China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks

A China-linked advanced persistent threat (APT) actor has been targeting critical telecommunications infrastructure in South America since 2024, targeting Windows and Linux systems and edge devices with three different... Read more »

Bitwarden Brings Passkey Logins to Windows 11, Expanding Passwordless Sign-Ins

Bitwarden now supports passkey logins on Windows 11 for Microsoft Entra ID users, extending passwordless sign-ins to device authentication. The post Bitwarden Brings Passkey Logins to Windows 11, Expanding... Read more »

LexisNexis Hack Exposes 3.9M Records Through Unpatched React Vulnerability

LexisNexis confirmed a data breach after hackers leaked stolen files, with attackers claiming they exploited the React2Shell vulnerability. The post LexisNexis Hack Exposes 3.9M Records Through Unpatched React Vulnerability... Read more »

Cisco flags ongoing exploitation of two recently patched Catalyst SD-WAN flaws

Cisco warns that two recently patched Catalyst SD-WAN flaws, CVE-2026-20128 and CVE-2026-20122, are already being actively exploited in the wild. Cisco warned customers that threat actors are actively exploiting... Read more »

Iran-linked APT targets US critical sectors with new backdoors

An Iran-linked hacking group has been active inside the networks of several US organizations since early February, raising concerns that the activity could precede broader cyber operations connected to... Read more »

Microsoft warns of ClickFix campaign exploiting Windows Terminal to deliver Lumma Stealer

Microsoft warns of ClickFix campaign using Windows Terminal to deliver Lumma Stealer via social engineering attacks. Microsoft revealed a new ClickFix campaign where attackers exploit Windows Terminal to run... Read more »

Microsoft working on Teams feature to help admins block unauthorized bots

Microsoft plans to add a new Teams feature that lets meeting admins identify and control third-party bots before they join. According to the Microsoft 365 Roadmap, the feature is... Read more »

New cyber module strengthens risk planning for health organizations

The Administration for Strategic Preparedness and Response’s (ASPR) new cybersecurity module in the Risk Identification and Site Criticality (RISC) 2.0 Toolkit helps organizations identify critical gaps, prioritize investments, and... Read more »

Scattered Spider attack on TfL affected 10 million people

The 2024 Scattered Spider attack on Transport for London affected approximately 10 million people, many of whom remain blissfully unaware their data was compromised Read more »

Platformisation without illusion: Separating integration from theatre

The Security Think Tank looks at platformisation, considering questions such as how CISOs can distinguish between a truly integrated platform and ‘integration theater, and how to protect unified platforms. Read more »
Subscribe to our Newsletter