FortiBleed, the large-scale credential-harvesting operation targeting organizations in 150 countries, has led to the deployment of INC Ransom and Lynx ransomware families, SOCRadar reports. Uncovered in mid-June, FortiBleed has been targeting over 430,000 FortiGate firewalls for the deployment of a network sniffer dubbed FortigateSniffer to capture the traffic passing through them and extract cleartext credentials and password hashes for future compromise. READ MORE...
Medical device giant Medtronic is warning patients that their personal and health information may have been caught up in an April cyberattack in which intruders spent nearly a week inside parts of its corporate network. According to breach notification letters sent to affected individuals, the company detected unusual activity on April 15 and later determined an unauthorized party accessed certain corporate systems between April 13 and April 19. READ MORE...
Threat actors are moving away from spray-n-pray phishing attacks in favor of campaigns that can automatically adapt to a target's device and operating system. Today, anti-phishing security vendor Cofense published research covering the cutting-edge ways threat actors are upping their phishing game. As research post author Max Gannon of Cofense Intelligence explained, classic phishing attacks often have clumsy, simple emails and an attachment with a simple infection chain. READ MORE...
Rarlab has released a new version of the popular WinRAR tool to patch a vulnerability that can be abused in remote code execution attacks. The issue is fixed in WinRAR 7.23, but users must install the new version manually because WinRAR still does not offer automatic updates. They also need to make sure they download the version that matches their system and language preference. The vulnerability, tracked as CVE-2026-14191, affects the way WinRAR and UnRAR handle RAR5 files. READ MORE...
In the span of just two years, ClickFix has gone from an emerging social engineering technique to the overwhelming favorite among threat actors for malware delivery. That's according to research from ReliaQuest, which analyzed threat activity from March 1 to May 31 and found that ClickFix dominated initial access and defense-evasion categories. ClickFix tricks targeted individuals into copying and pasting malicious commands into system dialogs like Windows Terminal. READ MORE...
Cisco confirmed that attackers are now exploiting a Unified Communications Manager (Unified CM) vulnerability patched in early June. Unified CM (formerly known as Cisco CallManager) is the central control system for Cisco IP telephony systems, handling call routing, device management, and telephony features. Threat actors without privileges can exploit the vulnerability (CVE-2026-20230) remotely in low-complexity server-side request forgery (SSRF) attacks by sending a crafted HTTP request. READ MORE...
The US Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday said threat actors have been exploiting a high-severity vulnerability in Microsoft SharePoint Server. Described as a deserialization of untrusted data bug, the exploited security defect allows authenticated attackers to execute arbitrary code on vulnerable SharePoint servers. The flaw is tracked as CVE-2026-45659 (CVSS score of 8.8) and was patched in late May, via an out-of-band security update. READ MORE...