Tag: communications
-
Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks
A high-severity SSRF vulnerability, tracked as CVE-2026-20230, in Cisco Unified Communications Manager Server is now being exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-unified-cm-sme-flaw-cve-2026-20230-now-exploited-in-attacks/
-
Europe Seeks to Advance 6G Security, Privacy
EU Projects Seek to Protect Fast New Network, Secure Information Sharing. The mobile communications technology known as 6G still hasn’t been standardized and its earliest commercial deployments are years away. But Europe is investing early in preparing for the next telecoms revolution – and the inevitable cybersecurity problems bundled into it. First seen on govinfosecurity.com…
-
State Digital Surveillance Puts Foreign Travelers and Businesses at Risk Across 31 Countries
A new state-surveillance assessment finds that foreign travelers and business staff face high or very high digital risk in 31 countries, where governments increasingly use telecom interception, spyware, AI-enabled monitoring, and data aggregation with little meaningful oversight. The concern is not just espionage in the classic sense; it is the routine conversion of travel, communications,…
-
Cybercriminals mask malicious communications through Microsoft Teams relays
Tags: communications, control, cybercrime, group, infrastructure, malicious, malware, microsoft, ransomwareThe DragonForce ransomware group used a custom malware called Backdoor.Turn to hide command-and-control traffic inside Microsoft Teams relay infrastructure during an intrusion … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/16/dragonforce-microsoft-teams-malware-backdoor-turn/
-
Microsoft Teams Relay Abused by Hackers to Hide Malicious Traffic
Tags: communications, control, cyber, exploit, hacker, infrastructure, malicious, microsoft, ransomware, threatMicrosoft Teams’ trusted infrastructure has been exploited by threat actors to secretly route malicious traffic, leading to a highly stealthy ransomware campaign attributed to the DragonForce group. Security researchers have discovered a novel technique in which attackers exploit Microsoft Teams’ TURN (Traversal Using Relays around NAT) servers to conceal command-and-control (C2) communications, making malicious activity…
-
Microsoft Teams Relay Abused by Hackers to Hide Malicious Traffic
Tags: communications, control, cyber, exploit, hacker, infrastructure, malicious, microsoft, ransomware, threatMicrosoft Teams’ trusted infrastructure has been exploited by threat actors to secretly route malicious traffic, leading to a highly stealthy ransomware campaign attributed to the DragonForce group. Security researchers have discovered a novel technique in which attackers exploit Microsoft Teams’ TURN (Traversal Using Relays around NAT) servers to conceal command-and-control (C2) communications, making malicious activity…
-
PRC-Nexus Hackers Abuse REDCap Servers to Monitor US Medical Research Organizations
A sophisticated, long-running cyberespionage campaign attributed to UNC6508, a People’s Republic of China (PRC)-nexus threat actor, that systematically targets North American academic, medical, and military research institutions. The campaign, active since at least September 2023, remained undetected for over a year while the threat actor silently harvested credentials, exfiltrated sensitive communications, and maintained persistent access across victim…
-
US FCC Eases Router Ban for Cable ISPs
Waiver Allows Component Swaps for 1 Year. The U.S. Federal Communications Commission approved a cable industry lobbying group’s request to grant large scale internet service providers with a waiver from Trump administrations’ current ban on consumer grade foreign-made routers. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/us-fcc-eases-router-ban-for-cable-isps-a-31982
-
Zscaler Has ‘Incredible Advantage’ For Securing AI Agent Boom: Partners
Zscaler’s large customer base, massive data telemetry and global system for securing communications between AI agents give the vendor a substantial edge when it comes to securing agentic adoption, executives at top Zscaler partners told CRN. First seen on crn.com Jump to article: www.crn.com/news/security/2026/zscaler-has-incredible-advantage-for-securing-ai-agent-boom-partners
-
Zscaler CEO On Why Zero Trust Is The Real ‘Foundation’ For Deploying AI Agents
Even as countless vendors claim to have the ultimate solution to securing AI agents, Zscaler has a “significant lead” with its zero trust security platform”, which is in fact best equipped for protecting the communications needed to make agentic work, according to Zscaler founder and CEO Jay Chaudhry. First seen on crn.com Jump to article:…
-
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root.It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco’s PSIRT says it has not seen the flaw used in attacks yet. The PoC shortens…
-
Cisco warns of critical Unified CM flaw with PoC exploit code
Cisco has released security updates to patch a critical-severity Unified Communications Manager (Unified CM) flaw that allows attackers to gain root privileges. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-warns-of-critical-unified-cm-flaw-with-poc-exploit-code/
-
PoC Exploit Released for Cisco Unified Communications Manager Security Vulnerability
A proof-of-concept (PoC) exploit has been released for a critical server-side request forgery (SSRF) vulnerability impacting Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME), increasing the likelihood of active exploitation in enterprise environments. Cisco Unified Manager Security Vulnerability Tracked as CVE-2026-20230 and detailed in Cisco advisory cisco-sa-cucm-ssrf-cXPnHcW, the…
-
HazyBeacon Campaign Abuses AWS for Stealthy C2 Communications
Tags: attack, cloud, communications, control, cyber, espionage, government, network, service, threatA newly documented cyber espionage operation known as HazyBeacon, tracked as CL-STA-1020, is leveraging Amazon Web Services (AWS) to build stealthy command-and-control (C2) channels that are difficult for defenders to detect. The campaign primarily targets government networks in Southeast Asia and represents a growing shift toward cloud-native attack infrastructure. This misconfiguration enables threat actors to…
-
AI-powered threats target 2026 election communications
First seen on scworld.com Jump to article: www.scworld.com/brief/ai-powered-threats-target-2026-election-communications
-
Anthropic scales Claude Mythos to critical infrastructure in 15+ countries
Anthropic is expanding Project Glasswing, its security vulnerability program, and access to Mythos to 150 organizations across 15 countries, targeting critical infrastructure in power, water, healthcare, and communications where a cyberattack could affect 100 million people. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/02/anthropic-scales-claude-mythos-to-critical-infrastructure-in-15-countries/
-
Security Affairs newsletter Round 579 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. ShinyHunters Leaks Charter Communications Data, Potentially Impacting 5 Million Customers Signal Phishing Campaign Targets Journalists and…
-
ShinyHunters Leaks Charter Communications Data, Potentially Impacting 5 Million Customers
Cybercrime group ShinyHunters leaked data allegedly stolen from Charter Communications, exposing millions of customer records after a failed extortion attempt. The ShinyHunters extortion group has published data allegedly stolen from Charter Communications after the company apparently refused to pay a ransom. Charter Communications is one of the largest telecommunications companies in the United States. It…
-
Charter confirms data breach after ShinyHunters extortion threat
U.S. telecommunications giant Charter Communications has confirmed it suffered a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/charter-confirms-data-breach-after-shinyhunters-extortion-threat/
-
Malicious PDF LNK Files Deploy Cobalt Strike in Operation Dragon Whistle
A newly uncovered cyber campaign dubbed “Operation Dragon Whistle” is targeting China’s education sector with highly tailored spear-phishing attacks that deploy Cobalt Strike beacons via deceptive PDF/LNK files. The attackers crafted emails that impersonate official university communications, urging students and faculty to review an important testing notice. The message includes a ZIP attachment named in…
-
New Telecom Espionage Campaign Tied to China
Researchers Trace Linux and Windows Toolsets to Suspected PRC Espionage Activity. Newly discovered malware tied to China-linked actors breached telecom providers across Asia and the Middle East, highlighting growing efforts to gain persistent access into interconnected communications infrastructure. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/new-telecom-espionage-campaign-tied-to-china-a-31763
-
Iranian Hackers Using Fake Job Sites to Breach Defense Firms
Unit 42 Says Iranian Operators Target Aerospace and Government Staff. Palo Alto Networks’ Unit 42 said Iran-linked operators tied to Screening Serpens are using fake recruiting campaigns, cloned aerospace hiring portals and malware-laced job materials to infiltrate defense, satellite communications and government networks. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/iranian-hackers-using-fake-job-sites-to-breach-defense-firms-a-31762
-
Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks
Showboat doesn’t show off, but clearly it doesn’t need to, as it’s long helped China spy on small market communications providers. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/chinese-apts-linux-backdoor-telco-attacks
-
Discord Enables EndEnd Encryption by Default Across Voice and Video Features
Discord has officially enabled end-to-end encryption (E2EE) by default for all voice and video communications across its platform, marking a significant shift in user privacy and secure communications. The announcement, made on May 18, 2026, confirms that every voice and video call on Discord, across desktop, mobile, web browsers, and gaming consoles, is now protected…
-
US Telecom Giants Launch Private ISAC to Counter AI-Powered Cyberattacks
The U.S. telecom sector is strengthening its cybersecurity coordination efforts with the launch of a new private ISAC designed to help major communications companies respond more effectively to AI-powered cyberattacks, state-backed espionage campaigns, and emerging threats targeting national communications infrastructure. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/private-isac-telecom-sector/
-
US Telecom Giants Launch Private ISAC to Counter AI-Powered Cyberattacks
The U.S. telecom sector is strengthening its cybersecurity coordination efforts with the launch of a new private ISAC designed to help major communications companies respond more effectively to AI-powered cyberattacks, state-backed espionage campaigns, and emerging threats targeting national communications infrastructure. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/private-isac-telecom-sector/
-
US Telecom Giants Launch Private ISAC to Counter AI-Powered Cyberattacks
The U.S. telecom sector is strengthening its cybersecurity coordination efforts with the launch of a new private ISAC designed to help major communications companies respond more effectively to AI-powered cyberattacks, state-backed espionage campaigns, and emerging threats targeting national communications infrastructure. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/private-isac-telecom-sector/
-
Alleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash
A Huawei zero-day flaw reportedly caused Luxembourg’s 2025 nationwide outage, disrupting landline, 4G/5G, and emergency services On July 23, 2025, a nationwide telecom outage in Luxembourg was reportedly triggered by a previously undisclosed flaw in Huawei enterprise routers. The attack disrupted landline, 4G, 5G, and emergency communications for more than three hours after specially crafted…
-
Discord enables endend encrypted voice and video calling for every user
Tags: communicationsGood news! Discord’s hundreds of millions of users now have their communications scrambled, so not even Discord can see them. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/19/discord-enables-end-to-end-encrypted-voice-and-video-calling-for-every-user/
-
7 tips for accelerating cyber incident recovery
Tags: attack, awareness, backup, breach, business, ceo, cio, ciso, cloud, communications, control, cyber, cybersecurity, data, defense, finance, framework, governance, incident, incident response, infection, insurance, international, lessons-learned, malicious, malware, monitoring, nist, risk, service, technology, threat, updateEmphasize scoping and containment from the outset: Because you can’t recover from what you can’t stop, scoping and containment should be the absolute first priority during incident recovery, says Amit Basu, CIO and CISO at freight shipping firm International Seaway.”Before anything else, you must stop the bleeding,” he says. This means understanding the true scope…