FortiBleed – Fortinet Warns of Password Attacks Targeting FortiGate Devices
Source: https://t.co/mysYgpuWih
Fortinet has issued an urgent security advisory warning customers of an ongoing credential-harvesting campaign targeting FortiGate appliances, dubbed “FortiBleed” by threat researchers.
According to the company’s analysis, the activity does not stem from a new vulnerability but rather exploits previously disclosed security gaps combined with poor password hygiene and absent multi-factor authentication (MFA).
"FortiBleed" reportedly impacts up to 86,000 internet-facing FortiGate firewalls and VPN appliances across 194 countries, making it one of the most significant Fortinet security incidents to date.
#cybersecuritynews
🚨 WhatsApp Disrupts NSO-Linked Cyberattack Targeting Users with Pegasus Spyware
Source: https://t.co/GPRM96raVN
Meta's WhatsApp has identified and disrupted a fresh wave of spear-phishing campaigns linked to NSO Group, the Israeli spyware firm blacklisted by the U.S. government, and is now asking a federal court to hold the company in contempt for violating a permanent injunction issued just last year.
WhatsApp's latest investigation, triggered by user reports, uncovered NSO-linked accounts attempting to lure users into clicking on malicious external links, a classic 1-click phishing technique previously attributed to NSO Group.
The campaign primarily targeted fewer than 10 users in Jordan and Lebanon, according to a Meta spokesperson.
#cybersecuritynews #whatsapp
⚠️ Hackers Can Hijack Claude Code MCP Traffic to Steal OAuth Tokens
Source: https://t.co/j9zw94lRHM
A five-step attack chain that silently redirects Claude Code's Model Context Protocol (MCP) traffic through attacker-controlled infrastructure, intercepting OAuth bearer tokens that grant persistent, broadly scoped access to connected SaaS platforms like Jira, Confluence, and GitHub with no patch incoming from Anthropic.
The attack, with the entry point being a malicious npm package designed to survive casual inspection. Hidden inside is a postinstall lifecycle hook that executes silently during installation, a well-documented supply chain attack class that gains critical new consequences in AI-agentic environments.
#cybersecuritynews
🚨 Check Point VPN 0-day Vulnerability Exploited in the Wild to Deploy Ransomware
Source: https://t.co/FQg9ydWTJL
Check Point Research has uncovered active exploitation of CVE-2026-50751, a critical authentication bypass vulnerability (CVSS 9.3) in Check Point Remote Access VPN and Mobile Access deployments, with confirmed post-compromise activity linked to the Qilin ransomware gang.
CVE-2026-50751 targets deployments configured to use the deprecated IKEv1 key exchange protocol. By exploiting a logic flaw in certificate validation, an unauthenticated remote attacker can establish a VPN session without a valid user password, effectively bypassing all authentication requirements.
#cybersecuritynews
⚠️ New Linux Kernel Vulnerability Lets Attackers Escalate Privileges to Root
Source: https://t.co/A4E9LxFKUZ
A use-after-free vulnerability in the Linux kernel's nftables subsystem has been disclosed, enabling unprivileged local attackers to escalate privileges to root on widely deployed distributions including Debian Bookworm, Debian Trixie, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS.
Tracked as CVE-2026-23111, the flaw was discovered in early 2025 and patched upstream on February 5, 2026, via a kernel commit.
The bug originates in the nft_map_catchall_activate() function within the nftables subsystem — a packet filtering framework built on top of Linux's Netfilter hooks.
#cybersecuritynews
🛑 Hackers can get into some Check Point VPNs without knowing the password.
And it’s already being exploited.
The bug is CVE-2026-50751 and affects IKEv1 Remote Access/Mobile Access setups.
Check if your gateways are exposed.
Read: https://t.co/OpKjta2NFS
🛡️ New EDRChoker Tool Uses Policy-Based Quality of Service to Block EDR Processes
Source: https://t.co/I8RPWRgH9x
A newly released open-source red team tool called EDRChoker introduces a novel technique for silencing cloud-connected Endpoint Detection and Response (EDR) agents not by killing their processes or injecting code, but by quietly choking their network bandwidth to near-zero using Windows’ native Policy-Based Quality of Service (QoS) engine.
The tool exploits Windows Policy-Based Quality of Service (QoS) to throttle EDR processes to near-zero bandwidth, effectively isolating them from their command infrastructure.
#cybersecuritynews
🚨 Free Apps on Samsung and LG Smart TVs Secretly Turning Your Devices Into AI Proxies
Source: https://t.co/E5rkrPvemf
Free apps available on Samsung, LG, Roku, and other major smart TV platforms have been quietly enrolling millions of living room devices into a commercial residential proxy network used to scrape web data for AI training all through a consent dialog buried in a TV remote's arrow-key navigation, according to new research from Include Security.
The culprit is an SDK developed by Bright Data, a Tel Aviv-based data-collection company that markets what it calls the world's largest residential proxy network, claiming 150M+ IP addresses sourced via embedded software in partner apps.
#cybersecuritynews
Microsoft 365 Service Degradation Bypassed Windows Driver Auto-Update Controls
Source: https://t.co/0uQqrI2mMM
Microsoft has resolved a Microsoft 365 service degradation issue that temporarily bypassed Windows driver auto-update controls, leading to unintended driver installations on managed devices.
The issue affected Windows devices configured with policies designed to prevent automatic updates, particularly in enterprise environments where strict update governance is enforced.
Despite these controls, some users observed that drivers were being installed without administrative approval, raising concerns about policy enforcement and endpoint integrity. This service temporarily dropped device enrollment information, which is critical for identifying systems managed under enterprise policies such as Microsoft Intune or other MDM solutions.
#cybersecuritynews #Windows
🚨 Teams and Google Drive Leveraged to Compromise Systems Within 20 Minutes
Source: https://t.co/A7kA57hhgG
Hackers are increasingly abusing trusted enterprise platforms such as Microsoft Teams and Google Drive to deploy stealthy remote access malware, with a newly observed campaign leveraging social engineering and cloud-based command-and-control to evade detection.
Within minutes, the threat actor delivered a Java-based remote access trojan known as Nimbus RAT, completing the compromise in under 20 minutes. The attack followed a structured, repeatable kill chain, highlighting the growing operational maturity of these campaigns.
#cybersecuritynews