Dataproof Communications

Threat Actors are actively exploiting CVE-2024-3721, a command injection vulnerability in TBK DVR devices (Digital Video Recorders). This flaw allows unauthenticated remote code execution (RCE) via crafted HTTP requests to the endpoint. The compromised devices are conscripted into a botnet capable of conducting DDoS attacks. - Read more

FortiGuard Labs continues to observe ongoing attack attempts targeting SimpleHelp, a Remote Monitoring and Management (RMM) software, due to a critical unauthenticated path traversal vulnerability (CVE-2024-57727) affecting versions 5.5.7 and earlier. - Read more

CSRI finds China and Russia may be coordinating ‘grey zone’ tactics against vulnerable western infrastructureChina and Russia are stepping up sabotage operations targeting undersea cables and the UK is unprepared to meet the mounting threat, according to new analysis.A report by the China Strategic Risks Institute (CSRI) analysed 12 incidents in which national authorities had investigated alleged undersea cable...

We expand our view to include CWE and OWASP, and we also examine the latest overall trends for June 2025. - Read more

Citizen Lab says it found ‘digital fingerprints’ of military-grade spyware that Italy has admitted using against activistsThe hacking mystery roiling the Italian prime minister Giorgia Meloni’s rightwing government is deepening after researchers said they had found new evidence that two more journalists were targeted using the same military-grade spyware that Italy has admitted to using against activists.A parliamentary committee...

The Certificate Transparency ecosystem has been improving transparency for the web PKI since 2013. It helps make clear exactly what certificates each certificate authority has issued and makes sure errors or compromises of certificate authorities are detectable. Let’s Encrypt participates in CT both as a certificate issuer and as a log operator. For the past year, we’ve also been running...

University spokesperson says Genevieve Bell’s account had ‘liked’ posts she had never seen before about Julie Bishop and GazaGet our breaking news email, free app or daily news podcastThe Australian National University (ANU) has contacted authorities about a possible hacking incident after its vice-chancellor’s account liked a number of “highly offensive” LinkedIn posts about Gaza and Julie Bishop.One of...

Every night, right around midnight (mainly UTC), a horde of zombies wakes up and clamors for … digital certificates! The zombies in question are abandoned or misconfigured Internet servers and ACME clients that have been set to request certificates from Let’s Encrypt. As our certificates last for at most 90 days, these zombie clients’ software knows that their certificates are...

Sensor Intel Series: May 2025 CVE Trends - Read more

FortiGuard’s global sensor network report consistently high levels of attack attempts targeting vulnerabilities associated with Earth Lamia APT campaigns. According to Trend Research, the hacking group known as Earth Lamia has been actively targeting a range of sectors- including finance, government, IT, logistics, retail, and education- shifting its focus based on evolving objectives and time periods. The group is...