Cybersecurity

The holiday shopping season has brought with it a notable increase in cyber threats targeting consumers. According to recent data, there has been an 86% increase in malicious websites impersonating postal services in the last month. This trend underscores the growing risk for consumers awaiting delivery of their online purchases. Cybercriminals are taking advantage of the seasonal increase in online shopping to send fraudulent messages that imitate legitimate delivery companies. These messages usually alert about supposed delays or suspensions of packages, with the aim of deceiving victims. ...

PTA Alert on the Increase in Fraud and Hacking on WhatsApp Pakistan Telecommunication Authority (PTA) has issued an alert to mobile users regarding the increasing number of hacking and cyber fraud incidents through WhatsApp. Scammers are using social engineering tactics to trick people into gaining access to sensitive personal information, which can result in financial losses and misuse of victims’ accounts. The PTA urges users to remain vigilant and implement security measures to protect against these threats. Criminals often take advantage of victims’ trust, making scams seem urgent and legitimate in order to manipulate them. ...

This week’s ThreatsDay newsletter highlights the continued adaptation of attackers, who are reconfiguring existing tools and finding new angles of attack on familiar systems. Small tactical changes are adding up quickly, suggesting possible directions for future security breaches. Constantly Evolving Threat Tactics The threat landscape is characterized by its fluidity, with a focus on attackers quickly adapting. Key points of this week’s activity include: Repurposing old tools: Attackers do not always develop new tools, but rather find innovative ways to use pre-existing tools or common systems for their malicious purposes. More sophisticated social engineering attacks: Recent activity shows an increase in “clever social hooks” designed to manipulate users and gain initial access. Changing attack infrastructures: A change is observed in the infrastructure used by threat actors, requiring constant monitoring to detect new patterns. Attack Patterns and Exploit Speed This week’s analysis highlights recurring patterns in how attacks evolve: ...

The US Department of Defense (DoD) has designated ISACA as the global credentialing authority for the Cybersecurity Maturity Model Certification (CMMC) program. This designation seeks to ensure that defense contractors meet strict cybersecurity standards. The CMMC program, introduced by DoD in 2020, requires contractors handling Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) to implement appropriate cybersecurity practices to protect the defense industrial base. Impact and Implementation Deadlines ...

The threat group known as Jewelbug, also tracked by Check Point Research as Ink Dragon, has intensified its attacks against government targets in Europe since July 2025. Although the actor, aligned with China and active since at least March 2023, continues to attack entities in Southeast Asia and South America, its focus has expanded significantly. Check Point Research has detailed the operations of this hacking group, highlighting its combination of solid software engineering, disciplined operational playbooks, and the reuse of native platform tools to blend into normal company telemetry. These tactics make their intrusions “effective and stealthy.” ...

Fortinet, Ivanti, and SAP have released updates to address critical security flaws in their products. These vulnerabilities could allow authentication bypass or remote code execution if successfully exploited. Fortinet Critical Vulnerabilities (CVE-2025-59718 and CVE-2025-59719) Fortinet has addressed two critical vulnerabilities (CVSS 9.8) affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. The flaws, identified as CVE-2025-59718 and CVE-2025-59719, are due to incorrect verification of the cryptographic signature (CWE-347). Impact: An unauthenticated attacker could bypass FortiCloud SSO login authentication via a crafted SAML message, if the FortiCloud SSO feature is enabled on the device. Temporary Mitigation: While this feature is not enabled by default, administrators should verify if it was enabled during device registration in FortiCare. It is recommended to temporarily disable the FortiCloud login feature until the update can be applied. Mitigation Instructions: ...

Multiple local authorities in London are dealing with a serious cybersecurity incident, it has recently emerged. The Royal Borough of Kensington and Chelsea (RBKC) and Westminster City Council (WCC) issued a statement saying they are responding to an incident identified on Monday morning. The incident has impacted several systems of both organizations, including telephone lines. Both entities have notified the UK Information Commissioner’s Office (ICO) and are collaborating with the National Cyber ​​Security Center (NCSC) for the response to the incident. ...

Critical Bug Discovery in Fluent Bit Cybersecurity researchers have discovered a set of critical vulnerabilities affecting Fluent Bit, a widely used telemetry agent with more than 15 billion deployments. These flaws highlight weaknesses in essential components that organizations use to move logs, metrics and traces across banking, cloud and software-as-a-service (SaaS) platforms. According to an advisory from Oligo Security, the flexibility of Fluent Bit can become a significant risk if data sanitization fails. The problems identified lie in input handling, label processing and output management. ...

New research from CrowdStrike has revealed that the artificial intelligence (AI) reasoning model DeepSeek-R1 produces a significantly higher number of security vulnerabilities in response to requests containing topics considered politically sensitive by China. The study, which assessed the impact of geopolitical biases on the quality of AI-generated code, found that the likelihood of DeepSeek-R1 generating code with serious vulnerabilities increases by up to 50% when including “topics that the Chinese Communist Party (CCP) is likely to consider politically sensitive.” ...

Security researchers at Oligo Security have discovered five vulnerabilities in Fluent Bit, a lightweight, open-source telemetry agent, that could be chained together to compromise and take control of cloud infrastructures. Fluent Bit is widely used in enterprise environments, and successful exploitation of these flaws could allow attackers to disrupt cloud services, manipulate data, and delve into Kubernetes and cloud infrastructures. Details of Vulnerabilities The identified security flaws allow attackers to bypass authentication, perform path traversal, achieve remote code execution (RCE), cause denial of service (DoS) conditions, and manipulate tags. The five vulnerabilities are detailed below: ...