top of page

ALL POSTS

FortiBleed: Global Credential-Spraying Operation Uncovered Across Multiple Platforms

Key Findings Multi-operator crew conducted industrial-scale credential-spraying campaign against Fortinet FortiGate SSL VPN devices across 207 countries Campaign generated 1.16 billion login combinations against 320,777 FortiGate endpoints and 2.1 billion attempts against 163,650 MSSQL servers Operators used custom tools running up to 50,000 threads and a 45-way NVIDIA RTX 4090 GPU cluster for password cracking At least four organizations fully compromised, including a Turkis

Critical ArcGIS Account Recovery Vulnerability Exploited in Ongoing Attack Campaign

Key Findings Cybercriminals are actively exploiting ArcGIS Account Recovery configurations to breach customer environments right now Attackers bypass hardened primary login defenses by targeting weaker account recovery mechanisms instead Built-in application accounts with weak security questions or common usernames are primary targets Organizations using centralized identity providers instead of built-in accounts are protected from this specific threat Esri will release a sec

The Gentlemen's GentleKiller: How a Standardized EDR-Killer Framework Emerged as the New Ransomware Threat

Key Findings The Gentlemen ransomware operation has developed GentleKiller, a standardized EDR-killer suite distributed to affiliates before ransomware deployment GentleKiller exists in at least eight variants, each impersonating legitimate products and exploiting different vulnerable drivers via BYOVD technique The framework targets over 400 processes across 48 security products including CrowdStrike, SentinelOne, and Microsoft Defender The Gentlemen adopts newly disclosed e

Passwordless Phishing: How Attackers Hijack Microsoft 365 Through Device Code Authentication

Key Findings A sophisticated phishing-as-a-service kit called EvilTokens exploits Microsoft's legitimate OAuth 2.0 device authorization flow to hijack Microsoft 365 accounts without stealing passwords Attackers trick victims into entering a device code on a real Microsoft login page, which grants the attacker valid access tokens to the compromised account The attack bypasses traditional phishing detection methods by using genuine Microsoft authentication pages, eliminating fa

AutoJack Attack: Web Page Hijacking Enables AI Agent Host Code Execution

Key Findings Microsoft researchers discovered AutoJack, an exploit chain in AutoGen Studio that allows a single web page to execute arbitrary code on a developer's machine The vulnerability exists in the Model Context Protocol (MCP) WebSocket handler and requires no authentication, credentials, or user interaction beyond the agent loading a malicious URL Vulnerable pre-release builds 0.4.3.dev1 and 0.4.3.dev2 were shipped to PyPI, though the stable release 0.4.2.2 is unaffect

Global SocGholish Takedown: Nearly 15,000 WordPress Sites Cleaned in Major Operation

Key Findings Operation EndGame, a coordinated international law enforcement action, dismantled SocGholish infrastructure on June 18, 2026 106 servers and domains taken down globally; 14,971 compromised WordPress sites remediated Law enforcement from Netherlands, Canada, United States, and Germany executed the coordinated takedown with support from Europol SocGholish serves as initial access broker for major ransomware families including LockBit, RansomHub, and WastedLocker Be

eFAQ's Investigation Reveals Alleged Scam Operations and Coordinated Smear Campaign

Key Findings Dozens of coordinated fake accounts posted identical accusations against eFAQ across multiple platforms simultaneously, most created days before publishing and deleted shortly after Claims of hidden subscriptions and unauthorized billing were contradicted by eFAQ's actual checkout process, which displays terms multiple times and requires active consent Reddit moderators and platform enforcement teams independently removed the content and suspended accounts under

Gcore and Ucom Secure Armenia's Parliamentary Election Broadcast Infrastructure

Key Findings Gcore deployed Network Layer DDoS protection for Ucom's broadcast infrastructure during Armenia's 2026 parliamentary elections Protection was activated within one day through rapid technical coordination No DDoS-related disruptions occurred during the election period Deployment leveraged Gcore's distributed scrubbing capacity and geographic infrastructure across six continents Service remained fully available throughout the protected period Background Ucom is one

Microsoft Uncovers Windows Clipper Malware Campaign with USB Worm and Tor-Based Command & Control

Key Findings Windows-based clipper malware campaign active since February 2026 targets cryptocurrency wallets through USB-distributed LNK shortcut files Malware uses bundled Tor client with SOCKS5 proxy to communicate with hidden-service C2 servers, avoiding traditional IP-based infrastructure detection Attack chain involves worm component that replicates across USB drives by masking itself as legitimate documents like DOC, XLSX, and PDF files Clipper steals BIP39 seed phrase

DragonForce Ransomware Exploits Microsoft Teams Relays to Conceal Malicious Command-and-Control Traffic

Key Findings DragonForce ransomware operators deployed Backdoor.Turn, a custom Go-based remote access trojan that conceals command-and-control traffic within Microsoft Teams relay infrastructure This marks the first publicly documented abuse of Microsoft's TURN relay servers by threat actors Attackers maintained network access for one to two months while evading detection by routing malicious traffic through legitimate Microsoft servers The group employed sophisticated defens

Microsoft Confirms RoguePlanet Defender Zero-Day Vulnerability, Patch in Development

Key Findings Microsoft has formally acknowledged RoguePlanet, a privilege escalation zero-day in Microsoft Defender's Malware Protection Engine, assigned CVE-2026-50656 with a CVSS score of 7.8 The vulnerability exploits a race condition that can grant attackers SYSTEM-level privileges, and a patch is currently in development Security researcher Chaotic Eclipse released a working proof-of-concept that functions regardless of whether real-time protection is enabled or disabled

FortiBleed: Global Credential Breach Affects 73,932 Fortinet Firewalls Across 194 Countries

Key Findings FortiBleed campaign exposed valid login credentials for 73,932 Fortinet firewall URLs across 194 countries, affecting 21,632 unique domains Attackers conducted approximately 1.16 billion credential attempts against over 320,000 FortiGate targets using a self-feeding system Compromised organizations include Samsung, Oracle, Foxconn, Comcast, Siemens, Lenovo, Spotify, Sony, and numerous government and critical infrastructure entities The operation leverages previou

China-Linked FishMonger APT Deploys SprySOCKS Windows Backdoor With Kernel-Level Stealth and UEFI Bootkit Capabilities

Key Findings FishMonger, a China-linked APT group, has ported SprySOCKS backdoor to Windows with two new variants: WIN_DRV and WIN_PLUS WIN_DRV uses kernel drivers to hide network connections, processes, files, and registry keys from user-level detection tools WIN_PLUS exploits the Windows Print Spooler service to blend malicious activity into normal system operations Both variants were deployed against government targets in Honduras, Taiwan, Thailand, and Pakistan between 20

Heimdal Survey: Executive Overconfidence in AI Risk Management Outpaces Technical Team Concerns

Key Findings Executive confidence vastly outpaces frontline reality. In the US, 29% of C-suite and VP respondents say AI risk is under control versus only 7% of mid-level practitioners. The UK shows a similar pattern at 18% versus 11%. AI adoption has nearly doubled security readiness. Only about 40% of teams rate their security stack as prepared for AI-related threats. ChatGPT and Microsoft Copilot are already embedded across most organizations. ChatGPT runs in 72% of UK and

Phishing Attacks Surge Across Fortune 100: Employee Data Exposed at 86% of Companies

Key Findings 86% of Fortune 100 companies had employee data exposed through phishing attacks in the past 12 months 78% of large organizations experienced increased phishing volume over the past year 84% report AI-generated phishing attacks are becoming more prevalent or harder to defend against Phishing attacks now target enterprise users five times more frequently than malware infections Only 38% of organizations can confidently detect and respond to credential theft within

JetBrains IDE Plugins Caught Stealing AI API Keys and Sensitive Data

Key Findings 15 malicious plugins discovered on JetBrains Marketplace posing as AI coding assistants, active since October 2025 Nearly 70,000 combined downloads with top plugins exceeding 25,000 downloads each Plugins exfiltrate OpenAI, DeepSeek, and SiliconFlow API keys to attacker-controlled server over unencrypted HTTP Seven different seller accounts used to distribute the malicious extensions Fake five-star reviews added to increase perceived legitimacy Secondary monetiza

New Rokarolla Android Trojan Steals PINs and SMS Codes While Targeting 217 Banking and Crypto Apps

Key Findings Zimperium's zLabs identified a new Android banking trojan named Rokarolla that targets 217 cryptocurrency and banking applications The malware combines financial fraud with comprehensive device surveillance, featuring 137 remote commands for near-total phone control Attack begins through malicious websites distributing fake versions of popular apps like TikTok and Chrome Once installed, Rokarolla uses fake login overlays to steal credentials and manipulate transa

Developer Laptops Emerge as Prime Target for Credential Theft in 2026, GitGuardian Reports

Key Findings Developer laptops have become the primary attack vector for supply-chain compromises, with attackers harvesting plaintext credentials to move laterally into production systems and cloud infrastructure GitGuardian launched Developer Endpoint Protection to address a critical gap where existing endpoint detection and identity tools miss secrets stored at rest on developer workstations Beta testing revealed an average of 150 secrets per developer laptop, with private

AppViewX Introduces Agent Identity Security Platform for AI and Quantum Computing Governance

Key Findings AppViewX launched Agent Identity Security, a new platform capability for discovering, governing, and monitoring AI agents across enterprises The solution combines AI agent governance with native PKI infrastructure, addressing ungoverned AI agents as a major security blind spot Two converging threats are forcing enterprise rethinking: rapid AI agent proliferation with minimal oversight and quantum computing threats to current cryptography Agent Identity Security p

Aembit Expands Identity Management Capabilities for AI Agents Across Microsoft Copilot Studio Platform

Key Findings Aembit announced integration with Microsoft Copilot Studio to extend identity and access management capabilities for AI agents Integration addresses critical security gap where agents access sensitive systems with static, broadly scoped credentials and no centralized oversight Platform issues ephemeral credentials scoped to specific tasks rather than persistent standing access Every access decision is logged for compliance review and incident investigation Integr

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page