Collaborate Disseminate
Threat actors who specialize in vishing (i.e., voice phishing) have started using phishing kits that can intercept targets’ login credentials while also allowing attackers to control the authentication flow in a targeted user’s browser in real-ti… Continue reading Okta users under attack: Modern phishing kits are turbocharging vishing attacks
Organizations in the energy sector are being targeted with phishing emails aimed at compromising enterprise accounts, Microsoft warns. The attack campaign The attacks started with phishing emails with “NEW PROPOSAL – NDA” in the subject lin… Continue reading Energy sector orgs targeted with AiTM phishing campaign
CVE-2025-59718, a critical authentication bypass flaw that attackers exploited in December 2025 to compromise FortiGate appliances, appears to persist in newer, purportedly fixed releases of the underlying FortiOS. According to Fortinet, CVE-2025-59718… Continue reading Fully patched FortiGate firewalls are getting compromised via CVE-2025-59718?
Cisco has fixed a critical remote code execution vulnerability (CVE-2026-20045) in some of its unified communications solutions that’s being targeted by attackers in the wild, the company announced on Wednesday via a security advisory. About CVE-… Continue reading RCE flaw in Cisco enterprise communications products probed by attackers (CVE-2026-20045)
Chinese electronic manufacturer and Apple partner Luxshare Precision Industry has allegedly been breached by affiliates of the RansomHub ransomware-as-a-service outfit. Luxshare is one of the primary assemblers of Apple’s wireless earbuds, iPhones, and… Continue reading RansomHub claims alleged breach of Apple partner Luxshare
Cryptocurrency thieves have found a new way to turn trusted software packages for Linux on the Snap Store into crypto-stealing malware, Ubuntu contributor and former Canonical developer Alan Pope warned. SnapScope web app identifies malicious snaps (So… Continue reading Linux users targeted by crypto thieves via hijacked apps on Snap Store
A 40-year-old Jordanian man has admitted to selling unauthorized access to computer networks of at least 50 companies, the US Attorney’s Office of the District of New Jersey has announced. Feras Khalil Ahmad Albashiti has pleaded guilty last Thur… Continue reading Initial access broker pleads guilty to selling access to 50 corporate networks
Browser extensions are a high-risk attack vector for enterprises, allowing threat actors to bypass traditional security controls and gain a foothold on corporate endpoints. Case in point: A recently identified malicious extension called NexShield prove… Continue reading Fake browser crash alerts turn Chrome extension into enterprise backdoor
Cisco has finally shipped security updates for its Email Security Gateway and Secure Email and Web Manager devices, which fix CVE-2025-20393, a vulnerability in the devices’ AsyncOS that has been exploited as a zero-day by suspected Chinese attac… Continue reading Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393)
A data breach at the Netherlands-based company that sells Eurail (Interrail) train passes resulted in the compromise of personal and sensitive information belonging to an as-yet unknown number of travelers. What data was accessed? Eurail B.V. operates … Continue reading Sensitive data of Eurail, Interrail travelers compromised in data breach