Dataproof Communications

Key Points Iran-linked actors are increasingly engaging with the cyber crime ecosystem. Their activity suggests a growing reliance on criminal tools, services, and operational models in support of state objectives. Iranian actors have long used cyber crime and hacktivism as cover for destructive activity, but the trend now suggests direct engagement with the criminal ecosystem. This dynamic appears most prominently among Ministry...

Since the headline-grabbing outages of 2021, we’ve had recurring conversations with large enterprises asking some version of the same question. Do we really want our CDN, security, and routing control to live in the same place? This issue of control has become more urgent after a series of well‑publicized, multi‑hour outages across major cloud‑based DDoS protection and security platforms. These incidents...

After talking with many customers, one thing is clear: the security challenge has not gotten easier. Enterprises today operate across a complex mix of environments, including on-premises infrastructure, private data centers, and multiple clouds, often with tools that were never designed to work together. The result is enterprise security teams spend more time managing tools than managing...

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. - Read more

View CSAF Summary Successful exploitation of this vulnerability could allow an unauthorized attacker to access controller management settings, control components, disclose information, or cause a denial-of-service condition. The following versions of Honeywell IQ4x BMS Controller are affected: IQ4E >=Firmware_v3.50_3.44|<4.36_build_4.3.7.9 (CVE-2026-3611) IQ412 >=Firmware_v3.50_3.44|<4.36_build_4.3.7.9 (CVE-2026-3611) IQ422 >=Firmware_v3.50_3.44|<4.36_build_4.3.7.9 (CVE-2026-3611) IQ4NC >=Firmware_v3.50_3.44|<4.36_build_4.3.7.9 (CVE-2026-3611) IQ41x >=Firmware_v3.50_3.44|<4.36_build_4.3.7.9 (CVE-2026-3611) IQ3 >=Firmware_v3.50_3.44|<4.36_build_4.3.7.9 (CVE-2026-3611) IQECO >=Firmware_v3.50_3.44|<4.36_build_4.3.7.9 (CVE-2026-3611) CVSS Vendor Equipment Vulnerabilities v3 10 Honeywell Honeywell IQ4x BMS Controller Missing Authentication for Critical Function Background Critical Infrastructure Sectors: Commercial...

Recently, we uncovered BeatBanker, an Android‑based malware campaign targeting Brazil. It spreads primarily through phishing attacks via a website disguised as the Google Play Store. To achieve their goals, the malicious APKs carry multiple components, including a cryptocurrency miner and a banking Trojan capable of completely hijacking the device and spoofing screens, among other things. In a more recent...

CVSSv3 Score: 5.0 An authentication bypass by spoofing vulnerability in FortiWeb protected hostname feature may allow a remote unauthenticated attacker to bypass hostname restrictions via a specially crafted request. Revised on 2026-03-10 00:00:00 - Read more

CVSSv3 Score: 6.4 An Inclusion of Undocumented Features in FortiManager and FortiAnalyzer CLI may allow a remote authenticated read-only admin with CLI access to escalate their privilege via use of a hidden command. Revised on 2026-03-10 00:00:00 - Read more

CVSSv3 Score: 5.5 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FortiSOAR Agent Connector Bridge may allow an unauthenticated attacker to read files accessible to the fortisoar user on the system where the agent is deployed, via sending a crafted request to the agent port. Revised on 2026-03-10...

CVSSv3 Score: 6.7 An OS Command Injection vulnerability in FortiWeb API may allow an authenticated attacked to execute arbitrary commands via a specialy crafted HTTP request. Revised on 2026-03-10 00:00:00 - Read more