Microsoft Office vulnerability (CVE-2026-21509) in active exploitation
Categories: Threat Research Tags: Microsoft Office, vulnerability, advisory
-
-
Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected
Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-24858 (CVSS score: 9.4), has been described as an authentication bypass related to FortiOS single sign-on (SSO). The flaw also affects FortiManager and FortiAnalyzer. The company said…
-
Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities
Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented tradecraft. The campaigns have been codenamed Gopher Strike and Sheet Attack by Zscaler ThreatLabz, which identified them in September 2025. “While these campaigns share some similarities with the Pakistan-linked Advanced Persistent Threat (APT)
-
WhatsApp Rolls Out Lockdown-Style Security Mode to Protect Targeted Users From Spyware
Meta on Tuesday announced it’s adding Strict Account Settings on WhatsApp to secure certain users against advanced cyber attacks because of who they are and what they do. The feature, similar to Lockdown Mode in Apple iOS and Advanced Protection in Android, aims to protect individuals, such as journalists or public-facing figures, from sophisticated spyware…
-
ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services
Cybersecurity researchers have disclosed details of a new campaign that combines ClickFix-style fake CAPTCHAs with a signed Microsoft Application Virtualization (App-V) script to distribute an information stealer called Amatera. “Instead of launching PowerShell directly, the attacker uses this script to control how execution begins and to avoid more common, easily recognized execution paths,”
-
Treasury cancels $21 million in Booz Allen contracts, blaming a breach that happened years ago
CNN reports: The Treasury Department cut ties with Booz Allen Hamilton on Monday and announced that it was canceling $21 million in federal contracts with the consulting giant because one of its ex-employees previously leaked President Donald Trump’s tax returns to the press. A statement from Treasury Secretary Scott Bessent referenced Charles Littlejohn, a onetime……
-
CTEM in Practice: Prioritization, Validation, and Outcomes That Matter
Cybersecurity teams increasingly want to move beyond looking at threats and vulnerabilities in isolation. It’s not only about what could go wrong (vulnerabilities) or who might attack (threats), but where they intersect in your actual environment to create real, exploitable exposure. Which exposures truly matter? Can attackers exploit them? Are our defenses effective? Continuous Threat…
-
Beyond MFA: Building true resilience against identity-based attacks
Categories: Sophos Insights Tags: Identity Security, MFA, Sophos ITDR
-
Savannah Best Buy employee says ‘hacker group’ blackmailed him into theft ring scheme
Lydia Blackstone reports: A 20-year-old Best Buy employee is jailed in Savannah after police said he helped a group of suspected shoplifters walk out of the store with more than $40,000 in merchandise, claiming he was pressured by online blackmail threats. Dorian Allen is charged with theft by taking, according to a Savannah Police Department……
-
China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023
Cybersecurity researchers have discovered a JScript-based command-and-control (C2) framework called PeckBirdy that has been put to use by China-aligned APT actors since 2023 to target multiple environments. The flexible framework has been put to use against Chinese gambling industries and malicious activities targeting Asian government entities and private organizations, according to Trend Micro