Information security

Information security

We noticed strange IP activity that took place yesterday from two IP addresses. The activity included combing through certain files pertaining to the Epstein investigation.

The On-Box Anomaly detection framework should only be reachable by other internal processes over the internal routing instance, but not over an externally exposed port. With the ability to access and manipulate the service to execute code as root a remote attacker can take complete control of the device.

Cisco confirmed that attackers exploited the bug, tracked as CVE-2026-20127, to bypass authentication, gain privileged access, and quietly steal data. The discovery prompted a rare joint warning from authorities in the US, UK, Australia, Canada, and New Zealand.

Despite the relative stability in total payments, ransomware attacks surged across multiple vectors in 2025, with eCrime.ch data showing a 50 percent YoY increase in claimed ransomware victims, marking the most active year on record.

While AI tools are lowering the barrier to development, the gap between speed and manageability is growing. In just over a year and a half, AI code assistants have grown from an experiment to an integral part of modern development environments. They are driving strong productivity growth, but organizations are not keeping up with the associated security and governance issues.

Gottumukkala struggled to lead the agency during his tenure as acting director and caused security headaches, including the uploading of sensitive government documents to ChatGPT, according to reports. Staffing at the agency was slashed by one-third. Gottumukkala also reportedly failed a counterintelligence polygraph he took in order to view classified documents, and suspended several career officials in response, including the agency's then-chief security officer.

An attacker could exploit the flaw via crafted UPnP SOAP requests to execute OS commands on a vulnerable device. It is important to note that WAN access is disabled by default on these devices, and the attack can be carried out remotely only if both WAN access and the vulnerable UPnP function have been enabled.

Given the scale and disruption of 2025, this pattern could be an early signal that 2026 may follow a similar path. Organisations should not mistake the month-on-month drop for a decline in risk. As for Qilin, its attacks show no signs of stopping - within the past few days it has claimed a breach of the Local 100 Chapter of the Transport Workers Union of America, affecting 41,000 current and 26,000 former employees.

Security debt as 'known vulnerabilities left unresolved for more than a year' now affects 82 percent of companies, up from 74 percent a year ago. High-risk vulnerabilities, meaning flaws that are both severe and likely to be exploited, have risen from 8.3 percent to 11.3 percent.

Rather than stolen data making headlines, it was business stoppage that triggered attention. Moving into 2026, the board's focus should be on ensuring business continuity and building resilience in the face of emerging risks generated by AI usage and attack vectors, quantum computing and geopolitics.

Tax season is stressful for many, making it an ideal time for scammers to target unsuspecting and distracted taxpayers. Awareness is our first, and best, line of defense. Criminals often pose as the IRS, payroll companies, tax preparation services, or even trusted financial institutions in an effort to steal money and sensitive information.

Calls where no one responds are rarely accidental. In many cases, they are automated reconnaissance events. Fraud operations run at industrial scale, and before they invest human effort in a target, they validate that a number is active and answered by a real person.

Omitted from the Notice Letter were the identity of the cybercriminals who perpetrated this Data Breach, the details of the root cause of the Data Breach, the vulnerabilities exploited, and the remedial measures undertaken to ensure such a breach does not occur again.

The attacker was using API calls to communicate with SaaS apps as command-and-control (C2) infrastructure to disguise their malicious traffic as benign, a common tactic used by threat actors when attempting to improve the stealth of their intrusions. Rather than abusing a weakness or security flaw, attackers rely on cloud-hosted products to function correctly and make their malicious traffic seem legitimate.

The threat actor gained access to Optimizely's systems through a sophisticated voice-phishing attack, but was unable to escalate privileges, install software, or create any backdoors in the Optimizely environment. The incident was confined to certain internal business systems including Zendesk, records in our Salesforce CRM, and a limited set of internal documents used for back-office operations.

Dependabot sounded the alarm on a large scale. Thousands of repositories automatically received pull requests and warnings, including a high vulnerability score and signals about possible compatibility issues. According to Valsorda, this shows that the tool mainly checks whether a dependency is present, without analyzing whether the vulnerable code is actually accessible within a project.

Google credits security researcher Shaheen Fazim with reporting the exploit to Google. The dude's LinkedIn says he's a professional bug hunter, and I'd say he deserves the highest possible bug bounty for finding something that a government agency is saying "in CSS in Google Chrome before 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page."

Peter Williams stole a U.S. defense contractor's trade secrets about highly sensitive cyber capabilities and sold them to a broker whose clients include the Russian government, putting our national security and countless potential victims at risk.