Another avoidable breach. This time impacting EY and their clients. Plaintext data, including PII, controlled IP, keys, and tokens were exposed and exfiltrated. Why are we still working with plaintext databases?
https://t.co/vHyjfCe5Hu
#cybersecurity#databreach
UPDATE 🠖 FortiBleed looks bigger than first reported.
Update: Hudson Rock says FortiBleed targeted 73,932 Fortinet firewall URLs across 194 countries, affecting 21,632 domains.
The bigger risk: exposed FortiGate SSL VPNs may be used as listening posts to capture more credentials and keep the access loop going.
Read the full update: https://t.co/r8VrvtdCie
🚨 Microsoft Outlook & Word Vulnerabilities Allow Attackers to Execute Malicious Code
Source: https://t.co/bgGiXwT28d
Microsoft released critical fixes for three closely related remote code execution (RCE) vulnerabilities in Microsoft Outlook and Word that stem from low‑level memory‑safety flaws in the Word rendering engine and its integration with Outlook Classic.
These bugs, tracked as CVE‑2026‑45456, CVE‑2026‑45458, and CVE‑2026‑47635, are rated Critical with a CVSS v3.1 base score of 8.4, reflecting high impact on confidentiality, integrity, and availability if exploited.
Microsoft classifies them as remote code execution because a remote attacker can deliver malicious content over the network (for example, via email).
#cybersecuritynews
Calling Chemical; Commercial Facilities; Critical Manufacturing; Defense Industrial Base; Energy; Financial Services; Information Technology; and Nuclear Reactors, Materials, and Waste sectors. Join our CIRCIA Town Hall June 18 at 11:30am ET. Register: https://t.co/SaKyMzxCPC
We need you! We’re hiring for a variety of mission-critical roles to help protect our nation’s critical infrastructure. New positions are regularly being added to USAJobs. Join the mission: https://t.co/arFjUkoBF4
According to Cybersecurity Ventures @CybersecuritySF, #cybercrime damages are expected to hit $10.5 trillion annually this year. That’s a massive jump from the $3 trillion in damages hit in 2015. https://t.co/AGL3tapWEg
🚨 DIG AI - Darknet AI Tool Enables Hackers to Launch Sophisticated Attacks
Source: https://t.co/EY3FUeWzc1
A new and ominous player has emerged in the rapidly expanding landscape of "Shadow AI."
DIG AI, an uncensored artificial intelligence tool hosted on the darknet, is empowering threat actors to automate cyberattacks, generate illicit content, and bypass the safety guardrails of traditional AI models.
Unlike legitimate platforms that enforce strict ethical guidelines, DIG AI is explicitly designed to have none. Accessible via the Tor network, it requires no account registration, ensuring complete anonymity for its users.
#cybersecuritynews
⚡ Amazon confirms a Russian GRU unit hacked Western energy and infrastructure networks for years.
The threat wasn’t malware, it was silent credential theft from live traffic.
From 2021–2025, APT44 relied less on zero-days and more on exposed routers and VPN gateways.
🔗 Read → https://t.co/FTufcA5yzT