DJBSEC's CyberNews 2026-07-15
Today’s daily news covers the following categories: Threat Intelligence Authentication Phishing Vulnerability Malware
Microsoft Maps Year-Long ShinyHunters Attack Campaign
Threat Intelligence Microsoft has published new research detailing a year-long campaign conducted by the ShinyHunters cybercriminal group, documenting its evolving tactics, infrastructure, and victim selection. According to the report, the group relied on credential theft, social engineering, cloud compromise, and data extortion to target organizations across multiple industries. Researchers say the campaign demonstrates how financially motivated attackers are increasingly operating with the sophistication of advanced persistent threat groups. Microsoft believes the findings will help defenders identify patterns and improve detection of future ShinyHunters activity. The report offers valuable insight into one of today’s most active cybercrime operations. Read More
Microsoft Entra Expands Default Passkey Authentication
Authentication Microsoft has announced that passkeys will become the default authentication method for supported Microsoft Entra scenarios, continuing its move toward passwordless security. The change is designed to reduce the effectiveness of phishing, credential theft, and password spraying attacks that continue to target enterprise identities. Passkeys use cryptographic authentication that is significantly more resistant to traditional phishing techniques than passwords. Microsoft says organizations will retain administrative controls while encouraging broader adoption of modern authentication methods. The initiative represents another major step toward eliminating passwords from enterprise environments. Read More
Forg365 Makes Microsoft 365 Account Takeovers Easier
Phishing Researchers have identified a phishing toolkit called Forg365 that significantly lowers the technical barrier for compromising Microsoft 365 accounts. The platform automates many aspects of phishing campaigns, allowing less experienced attackers to generate convincing login pages, capture credentials, and steal authentication tokens. Analysts warn that the toolkit enables cybercriminals to launch sophisticated attacks with minimal technical expertise. Organizations are encouraged to deploy phishing-resistant authentication methods, strengthen conditional access policies, and continue user awareness training. The emergence of turnkey phishing services highlights the growing commercialization of cybercrime. Read More
Decades-Old Cisco IOS Vulnerability Actively Exploited
Vulnerability Researchers have disclosed active exploitation of a long-standing Cisco IOS vulnerability that has remained present in certain environments for many years. Attackers are taking advantage of organizations that have delayed upgrades or continue running unsupported network infrastructure. Successful exploitation can provide unauthorized access to networking equipment and create opportunities for lateral movement within enterprise environments. Security experts stress that aging infrastructure often becomes an attractive target due to inconsistent patch management. The campaign underscores the risks associated with legacy systems that remain connected to production networks. Read More
Turkish Banking Sector Targeted by More Than 8,400 Phishing Domains
Phishing Researchers have identified more than 8,400 phishing domains targeting customers of Turkish financial institutions in a coordinated credential theft campaign. The fraudulent websites closely imitate legitimate banking portals to trick victims into revealing usernames, passwords, and authentication information. Analysts believe the campaign is highly organized and designed to support financial fraud and account takeover operations. Financial institutions are working to identify and remove malicious domains while warning customers about fraudulent websites. The campaign demonstrates the continued scale and effectiveness of banking-focused phishing operations. Read More
xAI Expands Grok With Native Cloud Storage Support
Threat Intelligence xAI has announced new cloud storage integration capabilities for its Grok AI platform, allowing users to securely connect and analyze documents stored across cloud environments. The feature is intended to improve enterprise productivity by giving Grok access to business documents while maintaining administrative controls. Security experts note that deeper integration with cloud storage increases the importance of identity management, access controls, and data governance. xAI says the platform includes safeguards designed to protect customer information during AI-assisted analysis. The update reflects the growing trend of AI platforms becoming tightly integrated with enterprise data sources. Read More
AsyncAPI NPM Packages With Millions of Weekly Downloads Targeted
Malware Researchers have disclosed a supply chain incident involving AsyncAPI NPM packages that collectively receive more than two million downloads each week. The compromised packages could expose downstream developers and applications to malicious code, demonstrating the widespread impact that attacks on popular open-source projects can have. Security experts recommend immediately identifying affected versions, updating to clean releases, and reviewing development environments for signs of compromise. The incident highlights the continued targeting of software supply chains by sophisticated attackers. Developers are encouraged to implement dependency monitoring and software integrity verification. Read More
LastPass and Bitwarden Users Targeted With Fake Security Alerts
Phishing Cybercriminals are targeting LastPass and Bitwarden users with fraudulent security notifications designed to steal account credentials. The fake alerts claim users must immediately verify their accounts or respond to security incidents, creating a sense of urgency that encourages victims to click malicious links. Once users enter their credentials, attackers can gain access to stored passwords and other sensitive information. Security researchers recommend accessing password managers only through official websites or applications and ignoring unsolicited security emails. The campaign highlights how attackers increasingly target trusted security products themselves. Read More
FortiSandbox VNC Server Vulnerability Exposes Security Appliances
Vulnerability Researchers have identified a vulnerability affecting the VNC server component of FortiSandbox appliances. Successful exploitation could allow attackers to gain unauthorized access or interfere with systems that play a key role in enterprise malware analysis and threat detection. Security products remain attractive targets because compromising them can weaken an organization’s overall defensive capabilities. Fortinet customers are advised to apply available patches immediately and review systems for suspicious activity. The discovery reinforces the importance of securing the tools organizations depend on for cybersecurity. Read More
Attackers Spoof OAuth Client IDs to Bypass Trust Controls
Authentication Researchers have uncovered attacks that spoof legitimate OAuth client IDs to deceive users and abuse trusted authentication workflows. By impersonating approved applications, attackers can increase the likelihood that victims authorize malicious access requests. The technique exploits user trust rather than flaws in the OAuth protocol itself, making awareness and application validation especially important. Organizations are encouraged to carefully review application consent requests and limit OAuth permissions to trusted software. The findings demonstrate how identity-based attacks continue evolving alongside modern authentication technologies. Read More
Fortinet Patches Seven Security Vulnerabilities
Vulnerability Fortinet has released security updates addressing seven vulnerabilities across several of its enterprise security products. The flaws include issues that could allow privilege escalation, unauthorized access, or other security impacts if left unpatched. Administrators are being urged to review affected deployments and install updates as quickly as possible, particularly for internet-facing systems. Security experts note that Fortinet products remain frequent targets for both cybercriminal and nation-state actors due to their widespread enterprise deployment. Prompt patching remains the most effective defense against exploitation. Read More
Microsoft July 2026 Patch Tuesday Fixes 570 Vulnerabilities
Vulnerability Microsoft’s July 2026 Patch Tuesday addresses an unusually large set of 570 security vulnerabilities, including three actively exploited zero-day flaws. The updates span Windows, Office, Azure, Microsoft Edge, and numerous enterprise services, making this one of the largest Patch Tuesday releases in recent years. Security researchers recommend prioritizing the zero-day fixes and internet-facing systems before addressing the remaining vulnerabilities through standard patch management processes. Organizations are also encouraged to verify successful deployment across all managed devices and servers. The release highlights the increasing complexity of maintaining secure enterprise environments as software ecosystems continue to expand. Read More
Enjoy Reading This Article?
Here are some more articles you might like to read next: