A security vulnerability in Fortinet’s FortiClient for Windows has been exploited by the threat group known as **BrazenBamboo**, allowing them to extract VPN credentials using a modular framework named **DEEPDATA**. This exploitation was disclosed by Volexity, which reported the zero-day vulnerability’s emergence in July 2024. BrazenBamboo is also linked to…
Two Eastern European nationals have received prison sentences in the United States for their involvement in “bulletproof hosting” services used by cybercriminals to distribute malware and target financial institutions between 2009 and 2015. Pavel Stassi, aged 30 from Estonia, has been sentenced to 24 months in prison, while Aleksandr Shorodumov,…
On February 5, 2023, Reddit confirmed it fell victim to a security breach that allowed unauthorized actors to access internal documentation, source code, and certain business systems. This incident underscores ongoing vulnerabilities in organizational security protocols, particularly as cybercriminals refine their tactics. The social news aggregation platform indicated the intrusion…
The Rise of Modern IGA Amidst Cyber Threats: Key Insights for Business Owners In today’s rapidly evolving digital landscape, Identity Governance and Administration (IGA) has taken on unprecedented significance. With the surge of artificial intelligence and its integration into various sectors, organizations must navigate complex cybersecurity challenges that have accompanied…
The LockBit ransomware group has made a notable return, launching its latest variant, LockBit 5.0, after a period of inactivity triggered by law enforcement actions earlier in 2024. The resurgence comes despite significant disruptions to their infrastructure and efforts to dismantle their operations during Operation Cronos. Under the direction of…
Palo Alto Networks Identifies Zero-Day Exploit in PAN-OS Firewall Palo Alto Networks has recently unveiled crucial indicators of compromise (IoCs) following the confirmation of a zero-day vulnerability within its PAN-OS firewall management interface. This vulnerability has reportedly been targeted and actively exploited by threat actors in real-world scenarios. The company…
Recent reports indicate a sophisticated malware campaign that is specifically targeting entities in Afghanistan and India. This campaign exploits a decades-old vulnerability in Microsoft Office, identified as CVE-2017-11882, which has since been patched. The vulnerabilities allow adversaries to deploy remote access trojans (RATs), granting them total control over infected systems.…
Critical Infrastructure Security, Governance & Risk Management, Operational Technology (OT) The Vulnerability of Airport Baggage Systems Shaun Waterman • October 24, 2025 Image: Jaromir Chalabala/Shutterstock The airport baggage carousel, often viewed as an inconvenient fixture, represents a significant security concern when perceived through the lens of military strategy. Within such…
The Breach Exposed Toys “R” Us Canada has disclosed a significant data breach affecting customer information, with details reportedly resurfacing on the dark web. The breach occurred back in July, revealing that cybercriminals accessed and leaked sensitive personal information of customers. Notifications to those affected indicated that while no financial…
