Fake enterprise VPN sites used to steal company credentials
A threat actor tracked as Storm-2561 is distributing fake enterprise VPN clients from Ivanti, Cisco, and Fortinet to steal VPN credentials from unsuspecting users. The attackers…
Author: Cybernoz
Apple Released Emergency Updates for iOS 15.8.7 to Thwart ‘Coruna’ Exploit Kit
Apple Released Emergency Updates iOS 15.8.7 Apple has rolled out an emergency security update, iOS 15.8.7 and iPadOS 15.8.7, to protect older devices from a…
Iran War Bait Fuels TA453, TA473 Phishing Campaigns
TA453, TA473, and several emerging threat clusters are exploiting breaking news about the Iran war to run highly targeted phishing campaigns against governments and policy…
Hackers Use Cloudflare Human Check to Hide Microsoft 365 Phishing Pages
Most of us have clicked the familiar “prove you are human” box from Cloudflare while browsing the web. Now attackers are using that same security…
Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation
Ravie LakshmananMar 13, 2026Linux / Vulnerability Cybersecurity researchers have disclosed multiple security vulnerabilities within the Linux kernel’s AppArmor module that could be exploited by unprivileged…
Vulnerability reports: Increase in quantity, decrease in quality?
The concept of the bug bounty is relatively simple: a researcher probes networks and applications for potential vulnerabilities, finds one, and reports it to the…
US medical device maker Stryker’s Microsoft environment attacked
An Iranian-linked hacking group has claimed responsibility for a destructive cyberattack on US-based medical device and services provider Stryker, according to messages posted to the…
Securing Unstructured Data in the Era of AI
Beyond File Servers: Securing Unstructured Data in the Era of AI Pierluigi Paganini March 13, 2026 File servers still exist for legacy storage and governance,…
Telus Digital hit with massive data breach
In other words, he said, the systems likely trusted the attacker, noting that, based on publicly available details, this incident aligns with a growing class…
Third-Party Risk Statistics
Key Takeaways Third-party risk is escalating. In 2024, 30% of breaches involved a third-party vendor, twice as much as the previous year. Static assessments are…
Remote Monitoring and Management Tools: A Gateway for Bulk Attacks on MSP Customers, Pt. 2
In mid-June, Huntress saw an incident where a threat actor compromised an MSP’s Remote Monitoring and Management (RMM) tool in an attempt to target three…
AppsFlyer Web SDK hijacked to spread crypto-stealing JavaScript code
The AppsFlyer Web SDK was temporarily hijacked this week with malicious code used to steal cryptocurrency in a supply-chain attack. The payload can intercept cryptocurrency…