Critical UniFi Flaws Put Network Control Planes Back in the Patch Queue
Ubiquiti patched critical UniFi Connect, Talk, Access, Protect, and UniFi OS flaws. Here is what SMBs and government contractors should patch, restrict, and review now.
Ubiquiti patched critical UniFi Connect, Talk, Access, Protect, and UniFi OS flaws. Here is what SMBs and government contractors should patch, restrict, and review now.
Unit 42 reported a Vidar stealer and XMRig campaign using malvertising, fake cracked-software lures, misleading certificate metadata, oversized binaries, and commodity loader infrastructure. Here is what SMBs and government contractors should take away.
Mandiant shows how ADFS certificate drift and Machine DPAPI can expose active signing keys. Here is what SMBs and government contractors should do now.
Cisco Talos reports UAT-7810 is expanding ORB relay infrastructure using compromised edge and embedded devices. Here is what SMBs and government contractors should do now.
SOCRadar linked the FortiBleed FortiGate credential-harvesting campaign to INC and Lynx ransomware operations. Here is what SMBs and government contractors should do next.
The FBI and industry partners disrupted NetNut and the Popa botnet. Here is why residential proxy abuse matters for SMBs, government contractors, and defenders.
Sophos CTU reports that Vect and TeamPCP have linked ransomware deployment with supply-chain credential theft. Here is what SMBs and government contractors should harden now.
Ousaban’s Spain and Portugal campaign shows how banking trojans use geofencing, phishing PDFs, steganography, and daily-changing C2 to evade sandbox-heavy defenses.
CVE-2026-54161 in Network UPS Tools upsmon shows why UPS monitoring, notification scripts, and power-infrastructure control paths need patching, segmentation, and process monitoring.
Cisco Talos uncovered ARToken, an EvilTokens-linked phishing-as-a-service panel built around Microsoft 365 token theft, device-code phishing, mailbox access, SharePoint operations, and BEC automation. The practical lesson: treat identity tokens, inbox rules, and cloud collaboration data as tier-zero assets.