Fortinet Releases Security Advisory for Relative Path Traversal Vulnerability Affecting FortiWeb Products

CISA is aware of exploitation of a newly disclosed vulnerability, CVE-2025-64446, in Fortinet FortiWeb, a web application firewall. This vulnerability affects the following FortiWeb versions:1 8.0.0 through 8.0.1 7.6.0 through 7.6.4 7.4.0 through 7.4.9 7.2.0 through 7.2.11 7.0.0 through 7.0.11 Read More …

Threat Landscape of the Building and Construction Sector Part Two: Ransomware

The construction sector is increasingly vulnerable to ransomware attacks in 2025 due to its complex ecosystem and distinctive operational challenges. Construction projects typically involve a web of contractors, subcontractors, suppliers, and consultants, collaborating through shared digital platforms and exchanging sensitive Read More …

Uncovering a Multi-Stage Phishing Kit Targeting Italy’s Infrastructure

Phishing remains one of the most persistent and adaptive threats in cybersecurity. It is common and widespread for cybercriminals to impersonate reputable IT companies in phishing campaigns, exploiting the trust these brands have built and thus targeting both affected companies Read More …

Increase in Lumma Stealer Activity Coincides with Use of Adaptive Browser Fingerprinting Tactics

In the wake of a targeted doxxing campaign last month that exposed the alleged core members of Lumma Stealer (which Trend Micro tracks as Water Kurita), the underground infostealer landscape experienced a significant upheaval. As detailed in Trend Research’s previous Read More …

#StopRansomware: Akira Ransomware

The United States’ Federal Bureau of Investigation (FBI) and partner organisations are releasing this joint advisory to disseminate known Akira ransomware IOCs and TTPs identified through FBI investigations and trusted third-party reporting as recently as November 2025. Akira ransomware threat Read More …

1 million victims, 17,500 fake sites: Google takes on toll-fee scammers

A Phishing-as-a-Service (PhaaS) platform based in China, known as “Lighthouse,” is the subject of a new Google lawsuit. Lighthouse enables smishing (SMS phishing) campaigns, and if you’re in the US there is a good chance you’ve seen their texts about Read More …

Criminals Impersonate US Health Insurance Providers Target Chinese Speakers Residing in the United States

The Federal Bureau of Investigation (FBI) warns the public about an evolving financial fraud scheme targeting Chinese speaking individuals residing in the United States in which criminals impersonate US health insurance providers and Chinese law enforcement. Targeted individuals receive a Read More …

CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities

CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices. Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, Read More …

Irish regulator launches investigation into X over handling of reports from users

Ireland’s media regulator has commenced a formal investigation into X over concerns about how it handles reported content. Coimisiún na Meán suspects the platform, formerly known as Twitter, may not be in compliance with its obligations under Article 20 of Read More …

Swedish Authority for Privacy Protection Investigates Data Breach Exposing 1.5 Million People

The Swedish Authority for Privacy Protection (IMY) is investigating a data breach at major government software supplier Miljödata that has compromised the personal information of 1.5 million people. Miljödata learned of the breach after experiencing system disruptions that affected government Read More …