Threat

Critical Grist Core Vulnerability Enables RCE Attacks Through Spreadsheet Formulas

A severe security vulnerability has been identified in Grist-Core, the open-source self-hosted variant of the Grist relational spreadsheet-database, which could allow remote code execution (RCE). The flaw, cataloged as CVE-2026-24002 with a CVSS score of 9.1, has been dubbed Cellbreak by Cyera Research Labs. “One malicious formula can turn a spreadsheet into a Remote Code Execution (RCE) beachhead,” said security researcher Vladimir Tokarev, who […]

Critical Grist Core Vulnerability Enables RCE Attacks Through Spreadsheet Formulas Read More »

Microsoft Office Zero-Day CVE-2026-21509 – Emergency Patch Released Amid Active Exploitation

Microsoft has released emergency security updates for a critical Microsoft Office zero-day vulnerability that has been actively exploited by attackers. The flaw, identified as CVE-2026-21509 with a CVSS score of 7.8, is a security feature bypass within Microsoft Office. According to Microsoft, “Reliance on untrusted inputs in a security decision allows unauthorized attackers to bypass

Microsoft Office Zero-Day CVE-2026-21509 – Emergency Patch Released Amid Active Exploitation Read More »

Fortinet Patches CVE-2026-24858 Following Active FortiOS SSO Exploitation

Fortinet has started rolling out security updates to fix a critical vulnerability in FortiOS, which has recently been actively exploited in the wild. The flaw, tracked as CVE-2026-24858 with a CVSS score of 9.4, is an authentication bypass issue linked to FortiOS single sign-on (SSO). This vulnerability also impacts FortiManager and FortiAnalyzer, while Fortinet continues to investigate potential

Fortinet Patches CVE-2026-24858 Following Active FortiOS SSO Exploitation Read More »

Experts Identify Pakistan Linked Cyber Campaigns Targeting Indian Government Entities

Cybersecurity researchers have uncovered two previously undocumented cyber campaigns targeting Indian government entities, attributed to a threat actor believed to be operating from Pakistan. The campaigns, identified by Zscaler ThreatLabz in September 2025, have been named Gopher Strike and Sheet Attack. According to researchers Sudeep Singh and Yin Hong Chang, the operations show overlaps with known Pakistan-linked APT activity, particularly

Experts Identify Pakistan Linked Cyber Campaigns Targeting Indian Government Entities Read More »

ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services

Cybersecurity researchers have uncovered an advanced ClickFix campaign that combines deceptive CAPTCHA prompts with a signed Microsoft Application Virtualization (App-V) script to deliver a new information stealer known as Amatera. According to findings published by Blackpoint researchers Jack Patrick and Sam Decker, the attackers deliberately avoid launching PowerShell directly. Instead, they abuse a trusted Microsoft script

ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services Read More »

Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware

Cybersecurity researchers have identified an active phishing campaign targeting users in India as part of a suspected cyber espionage operation. The campaign delivers a multi-stage backdoor designed to provide long-term access, continuous surveillance, and data exfiltration from infected systems. According to the eSentire Threat Response Unit (TRU), the attackers are distributing phishing emails that impersonate

Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware Read More »

Malicious VS Code AI Extensions With 1.5 Million Installs Steal Developer Source Code

Cybersecurity researchers have uncovered two malicious Microsoft Visual Studio Code extensions that present themselves as AI-powered coding assistants but secretly collect and exfiltrate developers’ source code to servers based in China. The extensions, which together have reached more than 1.5 million installs and remain available on the official Visual Studio Marketplace, are listed as ChatGPT

Malicious VS Code AI Extensions With 1.5 Million Installs Steal Developer Source Code Read More »

New Phishing Attack Abuses Vercel Hosting Platform to Deliver a Remote Access Tool

A newly identified phishing campaign active between November 2025 and January 2026 has been abusing Vercel’s legitimate hosting infrastructure to distribute remote access tools to targeted victims. By combining social engineering with trusted cloud services, the attackers have significantly increased their success rate while evading traditional security defenses. The campaign relies heavily on urgency-based phishing

New Phishing Attack Abuses Vercel Hosting Platform to Deliver a Remote Access Tool Read More »

Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls

Fortinet has acknowledged active exploitation targeting a FortiCloud SSO authentication bypass vulnerability, even on firewalls that have received the latest patches. The security vendor is currently working to implement a permanent fix. Fortinet’s Chief Information Security Officer, Carl Windsor, stated in a post on Thursday, “Over the past 24 hours, we have observed multiple incidents

Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls Read More »

Multi Stage Phishing Campaign Targets Russia Using Amnesia RAT and Ransomware

Cybersecurity researchers have identified a sophisticated multi-stage phishing campaign actively targeting users in Russia, delivering both ransomware and a remote access trojan known as Amnesia RAT. According to a technical analysis published by Fortinet FortiGuard Labs researcher Cara Lin, the attack chain begins with carefully crafted social engineering lures delivered through business-themed documents. These files

Multi Stage Phishing Campaign Targets Russia Using Amnesia RAT and Ransomware Read More »