Tag: threat
-
APT28 Targeted European Entities Using Webhook-Based Macro Malware
The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe.The activity, per S2 Grupo’s LAB52 threat intelligence team, was active between September 2025 and January 2026. It has been codenamed Operation MacroMaze. “The campaign relies on basic tooling and the exploitation of…
-
NDSS 2025 Generating API Specifications For Bug Detection Via Specification Propagation Analysis
Session 13B: API Security Authors, Creators & Presenters: Miaoqian Lin (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Kai Chen (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Yi…
-
Forescout Partners with E-ISAC to Bring Threat Intelligence and Research to North American Utilities
Forescout Technologies has joined the Electricity Information Sharing and Analysis Center Vendor Affiliate Program, a move that will expand the sharing of threat intelligence with utilities and government partners working to protect North America’s power grid. The program is run by the Electricity Information Sharing and Analysis Center(E-ISAC), which operates under the North American Electric…
-
AWS Threat Intel Finds 600+ FortiGate Devices Hit
AWS Threat Intel found AI was used to hack 600+ FortiGate devices. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/aws-threat-intel-finds-600-fortigate-devices-hit/
-
Ad tech firm Optimizely confirms data breach after vishing attack
New York-based ad tech company Optimizely has notified an undisclosed number of customers of a data breach after threat actors compromised some of its systems in a voice phishing attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ad-tech-firm-optimizely-confirms-data-breach-after-vishing-attack/
-
Russian-speaking hackers used gen AI tools to compromise 600 firewalls, Amazon says
A Russian-speaking threat actor used commercial generative artificial intelligence tools to help compromise more than 600 FortiGate firewall devices across more than 55 countries earlier this year, researchers have found. First seen on therecord.media Jump to article: therecord.media/gen-ai-fortigate-hackers-russia
-
Connected & Compromised: When IoT Devices Turn Into Threats
Reused passwords, a lack of network segmentation, and poor sanitization processes make the Internet of Things’ attack surfaces more dangerous. First seen on darkreading.com Jump to article: www.darkreading.com/iot/connected-compromised-iot-devices-turn-threats
-
AI helps novice threat actor compromise FortiGate devices in dozens of countries
Generative AI tools analyzed target networks and wrote exploit code, giving an opportunistic attacker an outsized impact, according to a new Amazon report. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-cyberattacks-fortigate-amazon/812830/
-
AI Let ‘Unsophisticated’ Hacker Breach 600 Fortinet Firewalls, AWS Says, As AI Lowers ‘The Barrier’ For Threat Actors
Hackers use AI, GenAI and LLMs to breach Fortinet FortiGate firewalls as cybersecurity and threat actors leverage AI for cyber-attacks, AWS report finds. First seen on crn.com Jump to article: www.crn.com/news/security/2026/ai-let-unsophisticated-hacker-breach-600-fortinet-firewalls-aws-says-as-ai-lowers-the-barrier-for-threat-actors
-
2025: The Untold Stories of Check Point Research
Tags: threatntroduction Check Point Research (CPR) continuously tracks threats, following the clues that lead to major players and incidents in the threat landscape. Whether it’s high-end financially-motivated campaigns or state-sponsored activity, our focus is to figure out what the threat is, report our findings to the relevant parties, and make sure Check Point customers stay protected.…
-
GrayCharlie Hacks WordPress Sites, Spreads NetSupport RAT and Stealc Malware
GrayCharlie is abusing compromised WordPress sites to silently load malicious JavaScript that pushes NetSupport RAT, often followed by Stealc and SectopRAT, via fake browser updates and ClickFix lures. Insikt Group tracks GrayCharlie as a financially motivated threat actor overlapping with SmartApeSG, active since mid”‘2023, and specializing in turning legitimate WordPress sites into malware-delivery points. The…
-
Phishing-Kampagne umgeht Multi-Faktor-Authentifizierung von Microsoft 365
KnowBe4 Threat Labs hat eine komplexe Phishing-Kampagne entdeckt, die auf US-amerikanische Unternehmen und Fachkräfte abzielt. Die Angriffe kompromittieren Microsoft-365-Konten (Outlook, Teams, Onedrive), indem sie den OAuth-2.0-Geräteautorisierungsfluss missbrauchen und dadurch selbst starke Passwörter und Multi-Faktor-Authentifizierung (MFA) überlisten. Das Opfer wird auf das legitime Microsoft-Portal ‘https://microsoft.com/devicelogin” weitergeleitet, um einen vom Angreifer bereitgestellten Gerätecode einzugeben. Durch die Eingabe…
-
CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products
Attackers are exploiting CVE-2026-1731 in BeyondTrust RS and PRA to deploy VShell, gain persistence, move laterally, and control compromised systems. Threat actors are actively exploiting a recently disclosed critical vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA). The flaw is being used to conduct a wide…
-
CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products
Attackers are exploiting CVE-2026-1731 in BeyondTrust RS and PRA to deploy VShell, gain persistence, move laterally, and control compromised systems. Threat actors are actively exploiting a recently disclosed critical vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA). The flaw is being used to conduct a wide…
-
Russian Cyber Threat Actor Uses GenAI to Compromise Fortinet Firewalls
A low-skilled Russian-speaking attacker has used GenAI tools to help deploy a successful attack workflow targeting FortiGate instances First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-threat-actor-genai/
-
Attackers exploit Ivanti EPMM zero-days to seize control of MDM servers
Patch, but verify first: Unit 42 directed organizations to Ivanti’s security advisory for remediation guidance, which recommends applying version-specific RPM patches for EPMM 12.x branches that require no appliance downtime. Ivanti cautioned, however, that the patch does not survive a version upgrade and must be reinstalled if the software is updated. “The permanent fix for…
-
AI-powered campaign compromises 600 FortiGate systems worldwide
A Russian-speaking cybercriminal used commercial generative AI tools to hack over 600 FortiGate devices across 55 countries. Amazon Threat Intelligence reports that a Russian-speaking, financially motivated threat actor used commercial generative AI services to compromise more than 600 FortiGate devices in 55 countries. The activity, observed between January 11 and February 18, 2026, highlights how…
-
CISA Warns of Actively Exploited Roundcube Vulnerabilities
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, open-source, risk, threat, vulnerabilityOn February 20, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) Catalog by adding two critical flaws in Roundcube Webmail. These vulnerabilities, CVE-2025-49113 and CVE-2025-68461, are being actively exploited by threat actors. Roundcube, a popular open-source webmail client used by organizations worldwide, now faces heightened risks as attackers target…
-
CISA Warns of Actively Exploited Roundcube Vulnerabilities
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, open-source, risk, threat, vulnerabilityOn February 20, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) Catalog by adding two critical flaws in Roundcube Webmail. These vulnerabilities, CVE-2025-49113 and CVE-2025-68461, are being actively exploited by threat actors. Roundcube, a popular open-source webmail client used by organizations worldwide, now faces heightened risks as attackers target…
-
North Korean Hackers Exploit Fake IT Worker Schemes and Malicious Interview Lures
North Korean state-backed hackers are running large-scale fake IT worker and “Contagious Interview” campaigns that abuse developer hiring workflows to deliver JavaScript-based malware, steal code and credentials, and covertly generate revenue for the regime. Since at least 2022, North Korean threat actors have impersonated recruiters and hiring managers, luring software developers into executing booby-trapped code…
-
DPRK-Linked Hackers Continue Aggressive Crypto Attacks One Year After Bybit Breach
DPRK-linked operators are maintaining a relentless focus on the crypto sector, with activity accelerating rather than slowing in the year since the record-breaking Bybit breach. On 21 February 2025, threat actors linked to North Korea stole around 1.46 billion dollars in cryptoassets from Dubai-based exchange Bybit, in what remains the largest confirmed crypto theft to date. By…
-
Attacker Breached 600 FortiGate Appliances in AI-Assisted Campaign: Amazon
An single threat actor used AI tools to create and run a campaign that compromised more then 600 Fortinet FortiGate appliances around the world over five weeks, according to Amazon threat researchers, the latest example of how cybercriminals are using the technology in their attacks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/attacker-breached-600-fortigate-appliances-in-ai-assisted-campaign-amazon/
-
Why are cybersecurity experts optimistic about NHIDR
Are Non-Human Identities the New Frontier in Cybersecurity? Where cyber threats loom large, an often-overlooked challenge is the protection and management of Non-Human Identities (NHIs). Cybersecurity is evolving rapidly, and professionals across various sectors are increasingly recognizing the strategic importance of NHIs. But what exactly are these identities, and why should cybersecurity experts be optimistic……
-
What role does Agentic AI play in identity and access management
How Do Non-Human Identities Transform Cloud Security? Are your organization’s security measures keeping pace with evolving threats? The rise of Non-Human Identities (NHIs) is reshaping how we approach cloud security by closing gaps that have long persisted between security and R&D teams. Where businesses increasingly migrate to cloud environments, the effective management of these machine……
-
How are SOC teams empowered by Non-Human Identities
Can SOC Teams Really Rely on Non-Human Identities for Cybersecurity? SOC (Security Operations Center) teams are continually challenged to adapt and respond to emerging cybersecurity vulnerabilities. When threats evolve, traditional security measures can often fall short. This is where Non-Human Identities (NHIs) come into play, offering innovative solutions to bolster security protocols. Understanding the Concept……
-
AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries
A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries.That’s according to new findings from Amazon Threat Intelligence, which said it observed the activity between January 11 and February 18, 2026.”No exploitation of FortiGate First seen on…