09 Jul, 2026

CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day

CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. Unauthenticated remote attackers can exploit this security flaw (tracked as CVE-2026-50751) to bypass authentication and establish a remote access VPN connection on targeted Mobile Access/SSL VPNs, […]

2 mins read

Check Point links VPN zero-day attacks to Qilin ransomware gang

Israeli cybersecurity company Check Point has released security updates to patch a critical flaw affecting Remote Access VPN and Mobile Access deployments, which was exploited in zero-day attacks. Tracked as CVE-2026-50751, this vulnerability can be exploited by unauthenticated, remote attackers to bypass authentication on targeted Mobile Access / SSL VPNs, Remote Access VPNs, or Spark firewalls […]

2 mins read

U.S. sanctions Nobitex crypto exchange used by Iranian ransomware actors

The U.S. Treasury’s Office of Foreign Assets Control (OFAC) has announced sanctions against Nobitex, Iran’s largest cryptocurrency exchange, for facilitating payments related to terrorist activities. Nobitex is believed to have helped evade economic sanctions and also facilitated transactions linked to the Islamic Revolutionary Guard Corps (IRGC). Among the transactions, the U.S. authorities found wallets associated […]

2 mins read

AI-built ransomware toolkit automates EDR evasion, AD discovery

A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions. Tool and payload development was assisted by Cursor and Claude Opus agents in various stages, including initial coding, analysis, and revisioning. Additionally, some agents were tasked with checking security research posts […]

4 mins read

Hackers bypass SonicWall VPN MFA due to incomplete patching

Threat actors brute-forced VPN credentials and bypassed multi-factor authentication (MFA) on SonicWall Gen6 SSL-VPN appliances to deploy tools used in ransomware attacks. During the intrusions, the hacker took between 30 and 60 minutes to log in, do network reconnaissance, test credential reuse on internal systems, and log out. SonicWall warned in a security advisory for […]

3 mins read

Cybercrime service disrupted for abusing Microsoft platform to sign malware

Microsoft says it has disrupted a malware-signing-as-a-service (MSaaS) operation that abused the company’s Artifact Signing service to generate fraudulent code-signing certificates used by ransomware gangs and other cybercriminals. According to a report published today by Microsoft Threat Intelligence, the threat actor tracked as Fox Tempest used the Microsoft Artifact Signing platform to create short-lived certificates […]

4 mins read

West Pharmaceutical says hackers stole data, encrypted systems

West Pharmaceutical Services disclosed that it was the target of a cyberattack that resulted in data exfiltration and system encryption. The company said that it detected a compromise on May 4th. An investigation into the incident determined that the attacker stole data from the network. “On May 7, 2026, West Pharmaceutical Services, Inc. determined that […it] […]

2 mins read

Foxconn confirms cyberattack claimed by Nitrogen ransomware gang

Foxconn, the world’s largest electronics manufacturer, says some of its North American factories are now working to resume normal operations after a cyberattack. The electronics giant has over 900,000 employees across over 240 campuses in 24 countries and reported revenues of over $260 billion in 2025. The company is ranked 28th in Fortune Global 500 […]

2 mins read

UK fines water supplier $1.3M for exposing data of 664k customers

The Information Commissioner’s Office has fined South Staffordshire Water Plc and parent company South Staffordshire Plc £963,900 ($1.3 million) over a cyberattack that exposed the personal data of 663,887 customers and employees. The company supplies 330 million liters of drinking water to 1.6 million consumers daily and, in 2022, disclosed that it was the target […]

2 mins read

Trellix source code breach claimed by RansomHouse hackers

The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which leaked a small set of images as proof of the intrusion. Yesterday, the threat actor published on their data leak site screenshots indicating access to the cybersecurity company’s appliance management system. However, GeekFeed could not […]

2 mins read