Tag: emerging threats
3178 articles
Jingle Thief Exclusive: Alarming Gift Card Theft
Think gift cards are harmless holiday fun? Jingle Thief uses simple phishing and cloud misconfigurations to siphon stored value from retailers, turning promos into cash for criminals — shoppers and merchants need to wake up and tighten defenses.
Jingle Thief Exclusive: Costly Cloud Hack Steals Millions
Imagine criminals turning your retailer’s cloud into a holiday ATM—Unit 42 warns the Jingle Thief gang uses phishing and smishing to steal credentials and exploit misconfigured cloud systems to issue and redeem millions in gift cards. Stronger identity controls, logging and vendor oversight are urgent fixes before consumers and merchants are left cleaning up the mess.
Lanscope Endpoint Manager Exclusive Critical Bug Alert
If you use Lanscope Endpoint Manager, treat this as urgent—CISA has added CVE-2025-61932 to its Known Exploited Vulnerabilities list and says it’s being actively exploited. Act now: inventory on‑prem Clients, apply patches or mitigations, tighten admin access, and hunt for signs of compromise.
Magento Exclusive: Critical Hack Hits 250+ Stores Overnight
If you run Magento Open Source, update now — a critical CVE-2025-54236 flaw has been weaponized and saw exploitation attempts against 250+ stores, letting attackers hijack sessions, execute code, or install skimmers. This emergency forces merchants to balance urgent patching with the real risk of breaking live sites—learn how to protect your store without losing sales.
Magento Stores Hit by Stunning Critical Breach, 250+
Heads-up: a critical vulnerability in Adobe Commerce and Magento Open Source is being actively exploited — Sansec logged 250+ attack attempts in 24 hours. Merchants should patch immediately, rotate sessions, and hunt for suspicious activity to prevent account takeovers, fraud, and data leaks.
Iran-Linked MuddyWater Exclusive: Damaging 100+ Targets
Imagine one hijacked mailbox becoming the battering ram: Iran‑linked MuddyWater used a trusted account, attacker‑controlled VPNs and the Phoenix backdoor to quietly worm into 100+ MENA government networks and siphon sensitive policy and personnel intelligence over months.
Lanscope Endpoint Manager Exclusive: Critical Bug Exploited
A critical, actively exploited flaw in Motex Lanscope Endpoint Manager (CVE-2025-61932) — now on CISA’s KEV list — can turn your endpoint manager into an attacker’s shortcut. If you run on‑prem Lanscope Client, act now: patch immediately, isolate affected hosts, and hunt for suspicious activity.
Ukraine Aid Groups Hit by Exclusive Fake Zoom PDF Attacks
Who do you trust when the envelope itself is the weapon? A campaign called PhantomCaptcha disguised malware inside a Zoom-related PDF, giving attackers stealthy, long-term access to Ukraine aid groups and risking donor data, credentials and field operations.
Fireware VPN Critical Bug – Must-Have Patch Now
A critical CVE-2025-9242 flaw in WatchGuard Fireware can let unauthenticated attackers run code and seize VPN gateways, so apply WatchGuard’s patch immediately. Verify affected models/versions, lock down management access, and monitor appliance logs to stop interception and lateral movement.
threat actors are evolving: Must-Have Best Defenses
Imagine attackers rebuilding siege engines overnight—60% of security leaders say threat actors are evolving too fast, forcing teams into constant catch-up. Learn how automation, AI, and supply‑chain exploits are redefining risk and which practical steps can help organizations move from reactive defense to resilient security.