[Video] The TTP Ep 21: When Attackers Become Trusted Users
In this episode of the Talos Threat Perspective, we explore how identity is being used to gain, extend, and maintain access inside environments. Drawing on...
EvilTokens abuses Microsoft device code flow for account takeovers
A new phishing-as-a-service (PhaaS) campaign is abusing Microsoft’s device code authentication flow to gain unauthorized access to user accounts. Sekoia...
Siemens SICAM 8 Products
View CSAF
Summary
Multiple SICAM 8 products are affected by multiple vulnerabilities that could lead to denial of service, namely: - SICAM A8000 Device firmware -...
Yokogawa CENTUM VP
View CSAF
Summary
Successful exploitation of this vulnerability could allow an attacker to login as the PROG user and modify permissions.
The following versions of Yokogawa CENTUM...
Hitachi Energy Ellipse
View CSAF
Summary
Hitachi Energy is aware of a Jasper Report vulnerability that affects the Ellipse product versions mentioned in this document below. This vulnerability can...
How ‘Wikipedia of cyber’ helps SAP make sense of threat data
SAP runs enormous cloud environments for some of the world’s most heavily-regulated organisations, and in the hyperscale era, data security and compliance were becoming...
What’s driving Oracle’s latest job cuts?
Thousands of job losses have been reported, affecting many roles at Oracle Cloud Infrastructure including software engineering and product compliance - Read more
The AI Security Compliance Gap: Fighting Polymorphic Phishing While Staying Regulatory Ready
As cyber threats evolve, organisations face a growing dilemma: how to defend against increasingly sophisticated phishing attacks while staying compliant with expanding data protection...
Latin America and the Caribbean Cybercrime Landscape
Executive Summary This report provides an overview of trends and developments in the cybercriminal ecosystem of Latin America and the Caribbean (LAC) in...
Iran Threatens to Attack Apple, Google, and Other US Tech Firms in Middle East
Iran has threatened multiple US tech giants in the Middle East, escalating tensions and raising fears of AI-driven warfare turning physical.
The post Iran Threatens...
Latest article
Great responsibility, without great power
Welcome to this week’s edition of the Threat Source newsletter. As I’m writing this, today (April 28) is International Superhero Day. If you don’t know the origin story behind...
Imperva Customers Protected Against CVE-2026-41940 in cPanel & WHM
What is CVE-2026-41940?
CVE-2026-41940 is a critical authentication bypass vulnerability affecting cPanel & WHM, including DNSOnly, in versions after 11.40. The flaw, discovered by WatchTowr...
Microsoft Windows 11 April 2026 Security Update Breaks Third-Party Backup Applications
Microsoft’s April 2026 cumulative security update for Windows 11 is causing significant disruptions for users relying on third-party backup software, triggering an MS-DEFCON level...
Almost half of UK businesses hit by cyber attacks
The government's annual cyber security report reveals UK businesses are still struggling with the impact of attacks and breaches. - Read more
