Author: Staff Writer

Fast Facts The U.K.’s National Cyber Security Centre (NCSC) reports that around 75% of cyber attacks on critical infrastructure are linked to hostile state actors like Russia, China, and Iran, with over 200 incidents managed in the past year. Adversaries are increasingly exploiting vulnerabilities using AI, which is expected to accelerate attacks by 2028, targeting legacy systems and critical infrastructure at scale. Horne emphasizes viewing cybersecurity as a continual contest of capabilities and performance, rather than a static risk, demanding ongoing enhancements and collaboration across public and private sectors. The UK has initiated a £210 million Cyber Action Plan to…

Summary Points CISA issued a high-priority alert for a critical vulnerability in Splunk Enterprise (CVE-2026-20253), actively exploited in the wild, affecting enterprise security. The flaw, categorized under CWE-306, allows attackers to create or delete arbitrary files without authentication, risking operational disruption and further compromise. Federal agencies must remediate this vulnerability by June 21, 2026, with immediate actions including patching, exposure assessment, and forensic analysis recommended for all organizations. CISA warns that exploitation could enable attackers to manipulate system configurations or bypass security measures, emphasizing the importance of rapid response to prevent widespread damage. Underlying Problem CISA has issued a high-priority…

Summary Points Attackers use IPv4-mapped IPv6 address obfuscation to bypass security controls, hiding malicious links within complex notations. The malicious URL is constructed to appear legitimate while exploiting address notation tricks, leading to secondary phishing sites. The final stage involves redirecting to a phishing kit hosted on a seemingly benign domain, increasing the risk of credential theft. Threat Overview, Attack Techniques, and Targets The threat involves a phishing email targeting a major Belgian bank. The attackers use a clever trick to hide malicious links. They employ IPv4-mapped IPv6 addresses in URLs. This trick helps them bypass simple security checks that…

Quick Takeaways Oracle’s Critical Security Patch Update (CSPU) releases 245 fixes across multiple products, emphasizing rapid, targeted security improvements to reduce disruption. Major concerns focus on high-severity, remote, unauthenticated exploits in products like WebLogic Server, Coherence, and PeopleSoft, with some already actively exploited. Vulnerabilities in end-of-support Fusion Middleware and other enterprise components pose significant risks, especially during extended support periods. Experts warn that unconfirmed exploits don’t mean safety; attackers quickly reverse engineer advisories, highlighting the importance of proactive patching over waiting for proof of active threats. Key Challenge The recent Oracle Critical Security Patch Update (CSPU) released this week addressed…

Summary Points Authorities across multiple countries executed Operation Endgame, dismantling SocGholish’s infrastructure by seizing 106 servers and 101 domains, remediating nearly 15,000 infected websites globally. SocGholish, a sophisticated malware framework linked to Evil Corp, infects WordPress sites with malicious JavaScript, leading to ransomware, RATs, and info-stealers, exploiting over 43% of all websites. The operation involved collaborating law enforcement agencies, including the FBI, NHTCU, RCMP, and BKA, who removed malware, notified owners, and advised immediate security measures like credential changes and MFA activation. This takedown marks a major blow to cybercriminal networks, with authorities emphasizing ongoing efforts to target SocGholish operators…

Microsoft’s end-to-end security platform, integrated with AI agents, significantly reduces breach likelihood (up to 30%), incident remediation costs (up to 25%), and annual tech expenses (up to 23%), delivering a $16.6M NPV and 124% ROI over three years. Consolidation into a unified platform enhances decision speed, reduces operational friction, and enables scalable defense efforts with automation, self-service, and AI-powered insights, improving security team efficiency. The evolving security landscape emphasizes embedding security across all AI layers—identity, data, endpoints, and emerging attack surfaces—making security a core primitive of the AI infrastructure. Microsoft’s platform is built for the agentic era, unifying security operations…

Fast Facts Authorities worldwide dismantled a major cybercriminal operation, disrupting Evil Corp’s SocGholish botnet, which has been active since 2017. The takedown involved shutting down 106 servers, remediating nearly 15,000 infected sites, and disabling the malware infrastructure across multiple countries. SocGholish, linked to Evil Corp, primarily targeted WordPress sites and enabled criminals to inject malware, redirect users via Traffic Distribution Systems, and facilitate ransomware and espionage activities. The operation was part of broader multinational efforts (Operation Endgame and Riptide) to combat cybercrime, with authorities warning of ongoing use of TDS for malicious network intrusions and scams. Underlying Problem On Thursday,…

Essential Insights Threat actors now exploit exposed Fortinet credentials to gain unauthorized access, manipulate firewall rules, and stage attacks like ransomware or data exfiltration, leveraging tools such as Chisel and Neo-reGeorg for lateral movement. The campaign uses stolen credentials from compromised FortiGate devices—many stored as weak SHA-256 hashes—to launch widespread attacks across 194 countries, with active underground trading and utilization by sophisticated state-linked actors. Organizations face critical risks including network infiltration, persistent backdoors, and supply chain exposure; immediate actions include credential rotation, patching to fixed FortiOS versions, and enhanced access controls. The Threat, Attack Techniques, and Targets The FortiBleed campaign…

Summary Points A critical vulnerability in FIFA’s Microsoft Entra environment allowed a hacker to access and control the entire World Cup broadcast infrastructure, including live streams and match management systems. The breach exploited superficial client-side access controls, enabling the hacker to bypass restrictions and reach sensitive backend systems crucial for tournament operations. This could have led to severe consequences like broadcasting disruption, data manipulation, or live misinformation—highlighting the flaws in FIFA’s cybersecurity practices. FIFA’s lack of proper vulnerability reporting channels impeded immediate response, requiring intervention from CISA and the FBI to address the security lapse. Security Flaw Lets Hackers Control…

Top Highlights Attackers can exploit remote unauthenticated vulnerabilities in NGINX (CVE-2026-42530 and CVE-2026-42055) to execute arbitrary code, especially on systems with disabled ASLR or misconfigured headers. Exploitation involves manipulating HTTP/3 sessions or large headers via specific NGINX modules, enabling remote code execution. Critical vulnerabilities have already been exploited in the wild, as seen with recent active attacks on similar NGINX flaws like CVE-2026-42945 (NGINX Rift). Threats, Attack Techniques, and Targets F5 has announced two critical vulnerabilities in NGINX Open Source that could be exploited for remote code execution. The first, CVE-2026-42530, is a use-after-free flaw in the ngx_http_v3_module. Attackers can…