WithSecure™ Labs: With great research comes great responsibility

Research, development, updates and tooling you can use.

WithSecure_abstract_blue1

Our Publication

Read all publications
April 28, 2025
SAP NetWeaver CVE-2025-31324 Exploitation

WithSecure detected an attack that first began with the exploitation of CVE-2025-31324 in March 2025, suggesting that this vulnerability has been known to criminals and exploited for some time. 

Read more

April 28, 2025
Leveraging EDR Behavioral Data for Zero-Day Vulnerability Discovery and Triage of Known Vulnerabilities

At WithSecure, we have the benefit of a comprehensive set of capabilities, allowing us to conduct research on how to better integrate our various services. One such topic has been the use of behavioral information provided by Endpoint Detection and Response (EDR) to detect potential privilege escalation vulnerabilities. 

Read more

April 28, 2025
CrazyHunter: The Rising Threat of Open-Source Ransomware

A ransomware attack on the Mackay Memorial hospital in Taiwan is the latest example of a growing number of incidents revolving around publicly available, offensive tools and code that threat actors are utilizing. The ransomware encryptor used in this incident, dubbed “CrazyHunter”, was built using a ransomware builder called “Prince Ransomware” which was publicly available on GitHub. WithSecure has observed a growing number of actors employing this specific ransomware builder in ransomware attacks.

Read more

April 28, 2025
Cyber Threat Landscape – European Mid Market 2025

Tim West, WithSecure’s Director, Threat Intelligence & Outreach, takes a deep dive in to the cyber threat landscape of the European mid-market, in order to discover what we should expect over the course of this year and where the key battlegrounds will be fought in 2025.   

Read more

April 28, 2025
CloudWatch Dashboard (Over)Sharing

How bugs in Amazon CloudWatch and Cognito allowed attackers to see beyond Dashboards.

Read more

April 28, 2025
Multi-Chain Prompt Injection Attacks

We introduce a prompt injection technique called multi-chain prompt injection, that targets modern LLM application workflows based on multiple LLM chains. To help testers experiment with this technique, we also release a sample app (https://github.com/WithSecureLabs/workout-planner) and a public CTF challenge (https://myllmdoc.com).

Read more

Latest Threat Highlights

Discover all highlights

New Advisories

Find out all advisories

Featured Tools

Check out all tools