
FortiBleed, the Fortinet credential theft campaign, is now connected to INC Ransom and Lynx, with a Nextcloud zero-day vulnerability also under investigation.


What’s a Why-Not Report? It hearkens back to the days of old. When we could read about the downside of vendors, instead of regurgitating marketing. A whynot report is a negative intelligence report focused on negative historical vendor events, weaknesses, failure patterns, and competitive disadvantages, essentially answering “why not” this vendor as a curiosity of…

404 Media reports that a researcher has found a vulnerability in Apple’s Hide My Email feature that could allow someone to discover a person’s real email address. That’s especially concerning because protecting your real email address is exactly what the feature is designed to do. 404 Media did not publish technical details of the vulnerability…

ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices. A single mistake can install malware that steals passwords and other sensitive data, gives attackers remote access to your computer, or downloads additional malware…
Jamf this week unveiled Beacon, a threat-hunting service that aims to provide dedicated, proactive detection and analysis of Mac threats. The new security tool relies on Jamf’s Mac telemetry, which equips Jamf Threat Labs with the kind of deep visibility it needs to hunt for Apple-specific attacks, anomalous activity and suspicious behaviors. Security is always a…
The Fourth of July weekend brings tons of sales on top laptops we’ve reviewed, from Apple, Acer, Lenovo, and more.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Microsoft SharePoint Server flaw, tracked as CVE-2026-45659 (CVSS score v3.1 of 8.8), to its Known Exploited Vulnerabilities (KEV) catalog. At the end of May, Microsoft released security updates…

In this post, I will show you how an SPF Record can instantly improve your email deliverability. The Sender Policy Framework (SPF) is an essential email authentication system aimed at preventing email spoofing and enhancing the chances of email delivery. Essentially, an SPF record is a specific type of TXT record within the Domain Name…
In this post, I will give you the DMARC Generator Guide and show you how to create, check, and publish DMARC records. Email security is no longer optional in today’s threat landscape, making DMARC an essential component of domain protection. This guide explains how to create, check, validate, and publish DMARC records using a DMARC…

A 19-year-old alleged member of the Scattered Spider extortion crew was extradited to the United States last week and remains in federal custody awaiting several cybercrime charges, the Justice Department said Wednesday. Peter Stokes, a dual citizen of the United States and Estonia, was allegedly involved in Scattered Spider since it formed in 2022 and…
Fourth of July weekend is almost here, and there are plenty of deals to celebrate.
This week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through. This is not one big break. It is small permissions, weak checks, open systems, and normal…
Several industry groups have raised public safety concerns about consumer plug-in solar kits. If in doubt about your installation, here’s what to do.
From gadgets to streaming, these are the top tech gadgets and useful items our readers actually purchased in June.
ConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA bypass tactics work and how to defend against them. […]

A suspected Scattered Spider member has been extradited to the United States to face charges linked to cyberattacks against U.S. companies, including the breach of a luxury jewelry retailer that led to an $8 million cryptocurrency ransom demand after attackers stole company data. The retailer’s security team removed the attackers from its network before any…
HP’s OmniBook Ultra 14 combines a sleek design and OLED display with the kind of performance professionals appreciate.

The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that’s designed to gain surreptitious access to a victim’s email correspondence via the Google API. “In this campaign, the attackers focused their attention on corporate email communications hosted on Gmail, targeting access compromise via APIs,” Kaspersky said in a detailed…

iboss has launched the AI Security Platform, a new service that gives any organization visibility into the AI tools its people are using, free of charge. Signup is instant, deployment takes an afternoon, and a complete AI footprint appears within hours. Organizations that want to go beyond visibility can upgrade on the same platform to…

Rarlab has released a new version of the popular WinRAR tool to patch a vulnerability that can be abused in remote code execution attacks. The issue is fixed in WinRAR 7.23, but users must install the new version manually because WinRAR still does not offer automatic updates. They also need to make sure they download…

Cloudflare introduced new controls that let website owners manage AI traffic across three categories: Search, Agent, and Training. The feature is available to all Cloudflare customers, including those on the Free plan, and gives website owners more control over how different types of AI crawlers access their content. “Content owners still want to be able…

In this post, I will show you what to do before you automate your RFP process. The pitch for RFP automation is compelling: respond faster, reuse content intelligently, reduce the burden on subject matter experts, and free your best people to focus on strategy rather than formatting. All of that is true – when automation…

Identity lifecycle management was architected around a person with an employment record, a manager, and a departure date. AI agents have none of those. As autonomous principals proliferate across enterprise environments, the governance model built for humans develops structural blind spots that traditional IGA tools weren’t designed to detect. This guide covers where that model…
Initially launched in November 2023, Microsoft 365 Copilot brings a range of generative AI (genAI) features to Microsoft Office productivity apps, such as Word, Outlook, Teams, and Excel. With capabilities ranging from quick meeting summaries to in-depth data analysis, it’s available via a paid add-on license for Microsoft 365 enterprise and small-business customers. Initially hampered by underwhelming capabilities and a hefty price tag…

Ivanti is expanding its partner strategy in the Americas with a renewed focus on distribution, partner recruitment, and services-led growth as demand for endpoint management continues to rise. Andrew King, vice president of Americas partner sales at Ivanti, told Channel Insider the company is prioritizing a more unified channel motion after years of acquisitions brought…

A newly disclosed vulnerability in Argo CD is drawing attention to the security risks of GitOps platforms, with researchers warning that the flaw could allow attackers who gain a foothold inside a Kubernetes cluster to execute code and manipulate application deployments. Security firm Synacktiv said in a report that the flaw affects Argo CD’s repo-server…
CISA warned on Wednesday that attackers have begun exploiting a high-severity Microsoft SharePoint remote code execution vulnerability patched in May. […]

FortiBleed exposed 430,000 FortiGate firewalls, linked to INC Ransom and Lynx, enabling domain compromise and at least 12 ransomware attacks. SOCRadar’s Threat Research Unit has connected FortiBleed, a large-scale campaign that harvested credentials from over 430,000 FortiGate firewalls worldwide, directly to two active ransomware operations: INC Ransom and Lynx. The link isn’t circumstantial. An operator…

Adobe fixed multiple critical flaws, including max severity bugs in ColdFusion and Campaign Classic that could lead to remote code execution Adobe has released security updates for ColdFusion and Campaign Classic, fixing multiple critical vulnerabilities, including seven maximum-severity issues (CVSS score of 10.0). If exploited, the flaws could allow attackers to execute arbitrary code, escalate…

Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent. Its Threat Research Team calls the operator JADEPUFFER and says a large language model handled the whole job: breaking in, stealing credentials, moving deeper into the network, then encrypting and wiping a company’s…
A dual United States and Estonian citizen has been extradited to the U.S. to face charges alleging he was a member of the Scattered Spider hacking collective. […]

Alleged Scattered Spider member Peter Stokes, 19, was extradited from Finland to the U.S. over hacking, fraud, and extortion charges. Peter Stokes, 19, an alleged Scattered Spider member known online as “Bouquet,” has been extradited from Finland to the U.S. to face hacking, fraud, and extortion charges. Prosecutors say he took part in multiple cyberattacks,…
If you tend to copy/paste content from websites, you might be surprised to find yourself under the thrall of a ClickFix attack, but Opera has a solution to fix it before you click it.

The recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were intended for follow-on intrusions. “An operator tied to FortiBleed’s infrastructure was found actively working negotiation panels for both groups, tying mass FortiGate credential theft directly to ransomware deployment
Opera has launched Paste Protect, a clipboard protection feature designed to prevent clipboard-based attacks such as hijacking and pastejacking. Paste Protect includes built-in protection and warnings against ClickFix-based cyberattacks, which accounted for more than half of malware-delivery attacks in 2025. The feature is built into Opera’s desktop browsers and is enabled by default, so users…
In 2025, the conversation around post-quantum cryptography (PQC) focused on accelerating adoption and the need for deeper discovery of encryption to improve security pre- and post-PQC migration. The picture in 2026 is starting to reshape, though. Government and standards bodies are pushing organizations toward PQC migration now and not later, and providers are accelerating timelines…
Cynomi’s latest AI report suggests MSPs aren’t asking whether AI matters anymore; they’re trying to figure out how to survive, sell, and stay useful in an AI-heavy world. Managed service providers (MSPs) have moved past early experimentation with AI and are now wrestling with more practical questions around security, customer expectations, and business strategy, according…
Last Updated on July 2, 2026 Bundled Page This page requires JavaScript to display. AI THREAT INTELLIGENCE Unpacking…
Business leaders are rightly focused on protecting profits today.
Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in Python proof-of-concept (PoC) repositories on GitHub that claim to exploit hot new CVEs. Run one, and it quietly lifts your saved passwords, browser cookies, and files, then hands the…
FRANKFURT, July 1, 2026, CyberNewswire – Link11, a leading European provider of cloud-based cybersecurity solutions, today announced the launch of its completely rebuilt Layer 3/4 DDoS mitigation solution, designed to address the growing complexity of modern network attacks. Today’s DDoS attacks are not just simple volume or protocol attacks anymore. They can originate from compromised…

In this interview with Help Net Security, IGEL CTO Matthias Haas explains why backups alone do not equal recovery. He makes the case that endpoint recovery is often overlooked, leaving organizations exposed when thousands of devices go down at once. Haas walks through what a well-planned recovery looks like, where the bottlenecks appear, and why…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-45659 (CVSS score: 8.8), is a case of remote code execution arising from the deserialization of untrusted data. The issue
Hacking gear that once sat in well-funded labs now ships to anyone with a credit card and a video tutorial. Frank Riccardi builds his consumer guide, CTRL+ALT+PWN: The Hacker’s Playbook (And How to Beat It), on that one condition. He spent twenty-five years in healthcare compliance and privacy, leading the response to breaches and ransomware,…

Corporate networks keep sensitive files off individual workstations and store them on shared servers that staff reach through mapped network drives. That arrangement hands ransomware operators a target worth chasing. A single compromised laptop can begin encrypting files that live on a server across the building, and the encryption travels over the network as ordinary…

Open-source maintainers are receiving more vulnerability reports than they can act on, and a rising share now comes from an AI system working at machine speed. Over roughly two months this spring, Anthropic’s Claude Mythos Preview combed through more than 23,000 open-source code paths and routed verified findings to the projects that own them. Tuskira…
GitHub’s Open Source Program Office (OSPO) uses the new GitHub License Compliance feature, now in public preview, to manage thousands of open-source dependencies and identify dependencies whose licenses require review. The feature is available to GitHub Advanced Security customers and allows them to review new dependencies in pull requests, verify that their licenses comply with…
Logicalis, the global technology service provider, has announced it has achieved Microsoft Frontier Partner status, alongside its Microsoft Copilot specialisation,…
Native PromQL, out-of-the-box Kubernetes agentic investigations, and automated migration from Datadog and Grafana — all in the platform SREs already run for logs.
Private Cloud+ is a hybrid private cloud powered by Dell infrastructure and operated by DXC OASIS, built for enterprises and governments running sensitive and regulated…
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Six industry-leading partners — Accenture, Cirrus, Deloitte, Route 101, and TTEC— named as inaugural AI Specialization partners under the NiCE 360 Partner Program
Global study reveals 1 in 2 organisations in Australia and New Zealand deploy autonomous AI agents with little to no governance, while 85% of employees admit they are unlikely…

Researchers have discovered two vulnerabilities in the widely used Cursor AI-enabled integrated development environment (IDE) that can be exploited through prompt injection to achieve remote code execution (RCE). The two flaws, tracked as CVE-2026-50548 and CVE-2026-50549, allow attackers to break out of Cursor’s command execution sandbox, the protective layer that’s supposed to prevent the internal…
A report from SunWiz shows a record 221,000 residential solar battery systems were installed in 2025, three times the installations of 2024. In total, the year delivered 4,790…
For nearly a decade, the Australian Signals Directorate’s Essential Eight has served as one of the most practical and realistic cybersecurity frameworks available. It provided…

Microsoft this week tried to address the growing challenges surrounding notetaker bots in meetings by giving IT better control over them. Microsoft’s announcement said that users of Microsoft Teams will be able to block non-Microsoft bots “even in meetings where organizers allow participants to bypass the lobby.” When the feature is enabled, Teams automatically detects…
Hitachi Vantara recognized for automated policy enforcement, including policy automation and classification capabilities, immutable object lock, retention and tiering policies,…
As Australian organisations embark on a new financial year, many are reviewing technology roadmaps, workplace strategies and operational priorities. While the debate over the…