Meridiano
Bitwarden now allows users to log into Windows 11 devices using passkeys stored in its vault, providing phishing-resistant authentication. The feature requires Entra ID-joined devices with FIDO2 security key sign-in enabled and a registered Entra ID passkey in the vault. It works by scanning a QR code with a mobile device to confirm access, removing passwords from the login process. This extends Microsoft's passkey provider API to the operating system's fundamental authentication layer.
Articles infosec
Showing articles 1 - 15 of 158 total (matching filters).
-
infosec 4 -
infosec 6A critical vulnerability (CVE-2026-28289) in the FreeScout helpdesk platform allows unauthenticated, remote code execution via a malicious email attachment. Attackers bypass a previous patch by using a zero-width space character in a filename, which circumvents security checks and enables server compromise. The flaw affects all versions up to 1.8.206, is patched in version 1.8.207, and requires immediate updating. While no active exploits are currently reported, the risk is considered high due to the vulnerability's severity and ease of exploitation.
The main topics covered are the technical details of a severe software vulnerability, its method of exploitation, the affected software versions and patch status, and the potential consequences and recommendations for mitigation.
-
infosec 7A high-severity command injection vulnerability (CVE-2026-22719) in VMware Aria Operations is being actively exploited, allowing unauthenticated attackers to execute remote commands and potentially gain full control of cloud environments. The U.S. cybersecurity agency CISA has added this flaw to its known exploited vulnerabilities catalog, and Broadcom has acknowledged reports of in-the-wild exploitation. The main risk is that compromising this central cloud management platform grants attackers broad access to the entire virtual infrastructure it manages, including credentials and network topology. Users are urged to immediately patch to version 8.18.6 or apply a provided workaround. The article covers the vulnerability's details, its exploitation status, the significant risk posed by cloud management platform compromises, and the urgent mitigation steps.
-
infosec 3Microsoft has released the KB5075039 update to fix a Windows 10 Recovery Environment (WinRE) issue that prevented it from starting, a problem introduced by an October 2025 update. The fix addresses a flaw similar to one previously resolved for Windows 11. Installing the update requires the WinRE partition to be at least 256MB in size, with instructions provided for resizing if necessary. The main topics covered are a software update to repair a broken system recovery tool and the technical requirements for its installation.
-
infosec 3LastPass is warning users about a phishing campaign using fake emails that impersonate support staff. These emails contain urgent alerts about unauthorized account access and direct users to fraudulent login pages to steal credentials. The company confirms its own systems are not compromised and reminds users that legitimate support will never ask for their master password. The main topics covered are the phishing attack methodology, LastPass's response and assurances, and the service's history of being targeted by similar scams.
-
infosec 5Cisco has released patches for two critical vulnerabilities in its Secure Firewall Management Center software: an authentication bypass flaw (CVE-2026-20079) and a remote code execution flaw (CVE-2026-20131), both exploitable remotely to gain root access. These vulnerabilities also affect related cloud-based management tools. Cisco states there is currently no evidence of active exploitation. The company additionally patched numerous other high-severity flaws across its security product portfolio.
-
infosec 7A previously undocumented iOS exploit kit named "Coruna," containing 23 exploits and five full chains, has been used in targeted espionage and financially motivated attacks against iOS versions 13.0 through 17.2.1. It was deployed by a surveillance vendor customer and later by Russian cyberspies targeting Ukrainian websites, before being used by a Chinese threat actor on fake gambling and crypto sites to steal cryptocurrency wallet data. The sophisticated kit uses non-public techniques, includes extensive documentation, and can bypass multiple iOS security layers. Its final payload, PlasmaGrid, targets crypto wallets and exfiltrates sensitive data, with its proliferation suggesting an active market for second-hand zero-day exploits.
-
infosec 3Computers can unintentionally leak data through physical emanations like radio waves, sound, and vibrations, a class of spying known as side-channel or TEMPEST attacks. US lawmakers Senator Ron Wyden and Representative Shontel Brown are launching an investigation into these vulnerabilities, urging the Government Accountability Office to assess the threat to the public. They criticize the government for not warning the public or requiring consumer electronics manufacturers to build in protective countermeasures. The main topics covered are side-channel attacks, the government's historical awareness and internal protections, and the new political push to investigate and potentially mandate defenses in consumer devices.
-
infosec 4A threat actor is attempting to extort HungerRush, a restaurant technology provider, by sending emails to the company's restaurant customers. The emails claim the attacker has access to millions of customer records containing sensitive personal and financial data. HungerRush has confirmed a security incident and is investigating, though it disputes a link to a previously reported infostealer infection on an employee's device. The main topics covered are the extortion attempt, the potential data breach, and the company's response.
-
infosec 4The FBI, in an international operation coordinated by Europol, has seized the LeakBase cybercrime forum. The action involved law enforcement in 14 countries, included arrests and searches, and resulted in the forum's domain displaying a seizure notice. The operation secured the forum's entire database for evidence, aiming to disrupt criminal activity and deter future cybercrime. The main topics covered are the law enforcement seizure of a major hacking forum, the scope of the international operation, and the preservation of user data for investigations.
-
infosec 5Following U.S.-Israel military actions, cybersecurity firms report a significant surge in retaliatory hacktivist activity in the Middle East. Between late February and early March 2026, 149 DDoS attacks targeted 110 organizations across 16 countries, with over 70% of the activity driven by just two groups, Keymous+ and DieNet. The majority of attacks were concentrated in the Middle East—specifically Kuwait, Israel, and Jordan—and primarily targeted government, finance, and telecommunications sectors. The article details a broader digital conflict involving multiple state-sponsored and hacktivist groups conducting operations ranging from data breaches to phishing campaigns and infrastructure attacks.
-
infosec 2This article uses analogies from the TV show Stranger Things to explain modern cybersecurity threats and defenses. It compares the show's "hive mind" to botnets and APTs that compromise vulnerable assets like IoT devices. The piece also discusses how telemetry data and AI analysis can provide early warnings and detect threats, similar to tracking villains in the show. Additionally, it covers lateral movement through networks and the dual-use nature of AI for both enabling cyberattacks and powering cybersecurity defenses.
-
infosec 6An international law enforcement operation coordinated by Europol has disrupted the Tycoon2FA phishing-as-a-service platform, seizing 330 of its domains. The platform, active since 2023, was used to bypass multi-factor authentication by intercepting login credentials and session cookies, targeting hundreds of thousands of organizations. The technical disruption was led by Microsoft with support from multiple private sector partners, while law enforcement from several European nations executed the takedown. The service, sold via Telegram, enabled large-scale phishing campaigns generating tens of millions of emails monthly.
-
infosec 5The University of Mississippi Medical Center has resumed normal operations nine days after a ransomware attack disrupted its IT systems, patient records, and phone lines, forcing the cancellation of appointments and procedures. The attack disproportionately impacted patient care, though hospitals and emergency departments remained open. UMMC officials confirmed they have been in contact with the attackers and are investigating the incident with the FBI and CISA. The main topics covered are the ransomware attack's impact, the restoration of services, and the ongoing investigation.
-
infosec 4A routine alert for a brute-force attack on an exposed RDP server led to the discovery of a compromised account. Investigation revealed the attacker used geo-distributed infrastructure to conduct domain enumeration after gaining access. This activity pointed to a larger ransomware-as-a-service ecosystem rather than an isolated incident. The main topics covered are the initial attack vector (RDP brute-forcing), the subsequent investigation, and the uncovering of organized cybercrime infrastructure.