Context Sekoia’s Threat Detection & Research (TDR) team has been tracking APT28 for several years. The intrusion set, also known as Fancy Bear, Forest Blizzard, Sofacy, Pawn Storm or Sednit and publicly attributed to the GRU’s Unit 26165, is one…
Tag: EN
Cybercriminals Exploit Chinese Guarantee Markets to Sell Stolen Credentials
Chinese-language “guarantee” marketplaces hosted mainly on Telegram have become a core conduit for buying, selling, and laundering stolen credentials and a wide range of criminal services. These platforms modeled explicitly on consumer escrow systems such as Alipay’s 担保交易 (dānbǎo jiāoyì)…
Big Patch Tuesday, ‘Nightmare Eclipse’ drops Windows 0-day, Claude Fable restricted at Microsoft
Patch Tuesday for the books ‘Nightmare Eclipse’ drops Windows 0-day Claude Fable restricted at Microsoft Get the show notes here: https://cisoseries.com/cybersecurity-news-big-patch-tuesday-nightmare-eclipse-drops-windows-0-day-claude-fable-restricted-at-microsoft/ Thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email, a…
Cyber-Attack Disrupts Exams At Bucks School
Great Marlow School closes for most students after suspected hack affects ICT system, leading to delay for internal exams This article has been indexed from Silicon UK Read the original article: Cyber-Attack Disrupts Exams At Bucks School
Hackers Abuse VMware-Signed Binary to Deploy NIGHTFORGE Loader
Two closely related espionage campaigns targeting Cambodian government organizations that abuse a legitimate VMware-signed binary to sideload a custom loader dubbed NIGHTFORGE, which in turn deploys a Havoc Demon implant in memory. TRU attributes both operations to a previously unreported…
Every employee’s password was stored in a single Excel file
The CEO thought this was the best way to deal with some email issues This article has been indexed from www.theregister.com – Articles Read the original article: Every employee’s password was stored in a single Excel file
Microsoft Patches Exploited Exchange Server Vulnerability
The company warned about zero-day attacks exploiting the Exchange Server vulnerability CVE-2026-42897 on May 14. The post Microsoft Patches Exploited Exchange Server Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Microsoft Patches…
GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
GitHub has announced what it said are “breaking changes” coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the “npm…
China-Linked JDY Botnet Hijacks 1,500+ IoT Devices for Rapid Exploits
A significant resurgence of the JDY botnet, a covert reconnaissance network tied to China-nexus threat activity. Once a component of the larger KV-botnet ecosystem, JDY has expanded to more than 1,500 compromised small office/home office (SOHO) and Internet of Things…
GitLab Patches Multiple Vulnerabilities Allowing Account Takeover
GitLab has released security updates for GitLab CE/EE and EE that patch multiple vulnerabilities, including several high‑impact flaws that could lead to account takeover, data exposure, and denial of service if left unpatched. Administrators are strongly advised to upgrade to…
Hackers Exploit AWS CloudTrail and Google Cloud Logging to Hide Attacks and Steal Logs
Threat actors increasingly abuse Amazon Web Services (AWS) CloudTrail and Google Cloud Logging to evade detection, poison or exfiltrate logs, and in some cases maintain long-term visibility into victim environments. The techniques are simple in concept, powerful in effect, and…
Threat actors are recruiting the people who hold cloud logins
Companies keep most of their data and applications in cloud platforms that anyone can reach with the right login. That setup turns each employee holding those credentials into a security variable, and members of the cybercrime underground have built methods…
PoC Exploit Released for Linux Kernel Guest-to-Host Escape Vulnerability
A proof-of-concept (PoC) exploit has been publicly released for a critical Linux kernel vulnerability, tracked as CVE-2026-46316, enabling guest-to-host escape in KVM/arm64 environments. The flaw, dubbed “ITScape” by security researcher Hyunwoo Kim (V4bel), affects the Kernel-based Virtual Machine (KVM) subsystem…
Making the cloud prove it followed your privacy wishes
Making companies that store personal data in cloud key-value databases handle deletion requests by running the operation and confirming the job is complete. The people making those requests and the regulators overseeing them have had limited means to confirm the…
Ivanti Command Injection Flaw Exploited After PoC Code Release
Ivanti Sentry is facing active exploitation attempts following the public release of proof-of-concept (PoC) code targeting a critical OS command injection vulnerability tracked as CVE-2026-10520. The flaw, along with a second critical issue (CVE-2026-10523), was disclosed by Ivanti on June…
Prompt injection still drives most agentic AI security failures in production
A backdoor sat on PyPI for three hours in March 2026. Nearly 47,000 downloads occurred during the window. The compromised package, LiteLLM, serves as the language-model gateway for CrewAI, DSPy, Microsoft GraphRAG, and dozens of other AI agent frameworks. Anyone…
Anthropic’s Claude Fable 5 AI Model Jailbroken for Stack Exploit Creation
Anthropic’s latest AI release, Claude Fable 5, is facing scrutiny after claims emerged that researchers have successfully jailbroken the model to generate sensitive and potentially harmful outputs, including guidance relevant to exploit development and illicit activities. The development raises fresh…
Ivanti Endpoint Manager Mobile Vulnerability Enables Remote Code Execution Attacks
A high-severity vulnerability, CVE-2026-6973, in Ivanti Endpoint Manager Mobile (EPMM) could allow authenticated attackers to achieve remote code execution by injecting malicious Apache configuration directives. The flaw, assigned a CVSS score of 7.2, is classified as a configuration control vulnerability…
X Square Robot open sources its robot-free data collection framework
Companies building robots for physical work spend large amounts of time and money operating machines by hand to gather training examples. Each session with a physical robot produces a small number of demonstrations per day, which slows the growth of…
SMB cyber-readiness: What makes or breaks it
A company that’s expecting a cyberattack but hasn’t actively prepared for it risks making the hardest decisions at the worst possible moment This article has been indexed from WeLiveSecurity Read the original article: SMB cyber-readiness: What makes or breaks it