Microsoft has issued a warning regarding a phishing campaign specifically targeting the hospitality sector by masquerading as the online travel agency Booking.com. This campaign employs an advanced social engineering technique known as ClickFix to deliver malware designed to steal user credentials. According to Microsoft’s threat intelligence team, this activity has…
A recently identified unpatched vulnerability in Microsoft Windows has been exploited by a coalition of eleven state-sponsored hacking groups from nations including China, Iran, North Korea, and Russia. This ongoing cyber threat campaign, dating back to 2017, focuses on data theft, espionage, and financially motivated activities. The zero-day vulnerability, cataloged…
This article covers vital topics in cybersecurity, including Application Security, Cyberwarfare / Nation-State Attacks, and Fraud Management & Cybercrime. Also: Software Supply Chain Risks, Cato’s AI Security Acquisition Anna Delaney (annamadeline) • September 6, 2025 Clockwise, from top left: Anna Delaney, Tony Morbin, Michael Novinson, and Chris Riotta This week,…
On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of a medium-severity security vulnerability in Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog. This decision follows reports indicating that the flaw is actively being exploited in real-world scenarios. The vulnerability, identified as CVE-2025-24054, received a…
Cyber Espionage Suspected in South American Diplomatic Attacks On Monday, Microsoft announced it has linked a China-based cyber espionage group to a series of attacks targeting diplomatic organizations in South America. The tech conglomerate’s Security Intelligence team is closely monitoring this group under the identifier DEV-0147. They characterized the recent…
Cloudflare Admits to Security Oversight in TLS Certificate Management On Thursday, Cloudflare officially acknowledged a series of failures concerning its handling of TLS certificates. The company stated that it encountered three primary issues: initially, the mismanagement of IP certificates for 1.1.1.1, followed by inadequate filtering of certificate issuance alerts, and…
Welcome to this week’s edition of the cybersecurity newsletter. Our goal is to arm you with the latest intelligence on cyber threats that could jeopardize your business operations. In this week’s issue, we examine critical updates regarding vulnerabilities affecting Apple devices, the rising threat of ransomware, unprecedented DDoS attacks, and…
Series A Accelerates AI Development, Integration Expansion, and Product-Led Growth Strategy Michael Novinson (MichaelNovinson) • September 4, 2025 Sola Security CEO Guy Flechter and COO Ron Peled (Image: Sola Security) Sola Security, under the leadership of former Palo Alto Networks’ application security head, has successfully secured $35 million in Series…
Potential Security Breach Due to Misissued TLS Certificates A recent alarming security discovery has raised concerns about the vulnerabilities inherent in the public key infrastructure (PKI) supporting internet trust. The precise details surrounding the organization or individual responsible for acquiring unauthorized credentials remain unclear, as representatives from Fina have not…
