A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration platform, has come under active exploitation in the wild. The vulnerability (CVE-2026-22679, CVSS score: 9.8) relates to a case of unauthenticated remote code execution affecting Weaver E-cology 10.0 versions prior to 20260312. The issue residesRead More »Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API

Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens. The multi-stage campaign, observed between April 14 and 16, 2026, targeted more than 35,000 users acrossRead More »Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries

Individuals were recently notified of a ransomware attack affecting Sandhills Medical Foundation that occurred in May 2025.

An active phishing campaign has been observed targeting multiple vectors since at least April 2025, with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote access to compromised hosts. The activity, codenamed VENOMOUS#HELPER, has impacted over 80 organizations, most of which are in the U.S.,Read More »Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass. MOVEit Automation (formerly Central) is a secure, server-based managed file transfer (MFT) solution used to schedule and automate file movement workflows in enterprise environments without requiringRead More »Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass

Two cybersecurity professionals were imprisoned for their role in a string of 2023 ransomware attacks. 

This week, the shadows moved faster than the patches. While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems. The game has shifted from breach to occupation. They’re living inside SaaSRead More »⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More

Instructure recently confirmed its data was stolen.