General CTI

In one of the most significant international cybercrime operations to date, INTERPOL has announced the successful conclusion of Operation Synergia III—a coordinated global effort that dismantled critical infrastructure supporting phishing, malware, and ransomware campaigns worldwide. Six Months of Coordinated Enforcement Running from July 18, 2025 through January 31, 2026, the operation brought together law enforcement…

Business process outsourcing (BPO) giant Telus Digital has confirmed a major cybersecurity incident after the notorious ShinyHunters extortion group claimed to have stolen nearly one petabyte of data from the company and its customers. The breach, which involved unauthorized access to internal systems over an extended period, highlights a dangerous evolution in attacker strategy—where threat…

Google has released emergency security updates to address two high-severity vulnerabilities in Chrome that are being actively exploited in the wild. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added both flaws to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to patch by March 27, 2026. The Vulnerabilities The two critical flaws…

Cybersecurity researchers have uncovered a sophisticated campaign where threat actors are weaponizing FortiGate Next-Generation Firewall (NGFW) appliances as entry points to breach victim networks. The activity, documented by SentinelOne, targets healthcare, government, and managed service provider environments. How FortiGate Integration Becomes a Vulnerability FortiGate appliances often integrate directly with Active Directory (AD) and Lightweight Directory…

SAP customers are being urged to immediately patch a critical zero-day vulnerability in the Visual Composer component of SAP NetWeaver application server that threat actors are actively exploiting to deploy web shell backdoors. The Vulnerability Tracked as CVE-2025-31324, this unrestricted file upload vulnerability received the maximum severity score of 10 on the CVSS scale. The…

A powerful iOS exploit kit named “Coruna” has transitioned from elite surveillance operations to financially motivated cryptocurrency theft, signaling a dangerous shift in the mobile threat landscape. From Spyware Vendor to Cybercriminal Hands Google Threat Intelligence Group (GTIG) has disclosed details on a previously undocumented iOS exploit kit containing 23 exploits and five full exploit…

Microsoft, Europol, and a coalition of cybersecurity partners have dismantled Tycoon 2FA, one of the most prolific phishing-as-a-service (PhaaS) platforms ever documented, seizing 330 domains used for credential theft and multi-factor authentication bypass. The coordinated takedown marks the first cross-border public-private action of its kind under a U.S. court order and Europol’s Cyber Intelligence Extension…

Cisco has released critical security updates to address two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) software that could allow unauthenticated remote attackers to gain complete root access to affected systems. Critical Vulnerabilities Overview Secure FMC serves as the central management interface for Cisco firewall administrators, providing control over application policies, intrusion prevention,…