Dataproof Communications

Threat actors are abusing web services from Amazon like Simple Storage Service (S3) buckets, Amazon Simple Email Service (SES), and Amazon Web Service (AWS) Amplify to launch credential phishing attacks due to their trusted infrastructure, scalability, and ease of abuse. AWS offers threat actors a cloak of legitimacy, bypassing many traditional email based security controls like Secure Email Gateways...

We use AI and RAG to accelerate answers — not replace experts. Every response is reviewed, validated, and refined by engineers to ensure accurate, high-quality, expert-verified solutions, never automated output. - Read more

Tenable Network Monitor Version 6.5.3 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 01/27/2026 - 14:02 Nessus Network Monitor leverages third-party software to help provide underlying functionality. Several of the third-party components (libxml2, libxslt, expat, c-ares, curl, sqlite) were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with best...

Customers need solutions to track inventory data such as files and software across Amazon Elastic Compute Cloud (Amazon EC2) instances, detect unauthorized changes, and integrate alerts into their existing security workflows. In this blog post, I walk you through a highly scalable serverless file integrity monitoring solution. It uses AWS Systems Manager Inventory to collect file metadata...

The ShinyHunters hacking collective that caused chaos in 2025 is ramping up a new voice phishing campaign, with several potential victims already identified - Read more

View CSAF Summary Successful exploitation of this vulnerability could result in remote SQL execution, leading to alteration or loss of data. The following versions of Johnson Controls Products are affected: Application and Data Server (ADS) (CVE-2025-26385) Extended Application and Data Server (ADX) (CVE-2025-26385) LCS8500 (CVE-2025-26385) NAE8500 (CVE-2025-26385) System Configuration Tool (SCT) (CVE-2025-26385) Controller Configuration Tool (CCT) (CVE-2025-26385) CVSS Vendor Equipment Vulnerabilities v3 10 Johnson Controls Johnson Controls Products Improper Neutralization of Special Elements used in a...

A court has found that the Kingdom of Saudi Arabia subjected a London-based human rights activist to abuse and physical violence after infecting his phone with Pegasus spyware - Read more

Over the past few years, we’ve been observing and monitoring the espionage activities of HoneyMyte (aka Mustang Panda or Bronze President) within Asia and Europe, with the Southeast Asia region being the most affected. The primary targets of most of the group’s campaigns were government entities. As an APT group, HoneyMyte uses a variety of sophisticated tools to achieve its...

CVSSv3 Score: 9.4 An Authentication Bypass Using an Alternate Path or Channel vulnerability in FortiOS, FortiManager, FortiAnalyzer, FortiProxy, FortiWeb may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.Please note that the FortiCloud SSO login...

In December 2025, SoundCloud announced it had discovered unauthorised activity on its platform. The incident allowed an attacker to map publicly available SoundCloud profile data to email addresses for approximately 20% of its users. The impacted data included 30M unique email addresses, names, usernames, avatars, follower and following counts and, in some cases, the user’s country. The attackers later...