DJBSEC's CyberNews 2026-07-16
Today’s daily news covers the following categories: Threat Intelligence Authentication Phishing Vulnerability Malware
Microsoft Details Year-Long ShinyHunters Campaign
Threat Intelligence Microsoft has released an in-depth analysis of a year-long campaign conducted by the ShinyHunters cybercriminal group, detailing its infrastructure, attack methods, and victim selection. The report shows the group relied on credential theft, cloud account compromise, social engineering, and data extortion to target organizations across multiple industries. Researchers note that ShinyHunters continues to evolve its tactics, operating with a level of sophistication typically associated with advanced persistent threat groups. Microsoft believes sharing these insights will help defenders detect similar activity earlier in the attack lifecycle. The report offers valuable intelligence into one of today’s most active financially motivated cybercrime groups. Read More
Microsoft Entra Makes Passkeys the Default Authentication Method
Authentication Microsoft has announced that passkeys will become the default authentication method for supported Microsoft Entra environments as part of its passwordless security strategy. Passkeys use cryptographic authentication that is significantly more resistant to phishing, credential theft, and password spraying attacks than traditional passwords. Microsoft says organizations will continue to have administrative control over deployment while encouraging broader adoption of modern authentication. Security experts view the move as an important milestone in reducing identity-based attacks. The announcement reflects Microsoft’s continued investment in phishing-resistant authentication technologies. Read More
Forg365 Lowers the Barrier for Microsoft 365 Phishing Attacks
Phishing Researchers have identified a phishing toolkit known as Forg365 that automates Microsoft 365 account takeover attacks. The service allows attackers with limited technical expertise to generate convincing phishing pages, capture credentials, and steal authentication tokens with minimal effort. Analysts warn that the platform contributes to the growing commercialization of cybercrime by making sophisticated phishing campaigns easier to launch. Organizations are encouraged to strengthen conditional access policies, deploy phishing-resistant authentication, and continue employee security awareness training. The toolkit demonstrates how phishing-as-a-service platforms continue to evolve. Read More
Legacy Cisco IOS Vulnerability Under Active Exploitation
Vulnerability Security researchers have observed attackers actively exploiting a decades-old Cisco IOS vulnerability against organizations still running outdated networking equipment. The attacks primarily target environments where legacy devices remain in production without current security updates. Successful exploitation can provide unauthorized access to network infrastructure and create opportunities for lateral movement throughout enterprise environments. Experts stress that unsupported networking hardware remains an attractive target because it often lacks modern security protections. The campaign highlights the risks associated with delaying infrastructure modernization. Read More
Turkish Financial Institutions Hit by Massive Phishing Campaign
Phishing Researchers have identified more than 8,400 phishing domains impersonating Turkish banks in a coordinated credential theft operation. The fake websites closely resemble legitimate online banking portals and are designed to capture usernames, passwords, and authentication information. Security analysts believe the infrastructure supports large-scale financial fraud and account takeover campaigns. Banks are working with security providers to remove malicious domains while warning customers about fraudulent websites. The campaign demonstrates the continued effectiveness of large-scale banking phishing operations. Read More
xAI Adds Cloud Storage Integration to Grok
Threat Intelligence xAI has expanded Grok by introducing native cloud storage integration, allowing enterprise users to securely connect AI workflows with business documents stored in cloud environments. The feature is intended to improve productivity by enabling AI-assisted analysis across organizational data while maintaining administrative controls. Security professionals note that deeper access to enterprise storage increases the importance of strong identity management, access controls, and data governance. xAI says security protections have been incorporated to safeguard customer information throughout AI interactions. The enhancement reflects the growing convergence of AI assistants and enterprise productivity platforms. Read More
AsyncAPI NPM Supply Chain Attack Affects Popular Packages
Malware Researchers have disclosed a software supply chain incident involving AsyncAPI NPM packages that collectively receive more than two million weekly downloads. Malicious modifications to the packages could expose developer workstations, credentials, and downstream applications to compromise. The incident demonstrates how attackers continue targeting widely trusted open-source projects to maximize the impact of supply chain attacks. Security experts recommend identifying affected package versions, upgrading immediately, and reviewing development environments for indicators of compromise. The event reinforces the importance of continuous dependency monitoring and software integrity verification. Read More
Fake Security Alerts Target LastPass and Bitwarden Users
Phishing Cybercriminals are distributing fraudulent security notifications designed to trick LastPass and Bitwarden users into revealing their account credentials. The fake alerts claim urgent security action is required, directing victims to phishing sites that closely resemble the legitimate password manager services. Once credentials are entered, attackers can potentially gain access to stored passwords and sensitive account information. Researchers recommend accessing password managers only through official applications or bookmarked websites rather than email links. The campaign highlights how trusted security products themselves have become attractive phishing targets. Read More
FortiSandbox VNC Server Flaw Exposes Security Infrastructure
Vulnerability Researchers have identified a vulnerability affecting the VNC server component of FortiSandbox appliances that could allow unauthorized access under certain conditions. Because FortiSandbox plays an important role in enterprise malware analysis and threat detection, compromising the platform could weaken an organization’s overall security posture. Fortinet has released guidance encouraging customers to update affected systems promptly. Security experts recommend reviewing appliance logs for unusual administrative activity and verifying that patches have been successfully applied. The discovery demonstrates that security products themselves remain high-value targets. Read More
Attackers Spoof OAuth Client IDs to Abuse Trusted Applications
Authentication Researchers have uncovered attacks that spoof legitimate OAuth client IDs to increase the credibility of malicious authentication requests. Rather than exploiting flaws in OAuth itself, attackers impersonate trusted applications to convince users to grant unauthorized permissions. Successful attacks can provide access to cloud accounts and sensitive organizational data without requiring password theft. Organizations are encouraged to carefully review application consent requests and restrict OAuth permissions to approved software. The findings illustrate the continued evolution of identity-based attack techniques. Read More
Fortinet Releases Patches for Seven Security Vulnerabilities
Vulnerability Fortinet has released updates addressing seven vulnerabilities affecting multiple enterprise security products. The flaws could allow privilege escalation, unauthorized access, or other security impacts if left unpatched, particularly on internet-facing systems. Administrators are encouraged to prioritize deployment of the updates and review affected devices for signs of suspicious activity. Fortinet products remain frequent targets due to their widespread enterprise deployment and privileged network positions. Prompt patching remains the most effective defense against exploitation. Read More
Microsoft July 2026 Patch Tuesday Fixes 570 Vulnerabilities
Vulnerability Microsoft’s July 2026 Patch Tuesday addresses an unusually large total of 570 security vulnerabilities, including three actively exploited zero-day flaws. The updates cover Windows, Microsoft Office, Azure, Microsoft Edge, and numerous enterprise services, making this one of the largest Patch Tuesday releases on record. Security researchers recommend prioritizing remediation of the zero-day vulnerabilities and internet-facing systems before completing broader patch deployment. Organizations should also verify that updates have been successfully installed across all managed assets. The release highlights the growing complexity of enterprise vulnerability management as software ecosystems continue to expand. Read More
Enjoy Reading This Article?
Here are some more articles you might like to read next: