OpenAI is working on yet another AI model, reportedly called GPT-4.1, a successor to GPT-4o. […]
Tycoon2FA phishing kit targets Microsoft 365 with new tricks
Phishing-as-a-service (PhaaS) platform Tycoon2FA, known for bypassing multi-factor authentication on Microsoft 365 and Gmail accounts, has received updates that improve its stealth and evasion capabilities. […]
AI-hallucinated code dependencies become new supply chain risk
A new class of supply chain attacks named ‘slopsquatting’ has emerged from the increased use of generative AI tools for coding and the model’s tendency to “hallucinate” non-existent package names. […]
Microsoft Defender will isolate undiscovered endpoints to block attacks
Microsoft is testing a new Defender for Endpoint capability that will block traffic to and from undiscovered endpoints to thwart attackers’ lateral network movement attempts. […]
Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit
Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched.
The attackers are believed to have leveraged known and now-patched security flaws, including, but not limited to, CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762.
“A threat actor used a known
The attackers are believed to have leveraged known and now-patched security flaws, including, but not limited to, CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762.
“A threat actor used a known
Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle
The CVE-2025-22457 has already been exploited by a China-nexus hacking gang notorious for breaking into edge network devices.
The post Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle appeared first on SecurityWeek.
Microsoft starts final Windows Recall testing before rollout
​Microsoft is gradually rolling out the AI-powered Windows Recall feature to Insiders in the Release Preview channel before making it generally available to all Windows users with Copilot+ PCs. […]
Western Sydney University discloses security breaches, data leak
Western Sydney University (WSU) announced two security incidents that exposed personal information belonging to members of its community. […]
Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks
Fortinet warns that threat actors use a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector was patched. […]
Fortinet: Symlink trick gives access to patched FortiGate VPN devices
Fortinet warns that threat actors use a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector was patched. […]