Zeljka Zorz
Okta users under attack: Modern phishing kits are turbocharging vishing attacks
Threat actors who specialize in vishing (i.e., voice phishing) have started using phishing kits that can intercept targets’ login credentials while also allowing …
Energy sector orgs targeted with AiTM phishing campaign
Organizations in the energy sector are being targeted with phishing emails aimed at compromising enterprise accounts, Microsoft warns. The attack campaign The attacks started …
Fully patched FortiGate firewalls are getting compromised via CVE-2025-59718?
CVE-2025-59718, a critical authentication bypass flaw that attackers exploited in December 2025 to compromise FortiGate appliances, appears to persist in newer, purportedly …
RCE flaw in Cisco enterprise communications products probed by attackers (CVE-2026-20045)
Cisco has fixed a critical remote code execution vulnerability (CVE-2026-20045) in some of its unified communications solutions that’s being targeted by attackers in the …
RansomHub claims alleged breach of Apple partner Luxshare
Chinese electronic manufacturer and Apple partner Luxshare Precision Industry has allegedly been breached by affiliates of the RansomHub ransomware-as-a-service outfit. …
Linux users targeted by crypto thieves via hijacked apps on Snap Store
Cryptocurrency thieves have found a new way to turn trusted software packages for Linux on the Snap Store into crypto-stealing malware, Ubuntu contributor and former Canonical …
Initial access broker pleads guilty to selling access to 50 corporate networks
A 40-year-old Jordanian man has admitted to selling unauthorized access to computer networks of at least 50 companies, the US Attorney’s Office of the District of New …
Fake browser crash alerts turn Chrome extension into enterprise backdoor
Browser extensions are a high-risk attack vector for enterprises, allowing threat actors to bypass traditional security controls and gain a foothold on corporate endpoints. …
Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393)
Cisco has finally shipped security updates for its Email Security Gateway and Secure Email and Web Manager devices, which fix CVE-2025-20393, a vulnerability in the …
Sensitive data of Eurail, Interrail travelers compromised in data breach
A data breach at the Netherlands-based company that sells Eurail (Interrail) train passes resulted in the compromise of personal and sensitive information belonging to an …
PoC exploit for critical FortiSIEM vulnerability released (CVE-2025-64155)
A critical vulnerability (CVE-2025-64155) in Fortinet’s FortiSIEM security platform has now been accompanied by publicly released proof-of-concept (PoC) exploit code, raising …
Browser-in-the-Browser phishing is on the rise: Here’s how to spot it
Browser-in-the-Browser (BitB) phishing attacks are on the rise, with attackers reviving and refining the technique to bypass user skepticism and traditional security controls. …
Featured news
Resources
Don't miss
- FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616)
- Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093)
- Claude Code source leak exploited to spread malware
- Trivy supply chain attack enabled European Commission cloud breach
- Microsoft releases open-source toolkit to govern autonomous AI agents