Dataproof Communications

Stand-alone Security Patch Available for Tenable Security Center Versions 6.5.1, 6.6.0, 6.7.2 and 6.8.0: SC202604.1 Aaron Roy Tue, 04/07/2026 - 11:35 Security Center leverages third-party software to help provide underlying functionality. A third-party component (PostgreSQL) was found to contain vulnerabilities, and an updated version has been made available by the provider.Out of caution and in line with best...

Newly identified malicious campaigns are linked to virtual private servers modified by APT28 to operate as malicious DNS servers - Read more

Updated information to include CVSS scores. This is an informational change only. - Read more

The agenda for the Rapid7 2026 Global Cybersecurity Summit is starting to take shape, and with it, a clearer picture of the conversations security teams need to be having right now.Taking place May 12–13, this year’s summit brings together a mix of security leaders, practitioners, analysts, and industry voices to explore how organizations are moving from reactive defense to...

View CSAF Summary Successful exploitation of these vulnerabilities could allow a local attacker to disclose SQL Server credentials used by the affected products and use them to disclose, tamper with, or destroy data, or to cause a denial-of-service (DoS) condition on the system. The following versions of Mitsubishi Electric GENESIS64 and ICONICS Suite products are affected: GENESIS64 <=10.97.3 (CVE-2025-14815, CVE-2025-14816) ICONICS Suite <=10.97.3 (CVE-2025-14815,...

- Read more

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-35616, a critical improper access control vulnerability in Fortinet FortiClient Enterprise Management Server (EMS), to its Known Exploited Vulnerabilities (KEV) catalog on April 6, 2026, mandating federal agencies to remediate by April 9, 2026. CVE-2026-35616 is a critical-severity flaw rooted in CWE-284 (Improper Access Control), carrying a CVSS score of 9.1. The vulnerability...

DPRK-linked threat actors are preferring stealth over sophistication in targeting South Korean organizations, as researchers report the use of weaponized Windows shortcut (.LNK) files and GitHub-based command-and-control (C2) channels in a new campaign. According to new Fortinet findings, a series of attacks that began in 2024 were found using a multi-stage scripting process and GitHub...

For the latest discoveries in cyber research for the week of 30th March, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The European Commission, the European Union’s executive body, has confirmed a data breach after its Europa.eu platform was compromised through a third-party exchange linked to the Trivy supply chain attack. The incident affected at least one Amazon Web...

By Harsh Patel, Cofense Phishing Defense CenterWar in the modern era extends far beyond the physical battlefield. The ongoing conflict in the Middle East involving the United States, Israel, and Iran continues to generate widespread fear and uncertainty, particularly among civilians in affected and neighboring regions. This climate of heightened anxiety creates ideal conditions for cyber threats, as malicious...