Critical Vulnerability Discovered in Microsoft MFA Implementation Cybersecurity experts have uncovered a significant security flaw in Microsoft’s multi-factor authentication (MFA) system that could allow attackers to easily bypass protection mechanisms and gain unauthorized access to user accounts. This vulnerability was classified as “critical” by researchers from Oasis Security, who highlighted…
In recent years, the frequency and severity of cyberattacks have escalated dramatically, underscoring a pressing concern for organizations worldwide. A glance at the CISA list of significant cyber incidents reveals the alarming scale of these attacks. A notable instance occurred in May 2021 when a ransomware assault on Colonial Pipeline…
Okta, a leading provider of identity services, revealed a recent security incident affecting its support case management system. Unidentified threat actors exploited compromised credentials to gain access, allowing them to view sensitive files uploaded by certain customers. David Bradbury, Okta’s Chief Security Officer, stated, “The threat actor was able to…
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime, Government Rising Concerns Over F5 Breach Amid Prolonged Government Shutdown Chris Riotta (@chrisriotta) • October 17, 2025 Image: JHVEPhoto/Shutterstock Federal authorities are urgently addressing a significant cybersecurity breach attributed to nation-state actors who have exploited stolen source code from networking firm F5.…
Joseph Topping reports: Heywood Hospital and Athol Hospital recently experienced a network outage attributed to a cybersecurity incident. The facilities, located in Gardner and Athol, Massachusetts, respectively, confirmed they took affected systems offline and sought assistance from a third-party cybersecurity firm. Despite the incident, both hospitals remain operational and are…
A critical vulnerability in the WordPress Hunk Companion plugin has been identified, allowing malicious actors to install additional vulnerable plugins and create pathways for attacks. This flaw, designated as CVE-2024-11972 with a CVSS score of 9.8, impacts all versions preceding 1.9.0 and affects over 10,000 active installations, heightening security risks…
In a recent crackdown, Spanish authorities have arrested 34 individuals linked to a sophisticated cybercrime syndicate responsible for orchestrating a range of online scams, resulting in approximately €3 million (around $3.2 million) in illicit profits. This operation highlights the increasing threat posed by organized cybercriminal networks targeting unsuspecting individuals and…
Cybercrime, Fraud Management & Cybercrime, Government Also: Ongoing Challenges at CISA, LevelBlue’s Acquisition of Cybereason Anna Delaney (annamadeline) • October 17, 2025 Clockwise, from top left: Anna Delaney, Mathew Schwartz, Chris Riotta, and Michael Novinson This week’s panel of ISMG editors delved into the FBI’s recent operation targeting the Scattered…
Cybercriminals have increasingly turned their attention to airlines, drawn by the vast amounts of personal data these companies collect. Among the most sought-after information are passports and government identification, which pose a significant risk for long-term identity theft. According to Incogni, a company specializing in data privacy and removal, leaks…
