Tag: remote access
91 articles

Zoom Patches Flaw That Could Enable Account Takeover
Zoom just patched a critical security flaw that could let hackers hijack your account - and you need to update your software ASAP to stay safe! This vulnerability, tracked as CVE-2026-53412, could allow anyone on your network to take over your Zoom account.

Zoom Discloses High-Severity Account Takeover Vulnerability
Zoom has warned users of a high-severity vulnerability in its Windows desktop client and software development kit that could let hackers hijack accounts without authentication. This critical flaw, tracked as CVE-2026-53412, has a severity score of 9.8 out of 10.

Mistic Backdoor Exposes Link to Corporate Network Access Broker
Meet Mistic, a sneaky new backdoor that allows attackers to secretly access and control corporate networks for months on end, all while erasing its digital tracks. This stealthy threat can execute remote payloads in memory, upload and download files, and even self-destruct to avoid detection.

Perimeter Devices Exposed as Vulnerability in Authentication Bypass Attacks
A recent emergency directive from CISA revealed a shocking vulnerability in Check Point Remote Access VPN, allowing attackers to bypass authentication and gain trusted user access since early May. This critical flaw, with a CVSS score of 9.3, enables remote attackers to establish a fully authenticated VPN session without a valid password, essentially turning a security gateway into an entry point for intruders.

FortiBleed Exposes 73,000 Fortinet VPN Credentials Worldwide
A massive security breach has exposed a whopping 73,000 Fortinet VPN credentials worldwide, putting tens of thousands of firewall endpoints at risk, including those of major companies like Chevron, Samsung, and Mercedes-Benz. The alarming leak, discovered by security researcher Bob Diachenko, contains sensitive information like usernames, email addresses, and plaintext passwords.

Palo Alto Networks Warns of Active Exploitation of GlobalProtect VPN Flaw
Palo Alto Networks has warned of active exploitation of a critical GlobalProtect VPN flaw, CVE-2026-0257, which allows attackers to bypass security controls and set up unauthorized VPN connections. The company first observed exploitation attempts on May 17, 2026.

Check Point Discloses Zero-Day Auth Bypass Bug Under Active Exploitation
A critical authentication flaw, CVE-2026-50751, has been discovered in Check Point's Remote Access VPN and Mobile Access solutions, allowing attackers to bypass user authentication and establish a remote access VPN connection without a valid password. This severe vulnerability, scoring 9.3 on the CVSS scale, affects deployments using the outdated IKEv1 key exchange protocol.

Check Point Discloses Zero-Day Flaw Exploited by Ransomware Groups
Check Point has uncovered a zero-day flaw, CVE-2026-50751, that allowed ransomware groups to exploit a critical authentication bypass in Remote Access and Mobile Access deployments, prompting an emergency fix. The vulnerability enabled attackers to establish a remote access VPN connection without proper authentication.

Check Point VPN Flaw Exposed, Bypasses Passwords in IKEv1 Setups
A critical flaw in Check Point VPN setups has been exposed, allowing attackers to bypass passwords and establish a VPN session without proper authentication in certain configurations. This vulnerability, tracked as CVE-2026-50751, impacts Remote Access VPN and Mobile Access deployments using the outdated IKEv1 protocol.

Check Point Exposes VPN Zero-Day Link to Qilin Ransomware Gang
A critical VPN vulnerability, CVE-2026-50751, has been exploited in attacks linked to the notorious Qilin ransomware gang, affecting a handful of organizations worldwide. Check Point has released security updates to patch this authentication bypass flaw in its legacy Remote Access and Mobile Access deployments.

China-Linked TA4922 Expands Phishing Attacks Globally
Meet TA4922, a China-linked group rapidly expanding its phishing attacks worldwide, with a financially motivated agenda to infiltrate and exploit victim environments for data theft, fraud, and more. This threat actor is now targeting organizations globally, from the UK to Germany, Italy, and South Africa.

Cybercriminals Impersonate IT Personnel in Targeted Attacks
Cybercriminals are now masquerading as IT personnel to launch targeted attacks, with the FBI warning that law firms and professional sectors are prime targets. This new tactic allows groups like the Silent Ransom Group to swiftly access and exfiltrate sensitive data, often without encrypting systems.

FBI Warns of In-Person Data Theft Attacks by Extortion Gang
The FBI has issued a warning about a sneaky new tactic used by the notorious Silent Ransom Group: showing up in person to steal sensitive data, after gaining trust through clever phishing and phone scams. This brazen approach combines remote access tricks with physical presence at victim sites, marking a chilling evolution in their extortion methods.

Linux Malware Showboat Targets Telecom with SOCKS5 Proxy Backdoor
Meet Showboat, a sneaky Linux malware that's targeting telecom systems with its powerful SOCKS5 proxy backdoor, allowing hackers to spawn remote shells, transfer files, and carry out covert operations. This modular menace can quietly infiltrate and take control, making it a major threat to Linux systems.

Phishing Attacks Expose Gaps in Early Detection
In just 40 seconds, ANY.RUN's interactive sandbox exposed the full attack chain of a phishing attack, revealing redirects, fake pages, and signs of possible remote access. This game-changing tool helps teams detect phishing threats early, providing concrete evidence of business exposure before it's too late.

Mustang Panda Expands LOTUSLITE Malware to Target India, Korea
Meet the evolved LOTUSLITE backdoor, now wielding dynamic DNS-based command-and-control over HTTPS, enabling its operators to remotely access and manipulate targeted systems for espionage purposes. This sophisticated malware supports remote shell access, file operations, and session management, a potent toolkit for data collection and access persistence.

TeamViewer Exclusive Security Design Builds Best Trust
If your espresso machine can be controlled over the internet, its connection should be as private as a bank transfer. TeamViewer’s security-first design bakes end-to-end encryption, zero-trust principles, and admin controls into remote access so convenience never means compromise.

WatchGuard Fireware vulnerability: Urgent Critical Fix
Imagine one packet handing an attacker the keys to your network — that’s exactly what the critical CVE-2025-9242 WatchGuard Fireware flaw made possible. Inventory affected devices and apply WatchGuard’s patches now, or at minimum lock down management interfaces and enforce MFA to keep your gateways secure.

Snappybee malware: Alarming Risky Breach of EU Telecoms
A major European telecom was breached after attackers exploited a Citrix NetScaler flaw to deploy Snappybee — a modular espionage toolkit tied to the China-linked Salt Typhoon group — showing how trusted remote-access appliances can become gateways for stealthy data theft. The incident is a wake-up call to prioritize patching, segmentation, and behavioral detection before the next exploit hits.

Citrix vulnerability: Exclusive Alert for Risky DLL Sideload
A China-linked group called Salt Typhoon has been exploiting a Citrix flaw via stealthy DLL sideloading to slip malicious code into critical infrastructure and enterprise systems worldwide. It’s a wake-up call to patch, audit binaries, and tighten controls before trusted software becomes an attacker’s hiding place.

Winos 40 Stunning Risky Asia-Pacific Expansion
Winos 4.0 (ValleyRAT) is widening its reach into Japan and Malaysia using weaponized PDFs that drop links to a follow-on RAT (HoldingHands/Gh0stBins), making multi-stage phishing attacks more potent — now’s the time to lock down PDF handling, enforce URL filtering, and boost behavioral detection before attackers exploit language- and region-specific gaps.

RMM software Must-Have Protections: Best Defenses
Remote monitoring tools like ScreenConnect make IT life easier—but when attackers hijack them through phishing or stolen credentials, that convenience becomes a powerful way to spread ransomware and steal data. Protect your RMM consoles with strong authentication, network segmentation, and vigilant monitoring before a single click turns into a network-wide crisis.

Palo Alto Networks administrative portals: Urgent Threat
A sudden fivefold surge in automated scans of Palo Alto Networks’ admin portals is a clear warning that attackers are probing for weaknesses — now’s the time to patch, tighten access, and verify your telemetry. While scans don’t prove compromise, treat this spike as a prompt to hunt for misconfigurations and strengthen admin controls.

Cavalry Werewolf Exclusive: Dangerous State-Grade Threat
BI.ZONE’s new report exposes Cavalry Werewolf, a stealthy campaign that pairs the FoalShell backdoor with StallionRAT to quietly map and then exploit Russian public-sector networks—an urgent reminder that reusable, modular tooling lets attackers scale persistent intrusions. Defenders should prioritize centralized telemetry, network segmentation, MFA and practiced playbooks to spot the subtle reconnaissance before it escalates.