CIS launches Commercial Cloud MDR, Powered by Sophos, to protect SLTT government organizations
Investigate incidents in real time, quickly neutralize active threats, and prevent repeat attacks.
Similar Posts
New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records
Bys sCybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain Name System (DNS) mail exchange (MX) records to serve fake login pages that impersonate about 114 brands. DNS intelligence firm Infoblox is tracking the actor behind the PhaaS, the phishing kit, and the related activity under the moniker Morphing Meerkat….
Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
Bys sCybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user’s NTLMv2 hash to the attacker. Like in the case of CVE-2026-33829, which impacted the Windows Snipping Tool’s ms-screensketch: URI handler, the newly flagged issue resides in the search: URI handler, per Huntress. CVE-2026-33829 refers to a spoofing vulnerability…
ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs
Bys sA high-severity security flaw has been disclosed in ServiceNow’s platform that, if successfully exploited, could result in data exposure and exfiltration. The vulnerability, tracked as CVE-2025-3648 (CVSS score: 8.2), has been described as a case of data inference in Now Platform through conditional access control list (ACL) rules. It has been codenamed Count(er) Strike. “A…
CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers
Bys sThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), along with international partners from Australia and Canada, have released guidance to harden on-premise Microsoft Exchange Server instances from potential exploitation. “By restricting administrative access, implementing multi-factor authentication, enforcing strict transport security
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
Bys sGitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation. Called staged publishing, the feature is now generally available on npm. It mandates that a human maintainer pass a two-factor…
Illinois Department of Human Services tightens map security after data incident
Bys sStephanie Nau reports: The Illinois Department of Human Services is notifying the public of a data security incident involving internal planning maps that were mistakenly made public from due to incorrect privacy settings. The maps were used for internal resource planning and created on a mapping website. The data included information related to some individuals in……