Dataproof Communications

By: Marie Mamaril, Intelligence TeamCloudflare's suite of services like Workers, Tunnels, Turnstile, Pages and Cloudflare R2 (*r2dev) continue to be abused by threat actors to orchestrate stealthy phishing attacks and deliver malware in ways that are difficult for traditional security measures to detect or prevent. This abuse underscores a perilous shift wherein Cloudflare’s legitimate services are now being repurposed...

- Read more

CISA has awarded Elastic a contract to provide SIEM as a Service (SIEMaaS) to US federal civilian agencies in an effort to standardize threat hunting, cybersecurity monitoring, and incident response across the government. - Read more

Executive Summary Insikt Group identified five distinct clusters leveraging the ClickFix social engineering technique to facilitate initial access to host systems. Observed since at least May 2024, these clusters include those impersonating financial application Intuit QuickBooks and the travel agency Booking.com. Insikt Group leveraged the Recorded Future® HTML Content Analysis dataset, which enables systematic monitoring of embedded web...

Senior Software Engineer Guilherme Xavier shares his experience onboarding into a fully remote role at Elastic, outlining the processes and achievements that made it a success. - Read more

The head of the UK’s NCSC is calling the cybersecurity industry to “seize the disruptive vibe coding opportunity” to make software more secure - Read more

Rapid7 has released a whitepaper titled “The Weaponization of Cellular Based IoT Technology,” by Deral Heiland, principal security researcher, IoT, at Rapid7, and Carlota Bindner, lead product security researcher at Thermo Fisher Scientific. The paper examines how attackers with physical access can exploit cellular modules in Internet of Things (IoT) devices to move into cloud and backend environments, exfiltrate...

The FCC bans new foreign-made routers over national security risks, a move that could reshape the US tech supply chain and impact pricing and availability. The post US Bans New Foreign-Made Routers, Citing ‘Unacceptable’ Security Risks appeared first on TechRepublic. - Read more

Corrected CVE title. This is an informational change only. - Read more

View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary commands with root privileges. The following versions of Pharos Controls Mosaic Show Controller are affected: Mosaic Show Controller Firmware 2.15.3 (CVE-2026-2417) CVSS Vendor Equipment Vulnerabilities v3 9.8 Pharos Controls Pharos Controls Mosaic Show Controller Missing Authentication for Critical Function Background Critical Infrastructure Sectors: Commercial Facilities Countries/Areas Deployed: Worldwide Company Headquarters Location: United Kingdom Vulnerabilities Expand All + CVE-2026-2417 A Missing Authentication for Critical...