Posts

FortiBleed Credential Attack Targets Fortinet Firewalls

Image
FortiBleed Credential Harvesting Attack Targets Fortinet Firewalls A large scale credential harvesting campaign known as FortiBleed has exposed Fortinet firewall and SSL VPN credentials across thousands of organizations worldwide. The campaign targets Fortinet FortiGate firewalls and VPN gateways, which are commonly used to protect enterprise networks, manage remote access, and control traffic between trusted and untrusted environments. For defenders, this is a major perimeter security warning. Firewalls and VPN gateways are not just network appliances. They are trust gateways into corporate infrastructure. If attackers obtain valid credentials for these systems, they may not need to exploit a new vulnerability. They can attempt to log in through legitimate access paths, establish VPN sessions, modify firewall settings, create persistence, or move deeper into internal networks. FortiBleed shows how exposed perimeter devices, credential theft, weak authentication, reused passwords, and ...
Post a Comment
Read more

SQL Server 2025 AI Features Can Enable Data Theft

Image
Hackers Can Abuse SQL Server 2025 AI Features to Exfiltrate Sensitive Data Security researchers have demonstrated how Microsoft SQL Server 2025 AI features can be abused by attackers after a database environment is compromised. SQL Server 2025 introduces powerful AI ready capabilities for modern workloads, including support for external REST endpoints, external AI models, embeddings, vector search, and integrations designed to help organizations build AI driven applications directly around enterprise data. Those features are valuable. They also change the security model. Researchers from SpecterOps showed that legitimate SQL Server 2025 features can be repurposed for sensitive data exfiltration, covert command and control, persistence, and authentication hash coercion. For enterprises, this is an important warning. AI features inside a database engine are not only developer conveniences. They are new execution, communication, and data movement paths that must be governed, monitored, an...
Post a Comment
Read more

GitBait Phishing Campaign Abuses GitHub Pages

Image
GitBait Phishing Campaign Abuses GitHub Pages to Steal Credentials A phishing campaign known as GitBait is abusing GitHub Pages to host deceptive phishing content on trusted infrastructure. The campaign uses the credibility of GitHub hosted pages to make malicious links appear more legitimate and harder to block. For enterprises, this is a serious phishing and cloud abuse issue. GitHub is widely trusted by developers, security teams, vendors, software companies, and enterprise IT departments. That trust is exactly what attackers are trying to exploit. When a phishing page is hosted on a GitHub Pages domain, users may be less suspicious, and some security tools may treat the link with less scrutiny than a newly registered phishing domain. This makes GitBait a clear example of how attackers abuse trusted cloud and developer platforms to bypass traditional defenses. What Happened: Security researchers identified a phishing campaign called GitBait that abuses GitHub Pages. GitHub Pages all...
Post a Comment
Read more

AIRecon Penetration Testing Tool Uses Local AI

Image
AIRecon Penetration Testing Tool Brings Local AI Automation to Security Assessments AIRecon is an open source penetration testing tool designed to bring artificial intelligence into security assessment workflows while keeping execution local. The tool combines a self hosted large language model through Ollama, a Kali Linux Docker sandbox, Caido proxy integration, and a terminal based interface for security testing. For penetration testers, bug bounty researchers, red teams, and internal security teams, AIRecon reflects a growing shift in offensive security. Artificial intelligence is no longer limited to writing reports or summarizing findings. It is increasingly being used to support reconnaissance, analysis, testing decisions, tool orchestration, and structured security workflows. That creates opportunity. It also creates risk. AI powered penetration testing tools can help defenders move faster, but they must be used only against systems that the operator owns or has explicit permiss...
Post a Comment
Read more

OptinMonster Plugin Exposure Put WordPress Sites at Risk

Image
OptinMonster Plugin Exposure Put WordPress Sites at Risk of Backdoors A supply chain-style incident involving trusted WordPress plugin scripts has exposed websites using OptinMonster, PushEngage, and TrustPulse to possible compromise. The issue centered on tampered JavaScript served to WordPress sites that relied on these plugins. For OptinMonster and TrustPulse, the malicious script exposure reportedly lasted for a short window on June 12, 2026. However, even a short exposure window can matter when the affected code runs in the browser of an authenticated WordPress administrator. The risk was not aimed at ordinary visitors. The danger appeared when a logged-in site administrator loaded a page where the tampered script executed. Under the right conditions, the malicious code could create a rogue administrator account and install a hidden plugin that provided a persistent backdoor. For businesses that rely on WordPress for marketing, lead generation, ecommerce, publishing, or customer e...
Post a Comment
Read more

NarwhalRAT Malware Uses PowerShell and Python Loader

Image
Hackers Abuse LNK Files, PowerShell, and Python Loader to Deploy NarwhalRAT A sophisticated malware campaign is targeting Korean users through phishing emails, malicious shortcut files, PowerShell abuse, and a Python-based loader chain. The campaign deploys a remote access trojan known as NarwhalRAT. The infection begins with a spear phishing email that pretends to come from the “Microsoft Account Team.” The message warns the recipient about suspicious one-time password activity and urges them to open an attached advisory document. In reality, the attachment is a ZIP archive containing a malicious LNK shortcut file. Once opened, the shortcut launches a layered infection chain that uses built-in Windows tools and a Python payload to install the malware while blending into normal system behavior. For enterprises, this campaign is a strong reminder that modern malware often succeeds by combining ordinary tools with deceptive packaging. What Happened: Threat actors are using phishing email...
Post a Comment
Read more