Cyber Security – Page 19 – Simply Secure Group

Cisco Firewall 0-day Vulnerability Exploited in the Wild to Deploy Interlock Ransomware

An active campaign by the Interlock ransomware group is exploiting a critical zero-day vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC) Software. Cisco disclosed the flaw on March 4, 2026; it allows unauthenticated remote attackers to execute arbitrary Java code as root. Amazon threat intelligence researchers discovered Interlock exploiting this vulnerability 36 days before […]

OpenAI Launches GPT-5.4 Mini and Nano to Provide Answers 2X Faster

OpenAI Launches GPT-5.4 Mini and Nano OpenAI has officially launched GPT-5.4 mini and GPT-5.4 nano, releasing its most capable small models designed to handle high-volume, latency-sensitive workloads. The new mini iteration offers a significant performance upgrade over the previous GPT-5 mini across reasoning, coding, tool use, and multimodal understanding, while running more than twice as […]

Critical FortiClient SQL Injection Vulnerability Enables Arbitrary Database Access

FortiClient SQL Injection vulnerability A critical SQL injection vulnerability in Fortinet’s FortiClient Endpoint Management Server (EMS). Tracked as CVE-2026-21643, this severe flaw carries a CVSS score of 9.1. It allows unauthenticated attackers to execute arbitrary SQL commands and access sensitive database information. The issue specifically affects FortiClient EMS version 7.4.4 when multi-tenant mode is active. […]

Iranian Cyber Ops Maintain US Network Footholds, Target Cameras for Regional Surveillance

Iran’s cyber operations took a sharp turn in early 2026, with state-linked threat actors quietly embedding themselves inside US and Canadian networks while also targeting internet-connected surveillance cameras across the Middle East for battlefield intelligence. The Iranian APT group MuddyWater, tied to Iran’s Ministry of Intelligence and Security (MOIS), maintained unauthorized access to multiple American […]

AWS Bedrock AgentCore Sandbox Bypass Allows Covert C2 Channels and Data Exfiltration

A significant security flaw in AWS Bedrock AgentCore Code Interpreter’s “Sandbox” network mode, a feature advertised by AWS as providing complete network isolation that allows outbound DNS queries, enabling threat actors to establish covert command-and-control (C2) channels and exfiltrate sensitive data. AWS Bedrock AgentCore Code Interpreter is a managed service that allows AI agents and […]

Phishers Abuse LiveChat Support Tools to Steal Sensitive Data in New SaaS-Based Attack Tactic

A newly identified phishing campaign is turning legitimate customer service software into a weapon for stealing sensitive user data. Attackers have been found abusing LiveChat, a widely used Software-as-a-Service (SaaS) platform that businesses rely on for real-time customer support, to carry out convincing phishing operations against unsuspecting victims. The campaign marks a clear shift from […]

Fake Shipment Tracking Scams Surge in MEA, Stealing Banking Data Through Real-Time Phishing

Every day, billions of people rely on postal and courier services to deliver everything from personal letters to online orders. This dependence has grown steadily alongside the global rise of e-commerce. The 2024 Universal Postal Union report found that postal services now serve 7.3 billion people, and Statista recorded roughly 161 billion parcels shipped in […]

New ACRStealer Variant Uses Syscall Evasion, TLS C2 and Secondary Payload Delivery

A new variant of ACRStealer has emerged with upgraded capabilities that make it significantly harder to detect and more dangerous to the systems it targets. First reported by Proofpoint in early 2025 as a rebranded version of the Amatera Stealer, this latest iteration introduces low-level syscall evasion, encrypted C2 communication over TLS, and the ability […]

Microsoft to Block Windows 11 and Server 2025 Automated Installation After Critical RCE Vulnerability

Windows 11 and Server 2025 Automated Installation Microsoft has announced a two-phase plan to disable the hands-free deployment feature in Windows Deployment Services (WDS) following the discovery of a critical remote code execution (RCE) vulnerability tracked as CVE-2026-0386. The flaw, rooted in improper access control, allows an unauthenticated attacker on an adjacent network to intercept […]

Meta to Permanently Remove End-to-End Encryption Feature in Instagram DMs

Meta has confirmed it will permanently remove end-to-end encryption (E2EE) support from Instagram direct messages, with the feature officially shutting down after May 8, 2026. The announcement, quietly posted on Instagram’s Help Center support page, marks a significant reversal from Meta’s earlier commitment to privacy-focused messaging across its platforms. Instagram’s E2EE feature was never widely […]

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.