top of page
ALL POSTS
FortiBleed: Global Credential-Spraying Operation Uncovered Across Multiple Platforms
Key Findings Multi-operator crew conducted industrial-scale credential-spraying campaign against Fortinet FortiGate SSL VPN devices across 207 countries Campaign generated 1.16 billion login combinations against 320,777 FortiGate endpoints and 2.1 billion attempts against 163,650 MSSQL servers Operators used custom tools running up to 50,000 threads and a 45-way NVIDIA RTX 4090 GPU cluster for password cracking At least four organizations fully compromised, including a Turkis
Jun 212 min read
Critical ArcGIS Account Recovery Vulnerability Exploited in Ongoing Attack Campaign
Key Findings Cybercriminals are actively exploiting ArcGIS Account Recovery configurations to breach customer environments right now Attackers bypass hardened primary login defenses by targeting weaker account recovery mechanisms instead Built-in application accounts with weak security questions or common usernames are primary targets Organizations using centralized identity providers instead of built-in accounts are protected from this specific threat Esri will release a sec
Jun 202 min read
The Gentlemen's GentleKiller: How a Standardized EDR-Killer Framework Emerged as the New Ransomware Threat
Key Findings The Gentlemen ransomware operation has developed GentleKiller, a standardized EDR-killer suite distributed to affiliates before ransomware deployment GentleKiller exists in at least eight variants, each impersonating legitimate products and exploiting different vulnerable drivers via BYOVD technique The framework targets over 400 processes across 48 security products including CrowdStrike, SentinelOne, and Microsoft Defender The Gentlemen adopts newly disclosed e
Jun 203 min read
Passwordless Phishing: How Attackers Hijack Microsoft 365 Through Device Code Authentication
Key Findings A sophisticated phishing-as-a-service kit called EvilTokens exploits Microsoft's legitimate OAuth 2.0 device authorization flow to hijack Microsoft 365 accounts without stealing passwords Attackers trick victims into entering a device code on a real Microsoft login page, which grants the attacker valid access tokens to the compromised account The attack bypasses traditional phishing detection methods by using genuine Microsoft authentication pages, eliminating fa
Jun 204 min read
AutoJack Attack: Web Page Hijacking Enables AI Agent Host Code Execution
Key Findings Microsoft researchers discovered AutoJack, an exploit chain in AutoGen Studio that allows a single web page to execute arbitrary code on a developer's machine The vulnerability exists in the Model Context Protocol (MCP) WebSocket handler and requires no authentication, credentials, or user interaction beyond the agent loading a malicious URL Vulnerable pre-release builds 0.4.3.dev1 and 0.4.3.dev2 were shipped to PyPI, though the stable release 0.4.2.2 is unaffect
Jun 203 min read
Global SocGholish Takedown: Nearly 15,000 WordPress Sites Cleaned in Major Operation
Key Findings Operation EndGame, a coordinated international law enforcement action, dismantled SocGholish infrastructure on June 18, 2026 106 servers and domains taken down globally; 14,971 compromised WordPress sites remediated Law enforcement from Netherlands, Canada, United States, and Germany executed the coordinated takedown with support from Europol SocGholish serves as initial access broker for major ransomware families including LockBit, RansomHub, and WastedLocker Be
Jun 193 min read
eFAQ's Investigation Reveals Alleged Scam Operations and Coordinated Smear Campaign
Key Findings Dozens of coordinated fake accounts posted identical accusations against eFAQ across multiple platforms simultaneously, most created days before publishing and deleted shortly after Claims of hidden subscriptions and unauthorized billing were contradicted by eFAQ's actual checkout process, which displays terms multiple times and requires active consent Reddit moderators and platform enforcement teams independently removed the content and suspended accounts under
Jun 193 min read
Gcore and Ucom Secure Armenia's Parliamentary Election Broadcast Infrastructure
Key Findings Gcore deployed Network Layer DDoS protection for Ucom's broadcast infrastructure during Armenia's 2026 parliamentary elections Protection was activated within one day through rapid technical coordination No DDoS-related disruptions occurred during the election period Deployment leveraged Gcore's distributed scrubbing capacity and geographic infrastructure across six continents Service remained fully available throughout the protected period Background Ucom is one
Jun 192 min read
Microsoft Uncovers Windows Clipper Malware Campaign with USB Worm and Tor-Based Command & Control
Key Findings Windows-based clipper malware campaign active since February 2026 targets cryptocurrency wallets through USB-distributed LNK shortcut files Malware uses bundled Tor client with SOCKS5 proxy to communicate with hidden-service C2 servers, avoiding traditional IP-based infrastructure detection Attack chain involves worm component that replicates across USB drives by masking itself as legitimate documents like DOC, XLSX, and PDF files Clipper steals BIP39 seed phrase
Jun 183 min read
DragonForce Ransomware Exploits Microsoft Teams Relays to Conceal Malicious Command-and-Control Traffic
Key Findings DragonForce ransomware operators deployed Backdoor.Turn, a custom Go-based remote access trojan that conceals command-and-control traffic within Microsoft Teams relay infrastructure This marks the first publicly documented abuse of Microsoft's TURN relay servers by threat actors Attackers maintained network access for one to two months while evading detection by routing malicious traffic through legitimate Microsoft servers The group employed sophisticated defens
Jun 183 min read
Microsoft Confirms RoguePlanet Defender Zero-Day Vulnerability, Patch in Development
Key Findings Microsoft has formally acknowledged RoguePlanet, a privilege escalation zero-day in Microsoft Defender's Malware Protection Engine, assigned CVE-2026-50656 with a CVSS score of 7.8 The vulnerability exploits a race condition that can grant attackers SYSTEM-level privileges, and a patch is currently in development Security researcher Chaotic Eclipse released a working proof-of-concept that functions regardless of whether real-time protection is enabled or disabled
Jun 182 min read
FortiBleed: Global Credential Breach Affects 73,932 Fortinet Firewalls Across 194 Countries
Key Findings FortiBleed campaign exposed valid login credentials for 73,932 Fortinet firewall URLs across 194 countries, affecting 21,632 unique domains Attackers conducted approximately 1.16 billion credential attempts against over 320,000 FortiGate targets using a self-feeding system Compromised organizations include Samsung, Oracle, Foxconn, Comcast, Siemens, Lenovo, Spotify, Sony, and numerous government and critical infrastructure entities The operation leverages previou
Jun 184 min read
China-Linked FishMonger APT Deploys SprySOCKS Windows Backdoor With Kernel-Level Stealth and UEFI Bootkit Capabilities
Key Findings FishMonger, a China-linked APT group, has ported SprySOCKS backdoor to Windows with two new variants: WIN_DRV and WIN_PLUS WIN_DRV uses kernel drivers to hide network connections, processes, files, and registry keys from user-level detection tools WIN_PLUS exploits the Windows Print Spooler service to blend malicious activity into normal system operations Both variants were deployed against government targets in Honduras, Taiwan, Thailand, and Pakistan between 20
Jun 173 min read
Heimdal Survey: Executive Overconfidence in AI Risk Management Outpaces Technical Team Concerns
Key Findings Executive confidence vastly outpaces frontline reality. In the US, 29% of C-suite and VP respondents say AI risk is under control versus only 7% of mid-level practitioners. The UK shows a similar pattern at 18% versus 11%. AI adoption has nearly doubled security readiness. Only about 40% of teams rate their security stack as prepared for AI-related threats. ChatGPT and Microsoft Copilot are already embedded across most organizations. ChatGPT runs in 72% of UK and
Jun 173 min read
Phishing Attacks Surge Across Fortune 100: Employee Data Exposed at 86% of Companies
Key Findings 86% of Fortune 100 companies had employee data exposed through phishing attacks in the past 12 months 78% of large organizations experienced increased phishing volume over the past year 84% report AI-generated phishing attacks are becoming more prevalent or harder to defend against Phishing attacks now target enterprise users five times more frequently than malware infections Only 38% of organizations can confidently detect and respond to credential theft within
Jun 172 min read
JetBrains IDE Plugins Caught Stealing AI API Keys and Sensitive Data
Key Findings 15 malicious plugins discovered on JetBrains Marketplace posing as AI coding assistants, active since October 2025 Nearly 70,000 combined downloads with top plugins exceeding 25,000 downloads each Plugins exfiltrate OpenAI, DeepSeek, and SiliconFlow API keys to attacker-controlled server over unencrypted HTTP Seven different seller accounts used to distribute the malicious extensions Fake five-star reviews added to increase perceived legitimacy Secondary monetiza
Jun 173 min read
New Rokarolla Android Trojan Steals PINs and SMS Codes While Targeting 217 Banking and Crypto Apps
Key Findings Zimperium's zLabs identified a new Android banking trojan named Rokarolla that targets 217 cryptocurrency and banking applications The malware combines financial fraud with comprehensive device surveillance, featuring 137 remote commands for near-total phone control Attack begins through malicious websites distributing fake versions of popular apps like TikTok and Chrome Once installed, Rokarolla uses fake login overlays to steal credentials and manipulate transa
Jun 173 min read
Developer Laptops Emerge as Prime Target for Credential Theft in 2026, GitGuardian Reports
Key Findings Developer laptops have become the primary attack vector for supply-chain compromises, with attackers harvesting plaintext credentials to move laterally into production systems and cloud infrastructure GitGuardian launched Developer Endpoint Protection to address a critical gap where existing endpoint detection and identity tools miss secrets stored at rest on developer workstations Beta testing revealed an average of 150 secrets per developer laptop, with private
Jun 163 min read
AppViewX Introduces Agent Identity Security Platform for AI and Quantum Computing Governance
Key Findings AppViewX launched Agent Identity Security, a new platform capability for discovering, governing, and monitoring AI agents across enterprises The solution combines AI agent governance with native PKI infrastructure, addressing ungoverned AI agents as a major security blind spot Two converging threats are forcing enterprise rethinking: rapid AI agent proliferation with minimal oversight and quantum computing threats to current cryptography Agent Identity Security p
Jun 162 min read
Aembit Expands Identity Management Capabilities for AI Agents Across Microsoft Copilot Studio Platform
Key Findings Aembit announced integration with Microsoft Copilot Studio to extend identity and access management capabilities for AI agents Integration addresses critical security gap where agents access sensitive systems with static, broadly scoped credentials and no centralized oversight Platform issues ephemeral credentials scoped to specific tasks rather than persistent standing access Every access decision is logged for compliance review and incident investigation Integr
Jun 162 min read
bottom of page
