Skip to content
FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations

FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations

The recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were intended for follow-on intrusions. “An operator tied to FortiBleed’s infrastructure was found actively working negotiation panels for both groups, tying mass FortiGate credential theft directly to ransomware deployment

SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation

SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-45659 (CVSS score: 8.8), is a case of remote code execution arising from the deserialization ofRead More »SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation

Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters

Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters

Argo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided they can reach the component’s internal network port. Synacktiv, which found the bug, says it can lead to a full cluster takeover. ThereRead More »Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters

Microsoft Adds New Teams Controls to Block Unauthorized AI Bots From Meetings

Microsoft’s new Teams admin policy requires organizer approval for external AI bots, giving organizations greater visibility and control over automated participants in sensitive meetings. The post Microsoft Adds New Teams Controls to Block Unauthorized AI Bots From Meetings appeared first on SecurityWeek.

SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT

SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT

Unknown threat actors are leveraging the ScreenConnect remote access tool as a way to deploy and execute AsyncRAT. Kaspersky said the activity is part of a “massive, multi-domain, multi-language” campaign that distributes malicious installer archives hosted on spoofed websites. These installers masquerade as popular software like OBS Studio, DNS Jumper,Read More »SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT

VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer

VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer

Cybersecurity researchers have flagged a new multi-stage malware delivery attack chain that uses social engineering and Blogger pages to deliver an information stealer called PureLogs. The activity has been codenamed VEIL#DROP by Securonix. It’s suspected that the initial payloads are distributed either via spear-phishing or a drive-by compromise, which occursRead More »VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer

Copyright © 2026 infosecintel.net