Russian intelligence-linked hackers are targeting commercial messaging platforms, with Signal a primary focus, the FBI and CISA warn. The campaign is aimed at individuals of intelligence interest, including government personnel, journalists, and others with access to sensitive communications. It is believed that the campaign has compromised thousands of commercial messaging applications accounts. People who use these applications can develop a false sense of security. READ MORE...
The Department of Justice on Thursday said four domains used for Iranian-backed hacking and intimidation of political opponents have been taken down in a court-ordered operation. Two of the domains were connected to Handala, the state-linked threat group that authorities confirmed was behind the hack of Stryker, a Michigan-based medical technology giant. A partially redacted FBI affidavit did not specifically identify Stryker by name, but the details of the attack match. READ MORE...
An open server hosted on a German cloud provider's systems has been discovered, containing the entire toolset of a member of the Beast ransomware group. The find exposes the tactics, techniques, and procedures (TTPs) of the threat actor, but also reveals that Beast shares many of those TTPs with other ransomware gangs. According to threat-intelligence firm Team Cymru, the ransomware toolset includes those used for reconnaissance, network mapping, credential theft, and exfiltration. READ MORE...
QNAP on Friday announced patches for multiple vulnerabilities across its products, including four issues that were demonstrated at the Pwn2Own Ireland hacking contest in October 2025. The four security defects, tracked as CVE-2025-62843 to CVE-2025-62846, impact the company's SD-WAN routers and were addressed in QuRouter version 2.6.3.009. According to QNAP's advisory, the first bug requires physical access to a vulnerable device, while the second flaw could be exploited over the local network. READ MORE...
An information stealer called VoidStealer uses a new approach to bypass Chrome's Application-Bound Encryption (ABE) and extract the master key for decrypting sensitive data stored in the browser. The novel method is stealthier and relies on hardware breakpoints to extract the v20_master_key, used for both encryption and decryption, directly from the browser's memory, without requiring privilege escalation or code injection. READ MORE...
Three American men were sentenced Friday for crimes they committed in furtherance of North Korea's vast scheme to get operatives hired at U.S. companies, the Justice Department said. The trio pleaded guilty in November to wire fraud conspiracy for providing U.S. identities to remote North Korean IT workers. They hosted U.S. company-provided laptops at their homes and installed remote-access software so North Korean operatives could appear to be working in the country. READ MORE...
Microsoft Azure Monitor alerts are being abused to send callback phishing emails that impersonate warnings from the Microsoft Security Team about unauthorized charges on your account. Azure Monitor is Microsoft's cloud-based monitoring service that collects and analyzes data from Azure resources, applications, and infrastructure. It enables users to track performance, notify about billing changes, detect issues, and trigger alerts based on various conditions. READ MORE...
Researchers and threat hunters are scrambling to contain a maximum-severity defect in Ubiquiti's UniFi Network Application that attackers could exploit to take over user accounts by accessing and manipulating files. The path-traversal vulnerability - CVE-2026-22557 - affects software used to manage UniFi networking devices, including access points, gateways and switches. The vendor disclosed and released patches for the defect in a security advisory Wednesday. READ MORE...
Oracle broke its usual patch cycle this week to announce a critical vulnerability in its Fusion Middleware. On March 19, the enterprise software and cloud computing giant released a special security alert for the newly discovered issue, now labeled CVE-2026-21992. It affects the Oracle Identity Manager (OIM) and Oracle Web Services Manager (OWSM), and its severity is obvious at first glance, as it enables remote code execution (RCE) and requires no authentication to exploit. READ MORE...