top of page
ALL POSTS
Critical ArcGIS Account Recovery Vulnerability Exploited in Ongoing Attack Campaign
Key Findings Cybercriminals are actively exploiting ArcGIS Account Recovery configurations to breach customer environments right now Attackers bypass hardened primary login defenses by targeting weaker account recovery mechanisms instead Built-in application accounts with weak security questions or common usernames are primary targets Organizations using centralized identity providers instead of built-in accounts are protected from this specific threat Esri will release a sec
Jun 202 min read
AutoJack Attack: Web Page Hijacking Enables AI Agent Host Code Execution
Key Findings Microsoft researchers discovered AutoJack, an exploit chain in AutoGen Studio that allows a single web page to execute arbitrary code on a developer's machine The vulnerability exists in the Model Context Protocol (MCP) WebSocket handler and requires no authentication, credentials, or user interaction beyond the agent loading a malicious URL Vulnerable pre-release builds 0.4.3.dev1 and 0.4.3.dev2 were shipped to PyPI, though the stable release 0.4.2.2 is unaffect
Jun 203 min read
FortiBleed: Global Credential Breach Affects 73,932 Fortinet Firewalls Across 194 Countries
Key Findings FortiBleed campaign exposed valid login credentials for 73,932 Fortinet firewall URLs across 194 countries, affecting 21,632 unique domains Attackers conducted approximately 1.16 billion credential attempts against over 320,000 FortiGate targets using a self-feeding system Compromised organizations include Samsung, Oracle, Foxconn, Comcast, Siemens, Lenovo, Spotify, Sony, and numerous government and critical infrastructure entities The operation leverages previou
Jun 184 min read
Phishing Attacks Surge Across Fortune 100: Employee Data Exposed at 86% of Companies
Key Findings 86% of Fortune 100 companies had employee data exposed through phishing attacks in the past 12 months 78% of large organizations experienced increased phishing volume over the past year 84% report AI-generated phishing attacks are becoming more prevalent or harder to defend against Phishing attacks now target enterprise users five times more frequently than malware infections Only 38% of organizations can confidently detect and respond to credential theft within
Jun 172 min read
Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Bypass Flaw (CVE-2026-0257)
Key Findings CVE-2026-0257 is an authentication bypass vulnerability in Palo Alto Networks PAN-OS affecting GlobalProtect portals and gateways Active exploitation confirmed by Rapid7 starting May 17, 2026, with two distinct attack waves originating from different hosting providers Vulnerability allows attackers to forge authentication cookies and bypass VPN access controls without credentials CISA added the flaw to its Known Exploited Vulnerabilities catalog in early June, re
Jun 153 min read
FBI dismantles massive China-based cybercrime network responsible for $1.9B in losses
Key Findings FBI, Google, and Lumen Technologies dismantled Outsider, a China-based cybercrime network responsible for $1.9 billion in losses across 55 countries Operation Ghost Hook seized multiple domains, admin servers, a Shopify storefront, approximately $100,000 from payment wallets, and thousands of domains Outsider provided phishing kits as a subscription service starting at $88 per week, enabling criminals to target hundreds of thousands of victims The network used AI
Jun 132 min read
ServiceNow Security Incident Exposes Customer Data and Unauthorized Access
Key Findings ServiceNow applied a security update on June 5, 2026 to address an unauthenticated access vulnerability affecting hosted customer instances The flaw allowed unauthorized users to gain elevated access to ServiceNow instances and query customer data Evidence shows successful data access occurred for a subset of customers between June 2-4, 2026 The vulnerability stems from an API endpoint configuration that did not require authentication Community reports allege Ser
Jun 103 min read
Veeam Backup & Replication RCE Vulnerability Allows Domain Users to Execute Remote Code on Servers
Key Findings Critical remote code execution vulnerability (CVE-2026-44963, CVSS 9.4) in Veeam Backup & Replication allows authenticated domain users to execute arbitrary code on backup servers Affects all Veeam Backup & Replication version 12.x builds up to 12.3.2.4465 Patched in version 12.3.2.4854; version 13.x unaffected due to architectural changes Discovered by watchTowr researcher Sina Kheirkhah No known in-the-wild exploitation at this time, but attacks likely to follo
Jun 102 min read
Microsoft Patch Tuesday June 2026: 206 Vulnerabilities and Security Updates
Key Findings Microsoft released 206 vulnerabilities in June 2026 Patch Tuesday, the largest monthly batch on record 32 vulnerabilities marked as critical, with 28 being remote code execution flaws 4 critical vulnerabilities flagged as more likely to be exploited in active attacks 23 critical vulnerabilities assessed as less likely to be exploited but still pose significant risk 3 vulnerabilities were publicly known but not yet exploited at time of release Affected products sp
Jun 94 min read
Operation FlutterBridge: macOS Backdoor Campaign Leverages Fake Google Ads and Targeted Distribution
Key Findings Operation FlutterBridge is a sophisticated malvertising campaign targeting macOS users since late 2025, evolving from basic adware into a dangerous backdoor called FlutterShell Threat actors use fake shell companies to purchase verified Google and YouTube ads, bypassing security filters through artificial aging and legitimate developer credentials The malware masquerades as productivity tools including Podcasts Lounge, PDF-Brain, and PDF-Ninja, with three distinc
Jun 83 min read
Meta's Account Recovery Tool Vulnerability Exposes 20,000+ Instagram Users to Unauthorized Password Resets
Key Findings Meta's AI-powered Instagram account recovery tool, known as High Touch Support (HTS), contained a critical flaw that exposed over 20,000 accounts to unauthorized password resets The vulnerability existed for approximately seven weeks, from April 17 to early June 2026, before Meta discovered it on May 31 The flaw allowed attackers to request password reset links for any Instagram account and have them sent to email addresses they controlled, bypassing identity ver
Jun 84 min read
WordPress Malware Hides C2 Instructions in Steam Profile Comments
Key Findings New malware campaign discovered on approximately 1,980 WordPress sites using Steam Community profile comments to store encoded command-and-control instructions Malware uses invisible Unicode characters hidden within visible Steam profile comments to deliver payloads, making detection difficult Infected sites load external malicious JavaScript and contain a server-side backdoor capable of modifying PHP files for persistent access Campaign first detected in July 20
Jun 23 min read
Hackers Exploited Meta's AI Support Bot to Compromise Instagram Accounts
Key Findings Meta's AI support assistant was exploited to hijack high-profile Instagram accounts including the Obama White House account and U.S. Space Force Chief Master Sergeant account over the weekend of May 31 Hackers used a VPN to spoof location, then tricked the AI bot into adding unauthorized email addresses to target accounts and resetting passwords The exploit bypassed two-factor authentication entirely and was defeated only by accounts with multi-factor authenticat
Jun 23 min read
Massive 17 Million Device Botnet Successfully Dismantled by Dutch Authorities
Key Findings Dutch authorities dismantled a botnet comprising at least 17 million infected devices across computers, tablets, and smartphones Police seized over 200 servers hosted within the Netherlands that controlled the botnet infrastructure The operation was linked to ASOCKS, a Russia-based residential proxy service used for criminal activities A security researcher's report to the National Cyber Security Centre (NCSC) triggered the investigation The botnet was taken offl
May 302 min read
Signal Users Targeted in Coordinated Phishing Campaign to Steal Backup Recovery Keys
Key Findings Attackers are conducting a coordinated phishing campaign targeting Signal users by impersonating Signal Support via text messages The campaign specifically seeks backup recovery keys, which decrypt entire message archives stored on Signal's servers, not just future communications Journalists, activists, and human rights workers are confirmed targets, with reports of campaigns against Chinese activists and German officials A 64-character recovery key grants access
May 303 min read
PAN-OS GlobalProtect Authentication Bypass Vulnerability Under Active Exploitation in the Wild
Key Findings CVE-2026-0257 is an authentication bypass vulnerability actively exploited in the wild against Palo Alto Networks PAN-OS appliances Threat actors can forge valid VPN authentication cookies without credentials if specific certificate configurations exist CISA added this flaw to the Known Exploited Vulnerabilities catalog due to active exploitation campaigns A single threat actor orchestrated at least two waves of attacks starting May 17, 2026, successfully obtaini
May 303 min read
Critical FortiClient EMS Vulnerability Exploited in Active Campaign Delivering EKZ Infostealer
Key Findings Threat actors are actively exploiting CVE-2026-35616, a critical FortiClient EMS vulnerability with a CVSS score of 9.1, to deploy credential-stealing malware across enterprise networks Attackers abuse legitimate FortiClient management pathways to push malicious PowerShell commands, evading traditional network monitoring solutions A new infostealer payload named EKZ Infostealer masquerades as vendor software updates and extracts credentials from Chrome and Firefo
May 283 min read
Critical Flaw Found in Langflow AI's Architecture
Key Findings Critical vulnerability CVE-2026-7524 in Langflow OSS framework allows arbitrary file reading and remote code execution with CVSS score of 9.8 Flaw exploits symlink handling in archive extraction across Docling, Docling Serve, and Unstructured API modules Attackers can steal JWT secrets, forge authorization tokens, and execute arbitrary Python code through chatbot queries Affects versions 1.0.0 through 1.9.1; patch available in version 1.9.2 Separate critical vuln
May 283 min read
Cloud Under Siege: P2Pinfect Botnet Threats Targeting Kubernetes Infrastructure
Key Findings FortiGuard Labs identified persistent P2Pinfect botnet activity within Google Kubernetes Engine clusters targeting multiple enterprise clients One network compromise persisted for six months, demonstrating advanced operational dedication Initial infections originated from exposed Redis instances requiring no complex exploitation, only basic misconfigurations P2Pinfect uses peer-to-peer mesh architecture written in Rust, eliminating single points of failure and de
May 253 min read
Global Law Enforcement Dismantles First VPN Used by 25 Ransomware Groups in Historic Takedown
Key Findings First VPN Service, a criminal VPN operating since 2014, was dismantled in a coordinated international operation led by France and the Netherlands At least 25 ransomware groups used the service to conduct attacks, including network reconnaissance, data theft, fraud, and denial-of-service operations The takedown involved 16 countries and resulted in the seizure of 33 servers across 27 countries and the shutdown of associated domains First VPN marketed itself specif
May 223 min read
bottom of page
