A critical authentication bypass vulnerability (CVE-2026-24061) in the GNU InetUtils telnet daemon (telnetd), affecting versions 1.9.3 through 2.7, allows remote attackers to gain root by supplying a crafted USER environment value. The flaw, introduced in 2015 and reported in January 2026, is being actively probed in the wild and should be…
Tag: SSO
Researchers disclosed a new ransomware family called Osiris that struck a major food service franchisee in Southeast Asia in November 2025, leveraging a custom driver named POORTRY in a BYOVD-style attack to disable security and exfiltrate data to Wasabi cloud buckets. Osiris uses hybrid per-file encryption, can stop services and kill…
Worldleaks claims to have compromised Nike, Inc. in the United States, exfiltrating data and deploying ransomware to encrypt corporate systems. The actor threatens to publish stolen information and demands a ransom to prevent disclosure.
#UnitedStates
A cyber threat actor named “iProfessor” claims to have breached CallOnDoc, exposing over 1.14 million patient records. The data includes sensitive medical conditions and is offered for sale on the dark web. #CallOnDoc #DataBreach…
Curl is ending its HackerOne bug bounty program due to a surge of low-quality, often AI-generated vulnerability reports that overwhelmed the small maintenance team. The project will stop offering monetary rewards, accept HackerOne submissions only until January 31, 2026, and move to direct GitHub reporting thereafter. #curl #HackerOne
TU Graz researchers have revived Linux page cache attacks and demonstrated they are far more practical and dramatically faster than prior work, affecting kernel versions from 2003 to the present. The techniques enable precise password-prompt detection, synchronized phishing overlays, inter-keystroke timing, cross-container spying in Docker, and site-identification via Firefox resources, and…
The article compares Stranger Things’ Upside Down to modern enterprise attack surfaces, warning that unmanaged IT, OT, IoT, and cloud assets act as unseen portals for threats like the Mind Flayer and Demogorgon. It calls for continuous visibility, remediation prioritization, IT/OT segmentation, and cross-functional teamwork to detect and stop threats before…
A critical Fortinet SSO vulnerability, CVE-2025-59718, is being actively exploited against systems believed to be patched, with breaches reported on FortiOS 7.4.9. Administrators are urged to disable FortiCloud SSO via CLI and audit for unauthorized forticloud-sso logins, new admin accounts, and configuration exports to mitigate the persistent “Zombie” vulnerability. #CVE-2025-59718 #FortiOS…
This article describes a novel AI-augmented attack where a benign webpage requests code from trusted LLM APIs, assembles malicious JavaScript in-browser at runtime, and renders personalized phishing pages that evade network-based detection. The report demonstrates a proof-of-concept that leverages prompt engineering and polymorphic LLM-generated code to bypass guardrails and recommends runtime…
Remcos and NetSupport Manager were deployed via a multi-stage infection chain that relied exclusively on Windows built-in utilities (LOLBins) to evade detection and persist. The attack used forfiles, mshta, PowerShell curl and tar, scripting engines, and stealthy registry persistence before Malwarebytes detected and blocked the intrusion. #Remcos #NetSupportManager…
A new, distinct ransomware family called Osiris was used in a November 2025 attack against a major food service franchisee in Southeast Asia, employing hybrid ECC+AES-128-CTR encryption, VSS deletion, and a variety of living-off-the-land and dual-use tools. The intrusion included data exfiltration to Wasabi buckets, use of a Mimikatz build named kaz.exe, and deployment of a malicious signed driver (Poortry/Abyssworker) consistent with a BYOVD defense‑impairment tactic. #Osiris #Poortry
Arctic Wolf warns of a new cluster of automated malicious activity beginning January 15, 2026, that involves unauthorized configuration changes on Fortinet FortiGate devices. Threat actors exploited CVE-2025-59718 and CVE-2025-59719 to bypass FortiCloud SSO, create persistent admin accounts, export firewall configurations, and grant VPN access; operators are advised to disable admin-forticloud-sso-login….
BlackSuit is an evolution of the Royal ransomware family active since at least May 2023, using phishing for initial access, extensive data exfiltration, a double-extortion model, and a configurable partial-encryption approach to speed encryption and reduce detection. AttackIQ released an emulation based on CISA and DFIR reporting to help organizations validate…
Midway Windows and Doors in the United States reported a ransomware incident attributed to threat actor ‘play’, resulting in system encryption and disruption to operations. The claim identifies the United States as the target and notes potential data exposure associated with the attack by ‘play’ #UnitedStates
Episode 4 of the Charming Kitten / APT35 leaks exposes not sophisticated zero-day exploits but the bureaucratic infrastructure—spreadsheets, invoices, crypto receipts, hosting accounts, and one-time ProtonMail identities—that fund, procure, and maintain Iranian cyber operations. The documents tie APT35’s procurement and payment chains to Moses Staff’s leak domains and operational tooling, showing micro-crypto payments via Cryptomus, recurring European VPS providers (EDIS, Impreza), and repeatable, auditable workflows that convert state intent into persistent infrastructure. #APT35 #MosesStaff