Collaborate Disseminate
Google has disrupted Ipidea, a massive residential proxy network consisting of user devices that are being used as the last-mile link in cyberattack chains. “In a single seven day period in January 2026, GTIG observed over 550 individual threat g… Continue reading Google disrupts proxy network used by 550+ threat groups
The update infrastructure for eScan antivirus, a product of Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a persistent downloader to enterprise and consumer endpoints. The supply chain compro… Continue reading eScan AV supply chain compromise: Users targeted with malicious updates
SolarWinds has fixed six critical and high-severity vulnerabilities in its popular Web Help Desk (WHD) support ticketing and asset management solution, and is urging customers to upgrade to v2026.1 as soon as possible. The vulnerabilities The WHD vulne… Continue reading SolarWinds fixes critical Web Help Desk RCE vulnerabilities, upgrade ASAP!
State-sponsored hackers and financially motivated attackers continue leveraging a critical WinRAR vulnerability (CVE-2025-8088) that’s been fixed over half a year ago. CVE-2025-8088 is a path traversal vulnerability that can be exploited via mali… Continue reading WinRAR vulnerability still a go-to tool for hackers, Mandiant warns
Fortinet has begun releasing FortiOS versions that fix CVE-2026-24858, a critical zero-day vulnerability that allowed attackers to log into targeted organizations’ FortiGate firewalls. “This vulnerability was found being exploited in the wi… Continue reading Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858)
A malware delivery campaign detailed by Blackpoint researchers employs an impressive array of tricks to deliver an infostealer to employees without triggering enterprise defenses or close examination by security researchers. The attackers aim to get th… Continue reading Attackers use Windows App-V scripts to slip infostealer past enterprise defenses
Microsoft released emergency Office security updates to fix a security feature bypass vulnerability (CVE-2026-21509) that its threat intelligence and security teams spotted being exploited in the wild in zero-day attacks. Users and admins are advised t… Continue reading Microsoft reveals actively exploited Office zero-day, provides emergency fix (CVE-2026-21509)
Suspected Russian cyber attackers tried to take down parts of Poland’s energy infrastructure with new data-wiping malware – and failed. According to information shared by the Polish government earlier this month, the attacks happened on 29 and 30… Continue reading Poland repels data-wiping malware attack on energy systems
The technology workforce is changing, and military veterans are increasingly being recognized as one of the industry’s most valuable and dependable talent pools. In this Help Net Security interview, Chris Cortez, Vice President of Military Affairs at M… Continue reading Inside Microsoft’s veteran-to-tech workforce pipeline
Threat actors who specialize in vishing (i.e., voice phishing) have started using phishing kits that can intercept targets’ login credentials while also allowing attackers to control the authentication flow in a targeted user’s browser in real-ti… Continue reading Okta users under attack: Modern phishing kits are turbocharging vishing attacks