Meridiano
CISA has added a critical OS command injection vulnerability (CVE-2026-25108) in Soliton Systems' FileZen software to its Known Exploited Vulnerabilities catalog due to active exploitation. The flaw allows authenticated users to execute arbitrary commands and affects specific versions of the file transfer product when its Antivirus Check Option is enabled. The vendor advises updating to version 5.0.11 or later and changing all user passwords, while U.S. federal agencies have a remediation deadline of March 17, 2026. The main topics covered are the vulnerability's technical details, affected versions, exploitation conditions, and recommended mitigation steps.
Articles infosec
Showing articles 46 - 60 of 161 total (matching filters).
-
infosec 5 -
infosec 4SolarWinds has released patches for four critical vulnerabilities in its Serv-U file transfer software, which could allow remote code execution. The flaws, all rated 9.1 in severity, affect Serv-U version 15.5 and have been fixed in version 15.5.4. While exploitation requires administrative privileges, the company notes a medium risk on Windows systems. There is no mention of current active exploitation, though similar past vulnerabilities have been weaponized by threat actors.
-
infosec 5A major international law enforcement operation called Red Card 2.0 resulted in 651 arrests and the recovery of over $4.3 million from cybercriminal groups across Africa. The operation, involving Interpol, 16 African countries, and private cybersecurity firms, targeted various fraud schemes including investment scams and a syndicate that infiltrated a telecom provider. The article highlights that cybercrime in Africa is increasingly organized and transnational, with criminals using AI to enhance attacks like phishing. It also emphasizes the growing importance of public-private partnerships and regional cooperation to combat these threats despite resource challenges for some local agencies. The main topics covered are the results of Operation Red Card 2.0, the nature of cybercrime in Africa, and the collaborative efforts to fight it.
-
infosec 5An Australian national and former U.S. defense contractor employee, Peter Williams, was sentenced to over seven years in prison for selling eight zero-day cyber exploits to the Russian broker Operation Zero for millions in cryptocurrency. The stolen tools, intended for U.S. government use, could have enabled global cybercrime and espionage, causing significant financial loss to his employer. In response, the U.S. government sanctioned Operation Zero, its director Sergey Zelenyuk, and related entities for acquiring and distributing these tools, which they marketed to non-NATO countries and intelligence agencies. The main topics covered are the criminal conviction and sentencing for trade secret theft, the details of the cyber exploit sale to a Russian entity, and the subsequent U.S. sanctions against the foreign brokers.
-
infosec 3Mexican Army Special Forces killed Nemesio "El Mencho" Oseguera Cervantes, leader of the Jalisco New Generation Cartel (CJNG). His death is expected to cause a major reconfiguration in global drug trafficking and potentially increase violence. The article details the CJNG's origins as a splinter group from the Sinaloa Cartel and its rapid expansion into a global criminal enterprise involved in drug trafficking, extortion, and migrant smuggling. It also highlights the cartel's sophisticated use of technology, including social media for recruitment and AI for financial scams, to build its operational capacity.
-
infosec 4Manual processes for transferring sensitive data remain prevalent in national security organizations, creating significant security vulnerabilities and operational inefficiencies. These manual methods introduce risks like human error, delays, and exploitable gaps that adversaries can target, compromising mission assurance. Key barriers to automation include legacy systems, complex procurement cycles, cultural trust in manual oversight, and fear of disruption during technology transitions. The article concludes that persisting with manual handling undermines critical principles of speed, accuracy, and trust in contested environments.
-
.jpg?width=1280&auto=webp&quality=80&disable=upscale)
infosec 3A new scoring system called the Operational Technology Incident (OTI) Impact Score has been developed to measure the severity of cybersecurity events in industrial control and operational technology environments. Modeled after the Richter Scale, it rates incidents based on their severity, geographic reach, and duration to provide a clear, standardized assessment of business impact. The tool aims to help executives, insurers, and the media better understand and respond to OT cyber incidents, which are often mischaracterized. The score will be determined by vetted industry volunteers through an online portal shortly after an event occurs.
-
infosec 5Cybersecurity researchers identified four malicious NuGet packages targeting ASP.NET developers to steal sensitive data and create backdoors. The packages, published in August 2024 and downloaded over 4,500 times, exfiltrate ASP.NET Identity data and manipulate authorization rules. The campaign aims to compromise the applications built by developers, allowing threat actors persistent access to production systems. In a related incident, a malicious npm package named 'ambar-src' was also disclosed, having been downloaded over 50,000 times before removal.
-
infosec 5A new phishing technique called telephone-oriented attack delivery (TOAD) is successfully bypassing email security gateways. In these attacks, emails contain only a phone number, often impersonating a trusted entity like PayPal, prompting the recipient to call and be socially engineered. This method accounted for nearly 28% of detected gateway-bypassing threats in recent research, as the phone number payload is indistinguishable from legitimate contact information. Attackers are increasingly using multiple evasion techniques simultaneously, tailoring their approach based on the target's email platform to improve success rates.
-
infosec 3The article outlines common failures in security triage processes and how top teams address them. Key issues include making decisions without concrete evidence, inconsistent outcomes due to analyst seniority, and delays that give attackers more time. The proposed solution centers on using interactive sandboxes to obtain execution evidence quickly, enabling faster, evidence-backed verdicts within about a minute. This approach aims to reduce costs, improve consistency across shifts, and shorten response times.
-
infosec 5The cybercrime group Scattered LAPSUS$ Hunters (SLH) is recruiting women with financial incentives to conduct voice phishing attacks against IT help desks, aiming to increase their success rate through social engineering. The group, known for sophisticated attacks to bypass multi-factor authentication, uses these methods to gain initial access, move laterally within networks, and exfiltrate data, sometimes deploying ransomware. They heavily rely on legitimate tools and services to evade detection. Organizations are advised to enhance help desk training, enforce strict verification, and harden MFA policies. The main topics covered are the group's new recruitment tactic, its attack methods, and recommended defensive measures.
-
infosec 6Malicious Next.js repositories are being used to target developers through fake job interviews, aiming to establish remote code execution and persistent command-and-control access on infected machines. Microsoft researchers linked this activity to a broader cluster of threats, associated with North Korea's Lazarus APT, that use job-themed lures to infiltrate developer workflows. The campaign's objective is to compromise systems containing high-value assets like source code and cloud access. The attack employs methods like abusing Visual Studio Code automation or embedding obfuscated code into development assets to retrieve and execute malicious payloads.
-
infosec 5Cybersecurity researchers disclosed critical vulnerabilities in Anthropic's Claude Code AI assistant that could allow remote code execution and API credential theft. The flaws, which exploit configuration mechanisms like hooks and environment variables, enable attackers to execute arbitrary commands and steal API keys simply by having a user open a malicious repository. Three specific vulnerabilities were detailed, including two high-severity code injection flaws and an information disclosure issue, all of which have been patched in subsequent software updates. The incident highlights an expanded threat model where merely opening an untrusted project in an AI development environment can compromise security.
-
infosec 6Google disrupted the infrastructure of a suspected China-linked cyber espionage group, UNC2814, which breached at least 53 organizations globally. The group used a novel backdoor called GRIDTIDE that abused the Google Sheets API to disguise its command-and-control communications. Key topics covered include the group's tactics, the technical details of the GRIDTIDE malware, and Google's actions to terminate the attacker's projects and infrastructure.
-
infosec 3The PCI Security Standards Council's first annual report highlights that threats to payment systems are accelerating in sophistication and scale. The report emphasizes the council's increased focus on global collaboration, training, and transparency to address these risks. It notes that payment security has become a core business concern, moving beyond niche compliance. The evolving, complex payments ecosystem introduces risks like fragmentation between innovation and security.