24
3389/tcp open ms-wbt-server ← EXPOSED RDP!
Scan complete: 4 hosts up, 6 vulnerabilities found
98%
Client Satisfaction
72h
Report Delivery
500+
Systems Tested
OSCP
Certified Team
Service 02

Threat Intelligence

Real-time intelligence on APT campaigns, Zero-Days, and indicators of compromise β€” tailored to your industry.

πŸ“‘
Dark Web Monitoring

24/7 monitoring for leaked credentials and brand mentions

🎯
Targeted Threat Profiles

Custom profiles for APT groups targeting your sector

πŸ“Š
Weekly Intel Reports

Actionable briefings with IOCs, TTPs, and remediation

πŸ””
Real-Time Alerts

Immediate notifications when your assets appear in threat feeds

View Intel Dashboard β†’
Live Threat Feed Preview
πŸ”΄
CRITICALCVE-2025-0847 β€” Windows Kernel RCE
CVSS 9.8 Β· Actively exploited
🟠
HIGHLockBit 3.0 Campaign β€” Financial Sector
New IOCs: 47.91.x.x range
🟑
MEDIUMPhishing Surge β€” Microsoft 365
3,200% increase in attempts
Service 03

Incident Response

When a breach occurs, every minute counts. Our 24/7 team activates immediately β€” containing the threat, preserving evidence, and restoring operations.

🚨
Identification
πŸ”’
Containment
πŸ—‘οΈ
Eradication
πŸ”„
Recovery
πŸ“‹
Reporting
πŸ›‘οΈ
Hardening

Response SLAs

Critical Breach / Ransomware< 1 hour
Data Exfiltration in Progress< 2 hours
Malware Detection< 4 hours
Post-Incident Forensics< 24 hours
Full Investigation Report< 72 hours
24/7/365 Emergency
[email protected]
Service 04

Security Consulting & vCISO

πŸ—ΊοΈ

Security Roadmap

Custom 12-24 month roadmap aligned to your business objectives and risk tolerance.

πŸ—οΈ

Architecture Review

Comprehensive review identifying gaps and recommending controls for your environment.

πŸ‘€

Virtual CISO (vCISO)

Part-time CISO service providing strategic leadership at a fraction of FTE cost.

🎯

Risk Assessment

Quantitative risk assessment using NIST, ISO 27001, and CIS Controls.

πŸ“Š

Security Program Dev

Build a world-class security program from policies and procedures to metrics.

🀝

M&A Due Diligence

Technical security due diligence for mergers and acquisitions.

Service 05

Compliance & Audit Services

SOC 2
Type I & II
ISO 27001
Certification
PCI-DSS
v4.0
HIPAA
Healthcare
GDPR
EU/UK
NIST CSF
Framework
FedRAMP
Government
CCPA
California

Ready to Strengthen Your Security Posture?

Start with a free 30-minute consultation. No commitment required.

Free Consultation 30-Day Free Pilot