Blog Posts
All blog posts from Comfidentia
Doxxing in children: Risks and protection strategies
The digital world offers many opportunities for self-expression and development, but it is also a space where disagreements can escalate quickly, and bullying, harassment and revenge are present. Doxxing is a leading form of online retaliation that can have a significant impact on the mental health …
North Korean actors intensify 'Contagious Interview' campaign on npm registry
North Korean threat actors responsible for the “Contagious Interview” campaign have flooded the npm registry with 197 additional malicious packages since last month. According to a Socket analysis, these packages have accumulated more than 31,000 downloads and are designed to distribute …
Teams Vulnerability Allows Microsoft Defender Bypass Through Guest Access
Ontinue security researchers have discovered a “cross-tenant blind spot” in Microsoft Teams that allows attackers to bypass Microsoft Defender for Office 365 protections using the guest access feature.
The problem is that when a user operates as a guest in an external tenant, their …
Vulnerability in legacy Python packages exposes PyPI supply chain to takeover attacks
Cybersecurity researchers have discovered vulnerable code in outdated Python packages that could pave the way for a supply chain compromise attack on the Python Package Index (PyPI) via a domain takeover technique.
Software supply chain security company ReversingLabs identified the vulnerability in …
Critical Vulnerability in Mattermost Allows Account Takeover (CVE-2025-12421)
Mattermost Critical Vulnerability Summary
A default configuration in Mattermost, an open source collaboration platform used by enterprises and government agencies, exposes deployments to critical Account Takeover risk. The vulnerability, identified as CVE-2025-12421, allows an attacker, via a …
Multiple London Local Authorities Face Serious Cybersecurity Incident
Multiple local authorities in London are dealing with a serious cybersecurity incident, it has recently emerged. The Royal Borough of Kensington and Chelsea (RBKC) and Westminster City Council (WCC) issued a statement saying they are responding to an incident identified on Monday morning.
The …
RomCom Uses SocGholish to Distribute Mythic Agent in Attack on Engineering Company
Threat actors linked to the RomCom group have been observed using the SocGholish JavaScript loader to deliver the Mythic Agent to a US-based civil engineering company. This event marks the first time that a RomCom payload distributed through SocGholish has been detected.
The attack has been …
Organizations expose credentials when using online code formatting tools
New research has revealed that organizations in sensitive industries, such as governments, telecommunications, and critical infrastructure, are exposing passwords and credentials by pasting them into online code formatting and validation tools such as JSONformatter and CodeBeautify.
Cybersecurity …
Critical Vulnerabilities Affect Fluent Bit
Critical Bug Discovery in Fluent Bit
Cybersecurity researchers have discovered a set of critical vulnerabilities affecting Fluent Bit, a widely used telemetry agent with more than 15 billion deployments. These flaws highlight weaknesses in essential components that organizations use to move logs, …
DeepSeek AI Generates Unsafe Code When Touching Politically Sensitive Topics, According to CrowdStrike
New research from CrowdStrike has revealed that the artificial intelligence (AI) reasoning model DeepSeek-R1 produces a significantly higher number of security vulnerabilities in response to requests containing topics considered politically sensitive by China.
The study, which assessed the impact …
Five Critical Vulnerabilities in Fluent Bit Could Compromise Cloud Infrastructures
Security researchers at Oligo Security have discovered five vulnerabilities in Fluent Bit, a lightweight, open-source telemetry agent, that could be chained together to compromise and take control of cloud infrastructures.
Fluent Bit is widely used in enterprise environments, and successful …
Iberia Airlines Customer Data Compromised via Supplier Breach
Security Alert: Iberia Airlines Reports Customer Data Breach
Iberia Airlines, part of the International Airlines Group (IAG) along with British Airways and Aer Lingus, has notified its customers about a security incident that compromised personal information. The data breach originated through an …
Sha1-Hulud: Second Wave of npm Supply Chain Attacks Reveals Sabotage Tactics
Multiple security companies have warned of a second wave of attacks affecting the npm registry, reminiscent of the Shai-Hulud attack of September 2025. This new campaign, called Sha1-Hulud, has compromised hundreds of npm packages between November 21 and 23, 2025.
According to Wiz researchers, the …
Cybercriminals Use Browser Notifications to Distribute Malware Through the Matrix Push C2 Platform
A new command and control (C2) platform called Matrix Push C2 is being used by cybercriminals to distribute malware, taking advantage of a legitimate feature of web browsers: push notifications.
According to a report by BlackFrog, this malicious platform tricks users with fake system notifications, …
Salesforce Alert on Unauthorized Access via Third Party Applications
 …
State of Supply Chain Defense: Annual Global Perspectives Report 2025
Alarming Increase in Supply Chain Gaps
According to BlueVoyant’s annual State of Supply Chain Defense: Annual Global Insights Report 2025, an overwhelming majority of organizations (97%) have been negatively impacted by a supply chain breach. This data represents a significant increase …
WhatsApp Exposes 3.5 Billion Phone Numbers Due to Enumeration Vulnerability
Potentially Historic Massive Data Leak
Austrian researchers have revealed a mass enumeration vulnerability in WhatsApp that allowed the extraction of 3.5 billion user phone numbers. This finding highlights a security flaw in the app’s “contact discovery” feature, which, lacking …
HackOnChat: WhatsApp Hacking Fraud Explained
CTM360 has identified a rapidly expanding WhatsApp account hacking campaign, internally called HackOnChat. This campaign uses a network of deceptive authentication portals and phishing pages to target users around the world.
Attackers exploit WhatsApp’s familiar web interface and employ …
7-Zip vulnerability under active exploitation
A newly disclosed security vulnerability affecting 7-Zip is being actively exploited in practice, according to an advisory issued by the United Kingdom’s NHS England Digital. The vulnerability allows remote attackers to execute arbitrary code on affected systems.
Vulnerability Details …
Dragon Breath and Phishing Campaigns Distribute Gh0st RAT to Chinese Users
The cyber threat landscape targeting Chinese-speaking users has intensified with the detection of multiple malware campaigns. Two recent reports highlight the sophistication of threat actors using the Gh0st RAT remote access trojan, a malware known for its versatility.
One of the campaigns involves …
Dragon Breath Campaign Deploys Gh0st RAT Using Sophisticated Evasion Techniques
The threat group known as Dragon Breath, also tracked as APT-Q-27 and Golden Eye, has been detected using a multi-stage loader called RONINGLOADER to deliver a modified variant of the Gh0st RAT remote access Trojan. This campaign primarily targets Chinese-speaking users and uses Trojanized NSIS …
Fortinet warns of actively exploited FortiWeb command injection vulnerability
Fortinet …
Operation WrtHug: Massive Cyberattack Compromised More Than 50,000 ASUS EoL Routers
A newly discovered cyberattack campaign, dubbed Operation WrtHug, has compromised tens of thousands of ASUS routers that are end-of-life (EoL) or outdated. The operation has recruited these devices into a vast network of botnets.
Over the past six months, SecurityScorecard’s STRIKE team …
PlushDaemon group uses new EdgeStepper backdoor for AitM attacks
The …
PlushDaemon Uses Backdoor EdgeStepper for AitM Attacks and Software Update Hijacking
The threat …
Ransomware Rise in Q3 2025: Compromised Credentials and Zero-Days Dominate
The third quarter of 2025 saw a significant increase in ransomware attacks, with an 11% increase in data breach publications compared to the previous quarter. According to a report from Beazley Security, only three ransomware groups were responsible for the majority of cases (65%), with the primary …
Does your chatbot know too much? Think twice before you tell your AI companion everything.
The idea of entering into a romantic relationship with an artificial intelligence system, popularized by the movie “Her,” has moved from the realm of science fiction to a tangible reality thanks to the proliferation of generative AI and large-scale language models (LLM). Virtual …
DoorDash Confirms Data Breach After Social Engineering Scam
Food delivery service DoorDash has confirmed that it suffered a data breach in October 2025, where some customers’ personal information was accessed. The company detailed that the incident was the result of a social engineering scam targeting one of its employees.
Details of the Data Breach …
The rise of AI in new account fraud
Artificial intelligence (AI) technology is increasingly being adopted by fraudsters to commit new account fraud (NAF) and bypass even biometric checks. This is revealed by a new report from Entrust, which analyzed data from more than one billion identity verifications in 30 sectors and 195 …
🚨 RondoDox exploits unpatched XWiki servers to expand its botnet
The RondoDox botnet malware is actively exploiting unpatched XWiki servers via the critical vulnerability CVE-2025-24893 (CVSS 9.8), allowing arbitrary remote code execution.
🔍 CVE-2025-24893
Evaluation injection bug that allows any guest user to execute remote code via the /bin/get/Main/SolrSearch …
🔎 Cybersecurity at Risk: Audit reveals critical gaps in healthcare organization
A recent cybersecurity audit revealed critical vulnerabilities in the technological infrastructure of a recognized healthcare organization.
How to Reduce Your Digital Attack Surface: Key Recommendations for Comfidentia
Key recommendations to reduce the digital attack surface in your organization.