Fortinet has acknowledged a serious credential-harvesting campaign known as FortiBleed, which has resulted in the collection of over 86,000 confirmed working credentials. This campaign poses a significant risk to users and organizations that utilize Fortinet's products, as attackers can exploit these credentials for unauthorized access to sensitive systems. The incident is particularly alarming because it affects a wide range of users, potentially including businesses that rely on Fortinet's security solutions. Companies should take immediate steps to secure their systems and monitor for any suspicious activities, as the implications of this data breach could lead to further attacks or data leaks. This situation underscores the ongoing challenges in cybersecurity and the need for constant vigilance.
Articles tagged "Exploit"
Found 571 articles
Help Net Security
Recent research from Wake Forest University has revealed that many AI-powered iOS applications are exposing sensitive credentials. Out of 444 apps analyzed, 282 were found to have vulnerabilities that could allow attackers to access backend services and exploit user data. These affected apps span multiple categories, including productivity, entertainment, and education. This situation raises serious concerns about user privacy and the security measures that developers are implementing. It serves as a reminder for app developers to strengthen their security practices and for users to be cautious about the apps they install and the information they share.
The latest Malware newsletter from Security Affairs discusses several significant cybersecurity incidents affecting a wide range of sectors. Notably, a supply chain attack on OptinMonster has compromised 1.2 million websites, raising concerns about the security of third-party services. Additionally, a China-linked threat actor has targeted both public and private medical organizations, focusing on areas like artificial intelligence and national defense research. Another piece highlights the Rokarolla malware, which is designed to steal banking information from Android devices. These incidents underscore the ongoing risks faced by organizations and individuals alike, as attackers increasingly exploit vulnerabilities across various sectors.
Hackers are taking advantage of a recently patched vulnerability in the Gravity SMTP plugin for WordPress, which is used on around 100,000 websites. This security flaw, identified as CVE-2026-4020, allows attackers without authentication to access sensitive information, including API keys and OAuth tokens. The vulnerability has a medium severity score of 5.3, but the potential exposure of critical data makes it a significant concern for site administrators. Users of the Gravity SMTP plugin need to ensure they update to the latest version to protect their sites from these attacks. The urgency of addressing this issue is heightened by the fact that the vulnerability is currently being exploited in the wild.
Hackers are taking advantage of an unauthenticated information disclosure vulnerability in the Gravity SMTP plugin for WordPress, which is installed on around 100,000 websites. This vulnerability allows attackers to access sensitive information without needing to log in, potentially exposing user data and other critical site details. The flaw poses a serious risk to website owners and their users, as it could lead to further attacks or data breaches. Website administrators are urged to assess whether they are using this plugin and to take necessary actions to secure their sites. Ignoring this issue could leave users’ information vulnerable and put the integrity of the websites at risk.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to users of Fortinet devices after a significant data leak exposed around 74,000 firewall and VPN credentials, an incident referred to as 'FortiBleed.' This breach puts numerous organizations at risk as attackers could potentially exploit these exposed credentials to gain unauthorized access to sensitive networks. Fortinet customers are urged to take immediate action to secure their devices and change their passwords. The leak serves as a stark reminder of the importance of maintaining strong security practices, especially for critical infrastructure. Organizations using Fortinet products should prioritize this issue to prevent potential breaches.
Researchers have discovered a massive data leak involving 24 billion stolen credentials, which were found in an unsecured Elasticsearch database. The leaked data, amounting to over 8.3 terabytes, includes sensitive information such as passwords and email addresses, potentially exposing countless users to account takeovers. This incident, identified on June 12th, raises serious concerns for individuals and organizations alike, as attackers can easily exploit this information for malicious purposes. The scale of the leak underscores the ongoing risks posed by infostealers and various online breach collections. Users are encouraged to change their passwords and enable two-factor authentication to protect their accounts from potential breaches.
A new type of cyber attack known as Agentjacking is taking advantage of artificial intelligence coding tools by using fake error reports. This method allows attackers to infiltrate systems without needing stolen credentials or direct access to networks. Instead, they exploit the coding tools that developers rely on, which could lead to unauthorized access and manipulation of sensitive data. This is particularly concerning for companies that use AI tools for software development, as it raises questions about the security of their coding environments. As this attack method evolves, organizations need to be vigilant and ensure their development tools are secure against such manipulations.
A new threat group, referred to as Operation Escaneo, has emerged in Latin America, displaying a unique approach to cyberattacks. This group appears to blend opportunistic monetization with intelligence gathering, often without coordinated efforts between the two activities. This dual focus raises concerns about the potential for more disruptive attacks, as the group may exploit vulnerabilities for financial gain while simultaneously collecting valuable information. The implications of this strategy could affect various sectors in the region, particularly as attackers may target organizations without prior notice. Companies need to be vigilant and enhance their cybersecurity measures to defend against such evolving threats.
A recent analysis has revealed that a majority of REDCap servers accessible via the internet are outdated and vulnerable. These servers, which are widely used in research and healthcare for data collection, are currently being targeted by a hacking group linked to China, known as UNC6508. Researchers found that these attackers use these vulnerabilities for initial access and to deploy backdoors, making it easier for them to exploit the systems further. The situation raises serious concerns for organizations relying on REDCap for sensitive data management, as outdated servers can lead to data breaches and compromise patient confidentiality. It's crucial for administrators to update their systems to defend against these ongoing attacks.
A supply chain attack has targeted multiple WordPress plugins from ShapedPlugin, leading to the distribution of compromised updates to paying customers through the vendor's official update mechanism. This breach allowed attackers to inject malicious code into the plugins, potentially affecting numerous WordPress sites that rely on these tools. Users of affected plugins may face serious security risks, including unauthorized access and data breaches. The situation is alarming as it underscores the vulnerability of software supply chains, where attackers can exploit trusted sources to distribute malware. Website owners using these plugins should take immediate precautions, including checking for updates and reviewing security practices to mitigate any potential damage.
A new phishing kit called GitBait has been discovered that specifically targets users of Mexican banks. This kit takes advantage of GitHub Pages and the SheetBest API to create fake login pages designed to capture sensitive banking credentials. Researchers have noted that this attack is particularly concerning because it leverages trusted platforms to appear legitimate, potentially tricking victims into providing their information. Users of Mexican banking services should be especially vigilant and ensure they are accessing official websites before entering any personal details. This incident serves as a reminder of the evolving tactics employed by cybercriminals to exploit unsuspecting individuals.
Recent analysis has revealed that a malware campaign, previously known as 'Lorem Ipsum', is now distributing a tool called ClickFix through compromised WordPress sites. This campaign is suspected to be linked to the ransomware and data extortion group Vice Society. Organizations that rely on WordPress for their websites may be particularly vulnerable, as attackers exploit these compromised platforms to deliver malicious payloads. The implications of this shift are significant, as it not only demonstrates the evolving tactics of cybercriminals but also raises concerns for businesses and their data security. Companies should take precautions to secure their WordPress sites and monitor for any unusual activity.
Infosecurity Magazine
Chainguard, JPMorgan, and BNY Mellon have joined forces to create a new coalition called Athena, aimed at addressing vulnerabilities in open source software that could be exploited by artificial intelligence. This initiative seeks to identify and fix weaknesses in AI models before they can be targeted by malicious actors. The collaboration comes as the reliance on open source components in software development grows, raising concerns about security. By proactively addressing these vulnerabilities, the coalition aims to enhance the security of software that many organizations depend on. This move is particularly significant given the increasing sophistication of cyber threats related to AI technology.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about an actively exploited vulnerability in the LiteSpeed cPanel user-end plugin, identified as CVE-2026-54420. This flaw poses a significant risk to U.S. government servers, prompting CISA to give agencies just three days to secure their systems. Attackers can exploit this vulnerability to gain unauthorized access, which could lead to data breaches or other malicious activities. The urgency of the warning highlights the need for prompt action to protect sensitive information and maintain system integrity. Agencies are advised to take immediate steps to patch their systems against this threat.