Dissecting UAT-8099: New persistence mechanisms and regional focus
Cisco Talos has identified a new campaign by UAT-8099, active from late 2025 to early 2026, that is targeting vulnerable Internet Information Services (IIS) servers across Asia with a specific focus on victims in Thailand and...
IR Trends Q4 2025: Exploitation remains dominant, phishing campaign targets Native American tribal organizations
Threat actors predominately exploited public-facing applications for the second quarter in a row, with this tactic appearing in nearly 40 percent of Cisco Talos Incident Response (Talos IR) engagements — a notable decrease from over...
Security now one of the UK’s fastest-growing career paths
The number of people working in the cyber security field has almost trebled in the 2020s, with one cyber professional for every 68 businesses...
CVE-2026-20960 PowerApps Desktop Client Remote Code Execution Vulnerability
Corrected Download links in the Security Updates table. This is an informational change only. - Read more
Critical bug in popular vm2 Node.js sandboxing library puts projects at risk
A critical vulnerability has been patched in vm2, a widely used library for the Node.js JavaScript runtime that allows untrusted...
$95M Payout: Apple Begins Compensating Users in Siri Eavesdropping Case
Apple has started issuing Siri privacy settlement payouts, with claimants seeing deposits as low as $8 per device from a $95 million fund.
The post...
Burner phones and lead-lined bags: a history of UK security tactics in China
Starmer’s team is wary of spies but such fears are not new – with Theresa May once warned to get dressed under a duvetWhen...
Autonomous System Uncovers Long-Standing OpenSSL Flaws
A recent update has fixed 12 vulnerabilities in OpenSSL, some existing in the codebase for years - Read more
Threat Actors Leverage Real Enterprise Email Threads to Deliver Phishing Links
In a sophisticated supply chain phishing attack, threat actors hijacked an ongoing email thread among C-suite executives discussing a document awaiting final approval. The...
Latest article
Hackers Use Fake CleanMyMac Site to Deploy SHub Stealer and Hijack Crypto Wallets
A convincing fake website posing as the popular Mac utility CleanMyMac is actively pushing dangerous macOS malware called SHub Stealer onto unsuspecting users. ...
CVE program funding secured, easing fears of repeat crisis
The Cybersecurity and Infrastructure Security Agency and the MITRE Corporation have renegotiated the contract supporting the 26-year-old Common Vulnerabilities and...
Outbreak Alert- Annual Report 2025
In 2025, the FortiGuard Labs team processed and blocked 3.8 trillion vulnerability exploitation attempts, preventing 2.71 billion malware deliveries, and blocking 257 million newly...
9th March – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 9th March, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
AkzoNobel, a Netherlands-based...
