Tag: access
-
FortiBleed Turns FortiGate Access Into Enterprise Credential Theft
Arctic Wolf found FortiBleed uses stolen FortiGate credentials to gain enterprise access. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/fortibleed-turns-fortigate-access-into-enterprise-credential-theft/
-
New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns
A new, stealthy backdoor named Mistic has been deployed as part of suspected financially motivated attacks aimed at multiple organizations spanning insurance, education, IT, and professional services sectors since April 2026.According to Symantec and Carbon Black’s Threat Hunter Team, the backdoor, also tracked as MLTBackdoor, is said to be linked to an initial access broker…
-
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access
An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before it was publicly disclosed, according to new findings from Google-owned Mandiant.The vulnerability, tracked as CVE-2026-20245 (CVSS score: 7.8), allows an authenticated, local attacker to execute arbitrary commands with elevated privileges First seen…
-
CVE-2026-20262 erlaubt Rechteausweitung durch Datei-Upload – Aktiv ausgenutzte Lücke im Cisco SD-WAN Manager gibt Root-Zugriff
First seen on security-insider.de Jump to article: www.security-insider.de/cisco-sd-wan-manager-cve-2026-20262-root-zugriff-a-4b5a04fcc33f1f4144727d80f9c3d037/
-
Customer Identity and Access Management Modernes CIAM, bessere Kundenbindung
Wenn Authentisierung Kunden kostet: Warum Unternehmen ihr CIAM modernisieren müssen und trotzdem zögern. First seen on ap-verlag.de Jump to article: ap-verlag.de/customer-identity-and-access-management-modernes-ciam-bessere-kundenbindung/105562/
-
Minnesota man known as ‘Snoopy’ sentenced in DraftKings hack
Nathan Austad, who sold access to compromised accounts through a criminal storefront, is the third and final defendant sentenced in the 2022 breach First seen on cyberscoop.com Jump to article: cyberscoop.com/draftkings-hack-sentencing-nathan-austad-snoopy/
-
Why patch directives only go so far
Six weeks of undetected access through a compromised VPN exposes why patching isn’t a solution for the organizations already breached. First seen on cyberscoop.com Jump to article: cyberscoop.com/why-security-patching-is-not-enough-cve-2026-50751-op-ed/
-
Malicious hackers exploit Cisco zero-day for highest access level at communications service provider
Mandiant detailed the incident in a blog post Wednesday, but it’s unclear who was behind it or if they managed to get broad visibility into the victim’s internal traffic. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisco-sd-wan-zero-day-exploit-communications-provider/
-
Nathan Austad Pleads Guilty in DraftKings Hacking Scheme, Gets 18 Months
Third DraftKings hacker gets 18 months in prison for a 2022 credential-stuffing attack that compromised 1,600 accounts and stole $600,000. Nathan Austad, the third person sentenced over the 2022 DraftKings credential-stuffing attack, received 18 months in prison. The group used usernames and passwords stolen from other breaches to access about 1,600 accounts and steal roughly…
-
LastPass Confirms Vendor Breach Exposed Customer Contact, Support Data
LastPass said customer contact and support data were exposed after attackers used stolen Klue OAuth tokens to access its Salesforce environment and CRM records. The post LastPass Confirms Vendor Breach Exposed Customer Contact, Support Data appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-lastpass-klue-oauth-token-salesforce-data-exposure/
-
Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access
New details have been revealed on how hackers exploited a Cisco Catalyst SD-WAN vulnerability tracked as CVE-2026-20245 in zero-day attacks to create rogue root accounts on targeted devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mandiant-reveals-how-cisco-sd-wan-zero-day-attacks-gained-root-access/
-
ManageEngine AD360 Integrated Products Hit by Account Takeover Vulnerability
ManageEngine has disclosed a critical account takeover vulnerability, tracked as CVE-2026-11374, affecting various integrated products within its AD360 identity and access management suite. The flaw affects ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus when used with AD360 and via single sign-on (SSO) integration. This vulnerability stems from predictable SSO ticket generation, which…
-
AI-Powered Phishing Attacks Surge 1,380% as Criminal Platforms Render MFA Obsolete
Imagine completing a two-factor authentication check on a real Microsoft login page and still handing a criminal full access to your email account. That is not a hypothetical. According to new research published this week by cybersecurity company Huntress, it happened across hundreds of organisations in the first four months of 2026 and the victims…
-
Nach fünf Tagen droht der Stillstand so eskalieren Hackerangriffe
Tags: accessHackerangriffe auf mittelständische Unternehmen folgen häufig einem klaren Eskalationsmuster. Das zeigt eine aktuelle Analyse von Trufflepig IT-Forensics auf Basis realer Hackerangriffe auf mittelständische Unternehmen im DACH-Raum. Über alle untersuchten Fälle hinweg verdichtet sich demnach ein wiederkehrendes Muster in fünf Phasen: Eindringen, Erkundung, Ausbreitung, Exfiltration und Detonation. Konkret bedeutet das: Am Anfang steht der initiale Zugriff,…
-
Cisco Unified CM Flaw CVE-2026-20230 Actively Exploited in the Wild
Attackers exploit Cisco Unified CM flaw (CVE-2026-20230) allowing unauth HTTP requests to trigger SSRF, write files, and gain root access Cisco Unified Communications Manager has a serious vulnerability, tracked as CVE-2026-20230 (CVSS score of 8.6), that attackers are already exploiting. The flaw, caused by improper validation of certain HTTP requests, allows a remote attacker without…
-
ModeloRAT and Mistic Backdoor Activity Linked to Ransomware Initial Access Broker
The Python-based remote access trojan ModeloRAT and a newly observed stealth backdoor, dubbed Backdoor.Mistic, to activity consistent with an initial access broker (IAB) operation that facilitates ransomware deployments. Mistic first seen in April 2026 and publicized by Zscaler as MLTBackdoor access appears optimized for long-term, low-visibility access and was discovered deployed in at least one…
-
Stealthy Mistic backdoor linked to ransomware access broker KongTuke
A new backdoor dubbed Mistic has been observed in financially motivated attacks targeting organizations in the insurance, education, IT, and professional services sectors. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/stealthy-mistic-backdoor-linked-to-ransomware-access-broker-kongtuke/
-
Payouts King Initial Access Broker Deploys Edgecution Malware Through Malicious Edge Extension
A concerted campaign by an initial access broker with ties to the Payouts King ransomware ecosystem that leverages a novel browser-based delivery technique to establish persistent host-level control. The actor deploys a malicious Microsoft Edge extension dubbed >>Edgecution<< which abuses the Chrome native messaging protocol to reach a Python backdoor running on the endpoint, effectively…
-
FortiBleed: The Broker Who Turned 73,000 Firewalls Into a Product Catalog
FortiBleed exposed valid credentials for 73,000+ Fortinet firewalls, revealing a large-scale access-brokering operation targeting organizations worldwide. In mid-June 2026, researcher Volodymyr >>Bob<< Diachenko found a live, exposed server containing working login credentials for tens of thousands of Fortinet firewalls, a data leak code-named FortiBleed. The headline number, valid remote-access logins for 73,932 devices across 21,632…
-
Cisco Unified Communications Manager Flaw Exposes Systems to SSRF Attacks and Root Access
Cisco has disclosed a critical server-side request forgery (SSRF) vulnerability affecting its Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). This vulnerability could enable unauthenticated remote attackers to write files to the underlying operating system and potentially escalate their privileges to root. Identified as CVE-2026-20230 and documented in…
-
GTA 6 Early Access Scam Uses Fake VIP Pages to Steal Cryptocurrency Payments
A fresh wave of scam websites is exploiting the fevered anticipation for Grand Theft Auto VI, offering “VIP early access” in exchange for cryptocurrency payments and delivering nothing in return. These pages are carefully designed to look legitimate neon Vice Citystyle art, official-looking logos, luxury-car imagery and polished layouts then instruct victims to pay hundreds…
-
Most Companies Overestimate Their AI Maturity
EXL Study Finds Data, Business Processes Separate Leaders from Laggards. Most companies believe they are ahead on AI, but EXL’s latest enterprise AI study suggests few have truly scaled it. The leaders are pulling away by integrating AI across functions, improving data access and redesigning workflows around measurable business value. First seen on govinfosecurity.com Jump…
-
Dialog Claims It Was Hacked. A Misconfigured Website Left Its Members Exposed
The private events group, cofounded by Peter Thiel, says a “criminal” hacker is behind a breach that exposed members’ personal details. WIRED found no evidence a break-in was needed to access the files. First seen on wired.com Jump to article: www.wired.com/story/dialog-hack-website-misconfiguration/
-
Healthtech firm Xolis suffers data breach impacting 1.4 million people
Healthcare technology company Xsolis says that sensitive data belonging to nearly 1.4 million individuals was compromised in a phishing attack that gave attackers access to its network. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/healthtech-firm-xolis-suffers-data-breach-impacting-14-million-people/
-
FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation
A Russian-speaking initial access broker (IAB) driven by financial gain is assessed to be behind a large-scale credential-harvesting operation known as FortiBleed that has targeted over 430,000 FortiGate firewalls globally.The campaign, active since February 2026, involves collecting credential lists, searching for exposed services, brute-forcing accessible systems, and deploying bespoke First seen on thehackernews.com Jump to…