Meridiano
The U.S. cybersecurity agency CISA has added a VMware Aria Operations vulnerability (CVE-2026-22719) to its catalog of known exploited flaws, requiring federal agencies to patch it. Broadcom, VMware's parent company, acknowledges reports of active exploitation but cannot independently confirm them. The critical command injection flaw, patched in February 2026, allows unauthenticated attackers to execute arbitrary commands. Organizations are urged to apply the provided patches or a temporary script-based workaround immediately. The main topics covered are the critical vulnerability's active exploitation status, the mandated patching timeline, and the technical details of the flaw and its mitigation.
Articles infosec
Showing articles 136 - 150 of 173 total (matching filters).
-
infosec 5 -
infosec 6A U.S. cybersecurity agency has added a high-severity VMware vulnerability to its catalog due to active exploitation. The flaw allows unauthenticated attackers to execute arbitrary commands for potential remote code execution. Patches and a temporary workaround are available for affected products. Federal agencies are mandated to apply fixes by a specific deadline. The article covers the vulnerability's details, the response from authorities and the vendor, and the current lack of information on the exploitation campaigns.
-
infosec 6A new APT group called Silver Dragon, operating under the Chinese-linked APT41 umbrella, is targeting government entities in Europe and Southeast Asia. It uses three primary infection methods: exploiting public servers, hijacking legitimate Windows services, and phishing emails with malicious attachments. The attacks deploy tools like Cobalt Strike for persistence, along with custom backdoors and utilities for surveillance and data theft. The group employs advanced techniques like DNS tunneling and DLL side-loading to evade detection.
-
infosec 5Malicious PHP packages on the Packagist registry are distributing a cross-platform remote access trojan (RAT) that targets Laravel applications. The packages, including "nhattuanbl/lara-helper" and "nhattuanbl/simple-queue," use obfuscation to hide a payload that connects to a command-and-control server, providing attackers with full remote shell access, file manipulation, and system reconnaissance. The RAT is persistent and runs with the web application's permissions, exposing sensitive data like credentials. Users are advised to remove the packages, rotate all secrets, and audit network traffic.
-
infosec 5A Chinese cyberespionage group tracked as "Silver Dragon," linked to the APT41 nexus, is targeting government entities in Southeast Asia and Europe. The group gains initial access through phishing emails with malicious attachments or by exploiting public-facing servers. It maintains persistence by hijacking legitimate Windows services and uses custom tools, including the GearDoor backdoor, to conduct covert operations and evade detection.
-
infosec 3Enterprises now have budget for AI security but lack clear requirements for AI Governance, creating a procurement crisis. A new RFP Guide has been released to help organizations evaluate AI Usage Control solutions by shifting focus from securing individual applications to governing user interactions with AI. The guide provides a structured framework across eight domains to combat vendor "feature-wash" and ensure solutions can inspect activities at the point of interaction, even in complex environments like incognito mode or AI-native browsers. The main topics covered are the challenge of defining AI Governance, the need for interaction-level security controls, the shortcomings of legacy security tools against AI risks, and the introduction of a standardized RFP guide to address these issues.
-
infosec 5Google has identified a sophisticated iOS exploit kit named Coruna, targeting iPhones on older iOS versions (13.0 to 17.2.1) with multiple exploit chains. The kit has evolved, circulating from a commercial surveillance vendor to a nation-state actor and finally to a financially motivated Chinese threat actor by December 2025. Its deployment marks a shift from targeted spyware to broader exploitation, with instances observed on compromised Ukrainian websites linked to Russian espionage and on fake Chinese financial sites. The findings highlight an active market for second-hand zero-day exploits and significant proliferation of advanced spyware capabilities. The main topics covered are the discovery and technical details of the Coruna exploit kit, its evolution and transfer between different threat actors, and its observed deployments in espionage and criminal campaigns.
-
infosec 5A major African cybercrime syndicate was dismantled through an international law enforcement operation called Sentinel, led by Interpol. The operation resulted in 574 arrests, the recovery of over $3 million, and the decryption of six malware variants. The private cybersecurity firm Team Cymru played a key supporting role, using its unique data and expertise to help track the criminals. The article highlights the collaboration between private sector threat hunters and global law enforcement to combat cybercrime.
-
infosec 4A routine alert for a brute-force attack on an exposed RDP server led to the discovery of a compromised account. Investigation revealed the attacker used geo-distributed infrastructure to conduct domain enumeration after gaining access. This activity pointed to a larger ransomware-as-a-service ecosystem rather than an isolated incident. The main topics covered are the initial attack vector (RDP brute-forcing), the subsequent investigation, and the uncovering of organized cybercrime infrastructure.
-
infosec 5The University of Mississippi Medical Center has resumed normal operations nine days after a ransomware attack disrupted its IT systems, patient records, and phone lines, forcing the cancellation of appointments and procedures. The attack disproportionately impacted patient care, though hospitals and emergency departments remained open. UMMC officials confirmed they have been in contact with the attackers and are investigating the incident with the FBI and CISA. The main topics covered are the ransomware attack's impact, the restoration of services, and the ongoing investigation.
-
infosec 6An international law enforcement operation coordinated by Europol has disrupted the Tycoon2FA phishing-as-a-service platform, seizing 330 of its domains. The platform, active since 2023, was used to bypass multi-factor authentication by intercepting login credentials and session cookies, targeting hundreds of thousands of organizations. The technical disruption was led by Microsoft with support from multiple private sector partners, while law enforcement from several European nations executed the takedown. The service, sold via Telegram, enabled large-scale phishing campaigns generating tens of millions of emails monthly.
-
infosec 2This article uses analogies from the TV show Stranger Things to explain modern cybersecurity threats and defenses. It compares the show's "hive mind" to botnets and APTs that compromise vulnerable assets like IoT devices. The piece also discusses how telemetry data and AI analysis can provide early warnings and detect threats, similar to tracking villains in the show. Additionally, it covers lateral movement through networks and the dual-use nature of AI for both enabling cyberattacks and powering cybersecurity defenses.
-
infosec 5Following U.S.-Israel military actions, cybersecurity firms report a significant surge in retaliatory hacktivist activity in the Middle East. Between late February and early March 2026, 149 DDoS attacks targeted 110 organizations across 16 countries, with over 70% of the activity driven by just two groups, Keymous+ and DieNet. The majority of attacks were concentrated in the Middle East—specifically Kuwait, Israel, and Jordan—and primarily targeted government, finance, and telecommunications sectors. The article details a broader digital conflict involving multiple state-sponsored and hacktivist groups conducting operations ranging from data breaches to phishing campaigns and infrastructure attacks.
-
infosec 4The FBI, in an international operation coordinated by Europol, has seized the LeakBase cybercrime forum. The action involved law enforcement in 14 countries, included arrests and searches, and resulted in the forum's domain displaying a seizure notice. The operation secured the forum's entire database for evidence, aiming to disrupt criminal activity and deter future cybercrime. The main topics covered are the law enforcement seizure of a major hacking forum, the scope of the international operation, and the preservation of user data for investigations.
-
infosec 4A threat actor is attempting to extort HungerRush, a restaurant technology provider, by sending emails to the company's restaurant customers. The emails claim the attacker has access to millions of customer records containing sensitive personal and financial data. HungerRush has confirmed a security incident and is investigating, though it disputes a link to a previously reported infostealer infection on an employee's device. The main topics covered are the extortion attempt, the potential data breach, and the company's response.