Collaborate Disseminate
Microsoft released emergency Office security updates to fix a security feature bypass vulnerability (CVE-2026-21509) that its threat intelligence and security teams spotted being exploited in the wild in zero-day attacks. Users and admins are advised t… Continue reading Microsoft reveals actively exploited Office zero-day, provides emergency fix (CVE-2026-21509)
Suspected Russian cyber attackers tried to take down parts of Poland’s energy infrastructure with new data-wiping malware – and failed. According to information shared by the Polish government earlier this month, the attacks happened on 29 and 30… Continue reading Poland repels data-wiping malware attack on energy systems
The technology workforce is changing, and military veterans are increasingly being recognized as one of the industry’s most valuable and dependable talent pools. In this Help Net Security interview, Chris Cortez, Vice President of Military Affairs at M… Continue reading Inside Microsoft’s veteran-to-tech workforce pipeline
Threat actors who specialize in vishing (i.e., voice phishing) have started using phishing kits that can intercept targets’ login credentials while also allowing attackers to control the authentication flow in a targeted user’s browser in real-ti… Continue reading Okta users under attack: Modern phishing kits are turbocharging vishing attacks
Organizations in the energy sector are being targeted with phishing emails aimed at compromising enterprise accounts, Microsoft warns. The attack campaign The attacks started with phishing emails with “NEW PROPOSAL – NDA” in the subject lin… Continue reading Energy sector orgs targeted with AiTM phishing campaign
CVE-2025-59718, a critical authentication bypass flaw that attackers exploited in December 2025 to compromise FortiGate appliances, appears to persist in newer, purportedly fixed releases of the underlying FortiOS. According to Fortinet, CVE-2025-59718… Continue reading Fully patched FortiGate firewalls are getting compromised via CVE-2025-59718?
Cisco has fixed a critical remote code execution vulnerability (CVE-2026-20045) in some of its unified communications solutions that’s being targeted by attackers in the wild, the company announced on Wednesday via a security advisory. About CVE-… Continue reading RCE flaw in Cisco enterprise communications products probed by attackers (CVE-2026-20045)
Chinese electronic manufacturer and Apple partner Luxshare Precision Industry has allegedly been breached by affiliates of the RansomHub ransomware-as-a-service outfit. Luxshare is one of the primary assemblers of Apple’s wireless earbuds, iPhones, and… Continue reading RansomHub claims alleged breach of Apple partner Luxshare
Cryptocurrency thieves have found a new way to turn trusted software packages for Linux on the Snap Store into crypto-stealing malware, Ubuntu contributor and former Canonical developer Alan Pope warned. SnapScope web app identifies malicious snaps (So… Continue reading Linux users targeted by crypto thieves via hijacked apps on Snap Store
A 40-year-old Jordanian man has admitted to selling unauthorized access to computer networks of at least 50 companies, the US Attorney’s Office of the District of New Jersey has announced. Feras Khalil Ahmad Albashiti has pleaded guilty last Thur… Continue reading Initial access broker pleads guilty to selling access to 50 corporate networks