Rhysida and Interlock sit inside the same ransomware supply chain, but their latest observed behavior shows a more nuanced relationship than simple code reuse. IBM X-Force’s long-term analysis ties both groups to initial access brokers, private crypters, downloaders, and backdoors…
Tag: EN
Cisco SD-WAN vManage Vulnerability Exploited in Zero-Day Attacks
Cisco has disclosed a critical security issue in its Catalyst SD-WAN Manager (formerly vManage) that is now being actively exploited in zero-day attacks, raising concerns for enterprise network environments worldwide. The vulnerability, tracked as CVE-2026-20262, is an arbitrary-file-write flaw in…
LiteSpeed cPanel Plugin 0-Day Vulnerability Actively Exploited in the Wild
A critical zero-day vulnerability in the LiteSpeed cPanel user-end plugin is being actively exploited in the wild, posing a serious threat to shared hosting environments worldwide. The flaw, tracked as CVE-2026-54420, enables privilege escalation to root level, allowing attackers to…
Hackers Abuse Legitimate RMM Tools in The Quarry IRS and SSA Phishing Campaigns
A wave of phishing campaigns targeting American taxpayers has been traced back to a single, highly organized cybercrime operation known as The Quarry. What appeared to be dozens of unrelated incidents impersonating the IRS, Social Security Administration, and platforms like…
GitHub releases an open dataset for multilingual developer content
Developers coordinate code across README files, issue threads, and pull request discussions. Much of that exchange happens in English, and a large share happens in other languages. GitHub has released a dataset built to help researchers and developers locate public…
Russian and Chinese Actors Use AI Translation and Visual Content in Malign Influence Operations
AI is reshaping foreign malign influence operations in subtle but consequential ways. Our analysis of pro-Russia and pro-China inauthentic accounts on X across 2024–2026 shows actors are not leveraging AI primarily to flood platforms with volume. Instead, they are using…
CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 18, 2026. The…
Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw
Cisco has released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-20262, carries a CVSS score of 6.5 out of 10.0. “A vulnerability in…
Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks
Cisco recently became aware of the exploitation of CVE-2026-20262, a Catalyst SD-WAN Manager zero-day that allows arbitrary file write. The post Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Reachability makes AI threat modeling worth the trust
In this interview with Help Net Security, Oscar Andersson, CTO at Oplane, explains why most scanning tools fail. They cry wolf, flagging threats that cannot run in real code. The argument centers on reachability. A finding counts only when someone…
Unveiling ErrTraffic: inside a growing ClickFix malware distribution framework
This article was originally distributed as a private report to our customers on 2 June 2026. Table of contents Introduction ErrTraffic: ClickFix framework leveraging EtherHiding Malware-as-a-Service operations on Exploit.IN ErrTraffic advertising by LenAI Alleged ErrTraffic affiliates on Exploit.IN ErrTraffic clusters…
PRC-Nexus Hackers Abuse REDCap Servers to Monitor US Medical Research Organizations
A sophisticated, long-running cyberespionage campaign attributed to UNC6508, a People’s Republic of China (PRC)-nexus threat actor, that systematically targets North American academic, medical, and military research institutions. The campaign, active since at least September 2023, remained undetected for over a year while…
The Gentlemen RaaS Scales to 166 Victims as Ransomware Groups Compete for Affiliates
Two new Ransomware-as-a-Service (RaaS) entrants publicly recruited affiliates, underscoring a rapid reconsolidation of the ransomware market and a sharpening competition for skilled operators. An actor using the handle hyflock123 posted a recruitment thread on Duty-Free on May 14 claiming prior…
EU Cybersecurity Act 2.0: When good regulation goes bad
Over recent years we’ve witnessed the EU becoming increasingly serious about cybersecurity. After years of watching high profile breaches, many resulting from supply chain attacks targeting our critical infrastructure, that seriousness is welcome. But good intentions and good policy are…
Microsoft Website Displays Security Warning After Certificate Expiry
Microsoft has triggered widespread browser security warnings after allowing the TLS certificate for a critical Microsoft 365 connectivity testing domain to expire, raising concerns over certificate lifecycle management practices. The affected domain, connectivity.office.com, widely used by system administrators and enterprise…
Hackers Use The Quarry PhaaS Ecosystem to Target U.S. Victims With IRS Phishing
A single developer-known online as RockyBelling has assembled a highly modular PhaaS/MaaS ecosystem that affiliates worldwide use to launch highly targeted IRS and SSA-themed phishing campaigns that predominantly hit U.S. victims. SOCRadar research spanning April 2025–April 2026 ties almost 200…
The rise of machine identities and agentic AI: Securing trust in the next era of digital autonomy
In the latest episode of Identity Insider, I sat down with Chris Hughes, a cybersecurity expert who’s involved in OWASP’s work on non-human and machine identity security. Unsurprisingly, our discussion centered on the rapidly changing cybersecurity landscape, driven by the…
Microsoft 365 Copilot Vulnerability Exposes Sensitive Data Through One-Click Attack
Microsoft 365 Copilot has been found vulnerable to a critical one-click data exfiltration attack chain dubbed “SearchLeak,” exposing sensitive enterprise data through a combination of AI-specific and traditional web vulnerabilities. Discovered by Varonis Threat Labs, the flaw, tracked as CVE-2026-42824…
EvilTokens: A phishing attack that doesn’t steal your password
A phishing kit subverting Microsoft’s legitimate authentication flow lets attackers break into accounts without stealing passwords or creating fake login pages This article has been indexed from WeLiveSecurity Read the original article: EvilTokens: A phishing attack that doesn’t steal your…
A $2 trillion revenue shift hinges on AI data governance
Across large enterprises, a single question keeps surfacing when teams want to put customer data to work. Can this record be used for a given purpose, and does the consent behind it still hold? The data sits in warehouses and…