Collaborate Disseminate
German security authorities are warning that a likely state-backed hacking group is engaged in attempts at phishing senior political figures, military officials, diplomats, and investigative journalists across Germany and Europe via Signal. The authori… Continue reading State-backed phishing attacks targeting military officials and journalists on Signal
The US Cybersecurity and Infrastructure Security Agency (CISA) issued a new binding operational directive aimed at reducing a long-standing cyber risk across federal networks: outdated “edge devices” that are not longer supported by vendors… Continue reading CISA orders US federal agencies to replace unsupported edge devices
For the third time in two weeks, CISA added a vulnerability (CVE-2026-24423) affecting SmarterTools’ SmarterMail email and collaboration server to its Known Exploited Vulnerabilities catalog, and this one is being exploited in ransomware attacks…. Continue reading Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423)
CVE-2025-22225, a VMware ESXi arbitrary write vulnerability, is being used in ransomware campaigns, CISA confirmed on Wednesday by updating the vulnerability’s entry in its Known Exploited Vulnerabilities (KEV) catalog. Researchers linked VMware … Continue reading CISA confirms exploitation of VMware ESXi flaw by ransomware attackers
Attackers are leaning on a new EDR killer malware that can shut down 59 widely used endpoint security products by misusing a kernel driver that once shipped with Guidance Software’s EnCase digital forensics tool, Huntress researchers warn. This particu… Continue reading Why a decade-old EnCase driver still works as an EDR killer
Russian state-sponsored hackers Fancy Bear (aka APT 28) are exploiting CVE-2026-21509, a Microsoft Office vulnerability for which Microsoft released an emergency fix last week. The exploitation CVE-2026-21509 allows unauthorized attackers to bypass a s… Continue reading Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509)
Rapid7 researchers have attributed the recent hijacking of the Notepad++ update mechanism to Lotus Blossom (aka Billbug), a Chinese state-sponsored group known for targeting organizations in Southeast Asia for espionage purposes. On Wednesday, Kaspersk… Continue reading Notepad++ supply chain attack: Researchers reveal details, IoCs, targets
Multi-factor authentication (MFA) is supposed to defend against phishing attacks, but threat actors operating under the ShinyHunters banner are using it as a pretext in ongoing social engineering attacks aimed at bypassing it. Among those successfully … Continue reading ShinyHunters flip the script on MFA in new data theft attacks
Suspected Chinese state-sponsored attackers hijacked the Notepad++ update mechanism by compromising the software project’s shared hosting server and intercepting and redirecting update traffic destined for notepad-plus-plus.org, the software̵… Continue reading How state-sponsored attackers hijacked Notepad++ updates
Ivanti has released provisional patches that fix two critical code injection vulnerabilities in Endpoint Manager Mobile (EPMM), one of which (CVE-2026-1281) has been exploited in zero-day attacks and has been added to CISA’s Known Exploited Vulne… Continue reading Ivanti provides temporary patches for actively exploited EPMM zero-day (CVE-2026-1281)