Key TakeawaysActive Exploitation: Attackers abused FortiCloud SSO trust to access unrelated customer devices using valid FortiCloud accounts.Emergency Mitigation: Fortinet temporarilyโฆ
News
Key TakeawaysSurfshark infrastructure security audit: Independent SecuRing audit found no critical flaws and confirmed strong protection against real-world cyber threats.Real-worldโฆ
Unathi Thosago โ Parliament of South Africa Unathi Thosago has been appointed chief information officer of South Africaโs Parliament, assumingโฆ
Key TakeawaysContract Termination: The U.S. Treasury canceled all 31 active contracts with Booz Allen Hamilton, due to failures to protectโฆ
Cybercrime leaves no hiding place. In Athens, police dismantled a mobile base station operating from a car that made cyberโฆ
Key TakeawaysOperational Error: A security failure exposed the INC ransomware group infrastructure, containing data exfiltrated from multiple victims.Data Recovery: Cybersecurityโฆ
Key TakeawaysService Impact: A significant outage is preventing enterprise customers in North America from accessing core services like Exchange Online,โฆ
Key TakeawaysTargeted Doxing: A hacker using the alias "Vindex" has leaked the alleged personal data of senior officials from Spainโsโฆ
Key TakeawaysVishing Tactic: Sophisticated voice-based social engineering attacks combined with real-time phishing kits to target employees and steal Okta SSOโฆ
Key TakeawaysUK VPN consultation: Government launches review as Lords vote to ban VPNs for under-18s.House of Lords decision: Peers backโฆ
Key TakeawaysSurfshark Android support update: Ends app updates for Android 5; Android 6+ devices remain fully supported.Reason for change: Olderโฆ
Key TakeawaysOpportunistic Threats: An increase in Venezuela-related domain registrations indicates that actors aim to exploit geopolitical uncertainty for financial fraudโฆ
Key TakeawaysUrgency Tactic: Attackers are impersonating LastPass in emails, falsely claiming imminent maintenance to pressure users into "backing up" theirโฆ
Key TakeawaysIncident Type: The security event affecting Spanish retailer PcComponentes was a credential stuffing attack, not a direct breach ofโฆ
Key TakeawaysMobile Impersonation: Greek authorities have dismantled a criminal operation that used a fake mobile base station hidden in aโฆ
Key TakeawaysGrowing Gap: Almost 70% of organizations cite tool sprawl and visibility gaps impeding cloud security, widening the disconnect betweenโฆ
Key TakeawaysDeceptive Tactics: Mobile-optimized phishing sites impersonate PNB MetLife to steal policyholder data and facilitate fraudulent transactions.Data Exfiltration: The maliciousโฆ
Key TakeawaysSupply Chain Vulnerability: Reports indicate a critical escalation in cyber risks targeting the wholesale and retail sectors through third-partyโฆ
Key TakeawaysTargeted Campaign: A cyber campaign, dubbed Operation Nomad Leopard, is actively targeting Afghan government employees with spear-phishing emails.Deceptive Lures:โฆ
Key TakeawaysVulnerability Identified: A misconfigured GraphQL endpoint on the UStrive mentorship platform allowed authenticated users to access the private dataโฆ
Get expert insights on threats, breaches, scams, and security trends โ delivered every Saturday.
Most Popular