A large-scale credential harvesting operation is actively targeting Fortinet firewalls and VPN gateways, and has already compromised more than 30,000 Internet-facing devices across nearly 200 countries. Evidence of the credential harvesting was first spotted by security consultant Voldymyr Diachenko. Researchers from SOCRadar uncovered the campaign, which they dubbed "FortiBleed," when they found an exposed operational server belonging to attackers. READ MORE...
A newly discovered database containing 24 billion stolen records is a reminder that personal information from data breaches, phishing campaigns, and infostealer infections continues to circulate online. The collection was exposed on the internet before being taken offline. While researchers can't confirm exactly whose information was included, the discovery is a good opportunity to check whether your email addresses, passwords, or other personal data have already been exposed. READ MORE...
Cybercrims deploying DragonForce ransomware appear to have gained access to a major US services company's network, then spent two months up to no good while disguising their command-and-control activities as legitimate Microsoft Teams traffic. Researchers at security firm Symantec said the intrusion began with attackers gaining access to the victim's environment before deploying a custom Go-based backdoor, tracked as "Backdoor.Turn," to maintain communication with the compromised systems. READ MORE...
Rockwell Automation informed customers on Tuesday that patches are available for several vulnerabilities affecting its Logix and CompactLogix controllers, Flex I/O dual-port Ethernet/IP adapters, RSLinx industrial communication software, and FactoryTalk automation suite. In FactoryTalk Historian Site Edition the industrial giant patched three high- and critical-severity vulnerabilities that can be exploited to bypass authentication and launch DoS attacks. READ MORE...
While Washington D.C. frets over the potential impact of Anthropic's Claude Fable 5, security researchers continue to track how the integration of frontier AI tools are transforming the digital security landscape for malicious hackers and defenders alike. The breakneck speed of model releases may be creating short, silent security gaps for developers who must choose between performance and security, according to a new report. READ MORE...
Yet another Android banking Trojan is making the rounds, one that demonstrates an evolution in the typical malware of its kind by combining banking fraud capabilities with extensive device surveillance, remote control, and persistence mechanisms. Researchers at Zimperium zLabs have discovered the malware, dubbed Rokarolla because of the name of its command-and-control (C2) infrastructure, being distributed through malicious websites. READ MORE...
The clock is ticking for Windows and Linux users to update cryptographic keys that protect their systems against firmware-based UEFI infections, a pernicious form of malware that loads before operating system and anti-malware protections start. Beginning June 24, three certificates that cryptographically verify that each piece of firmware and software that loads during system boot will expire. The certificates are the linchpins of Secure Boot, a Microsoft-designed chain of trust. READ MORE...
Threat actors are targeting vulnerabilities in Joomla and the LiteSpeed cPanel plugin for code execution and privilege escalation. Affecting the Joomla Content Editor (JCE) for Joomla and tracked as CVE-2026-48907, the first bug is described as an improper access issue that allows unauthenticated attackers to upload editor profiles. Attackers have been exploiting the flaw to upload arbitrary files to the server, leading to arbitrary PHP code execution. READ MORE...
Attackers have been spotted exploiting three vulnerabilities (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089) in FortiSandbox, a platform that other Fortinet security products depend on for threat verdicts to enforce blocking decisions and trigger automated responses. The warning came on Monday from threat intelligence company Defused, which said that the exploit for one of the flaws is vibecoded, and likely faulty. READ MORE...