General CTI

Cybersecurity researchers have uncovered a sophisticated campaign where threat actors are weaponizing FortiGate Next-Generation Firewall (NGFW) appliances as entry points to breach victim networks. The activity, documented by SentinelOne, targets healthcare, government, and managed service provider environments. How FortiGate Integration Becomes a Vulnerability FortiGate appliances often integrate directly with Active Directory (AD) and Lightweight Directory…

SAP customers are being urged to immediately patch a critical zero-day vulnerability in the Visual Composer component of SAP NetWeaver application server that threat actors are actively exploiting to deploy web shell backdoors. The Vulnerability Tracked as CVE-2025-31324, this unrestricted file upload vulnerability received the maximum severity score of 10 on the CVSS scale. The…

A powerful iOS exploit kit named “Coruna” has transitioned from elite surveillance operations to financially motivated cryptocurrency theft, signaling a dangerous shift in the mobile threat landscape. From Spyware Vendor to Cybercriminal Hands Google Threat Intelligence Group (GTIG) has disclosed details on a previously undocumented iOS exploit kit containing 23 exploits and five full exploit…

Microsoft, Europol, and a coalition of cybersecurity partners have dismantled Tycoon 2FA, one of the most prolific phishing-as-a-service (PhaaS) platforms ever documented, seizing 330 domains used for credential theft and multi-factor authentication bypass. The coordinated takedown marks the first cross-border public-private action of its kind under a U.S. court order and Europol’s Cyber Intelligence Extension…

Cisco has released critical security updates to address two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) software that could allow unauthenticated remote attackers to gain complete root access to affected systems. Critical Vulnerabilities Overview Secure FMC serves as the central management interface for Cisco firewall administrators, providing control over application policies, intrusion prevention,…

In an unprecedented display of cyber warfare capability, Israel has executed what is being described as the largest cyberattack in history, plunging Iran into near-total digital darkness during a coordinated military operation on Saturday, February 28, 2026. Near-Total Internet Blackout Confirmed Independent internet monitor NetBlocks confirmed that Iran’s national connectivity dropped to just 4% of…

Cisco Talos has disclosed the active exploitation of CVE-2026-20127, a critical zero-day vulnerability in Cisco Catalyst SD-WAN Controller (formerly vSmart), by a highly sophisticated threat actor tracked as UAT-8616. The campaign, which dates back at least three years, targets critical infrastructure sectors through persistent network edge device compromise. The Vulnerability: CVE-2026-20127 The vulnerability allows an…