Dataproof Communications

Author: Intelligence Team, Kahng AnCofense PDC (Phishing Defense Center) and Cofense Intelligence have found an Internal Revenue Service (IRS)-spoofing email that purports to give a $5000 tax refund provided by Elon Musk. However, the link to access the purported tax refund redirects to a credential phishing page with IRS and Elon Musk branding images. Upon filling out the credential...

A look at how Kubernetes CVE-2020-8562 allows attackers to bypass API server proxy protections using DNS rebinding - Read more

For years, the cybersecurity industry has treated third-party risk management as a compliance exercise. Assess your vendors. Assign a score. File the report. Move on. That model was built for a different era. One where supply chains were smaller, threat actors were less sophisticated, and a quarterly questionnaire could reasonably approximate a vendor's security posture. That era is...

When customers experience a security incident, they need to acquire forensic artifacts to identify root cause, extract indicators of compromise (IoCs), and validate remediation efforts. NIST 800-86, Guide to Integrating Forensic Techniques into Incident Response, defines digital forensics as a process comprised of four basic phases: collection, examination, analysis, and reporting. This blog post focuses on the...

Arelion operates the world’s best-connected IP fiber backbone, providing high-capacity transit services to a variety of the globe’s leading ISPs as well as many large enterprises. They provide an award-winning customer experience to clients in 129 countries worldwide, and their global Internet services connect more than 700 cloud, security, and content providers with low-latency transit....

NWN launches an AI-powered security platform to tackle tool sprawl, alert fatigue, and modern cyber threats in the era of agentic enterprises. The post Why Operationalizing AI Security Is the Next Great Enterprise Hurdle appeared first on TechRepublic. - Read more

A network-level disruption struck multiple Microsoft 365 services on Wednesday evening, knocking out or degrading access to Exchange Online, Microsoft Teams, and the broader Microsoft 365 suite for users across affected regions. The incident, tracked under issue ID MO1274150, began at approximately 8:37 PM IST (3:07 PM UTC) on April 8, 2026, and prompted Microsoft’s engineering teams to launch...

Rapid7’s Incident Response (IR) team was engaged to investigate an incident involving exploitation of CVE-2025-59718 against a vulnerable FortiGate appliance. In December 2025, Fortinet disclosed this improper verification of cryptographic signature vulnerability that facilitates an SSO login bypass on affected appliances. After the initial exploitation, the attackers maintained a low-profile posture, systematically compromising additional firewalls before moving to internal...

A data breach affecting 138 members of the Civil Service Pension Scheme piles pressure on the service's administrator, Capita, amid ongoing issues. - Read more

Anthropic launches Project Glasswing, using its Claude Mythos Preview AI to autonomously identify and fix undiscovered vulnerabilities in critical software - Read more