Explore

Rapid Read Rapid Read
Critical Mirasvit Vulnerability Exploited for Remote Code Execution on Magento Servers

Critical Mirasvit Vulnerability Exploited for Remote Code Execution on Magento Servers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory for federal agencies to patch a critical vulnerability in the Mirasvit Full Page Cache Warmer for Magento 2 extension. This vulnerability, identified as CVE-2026-45247, has been actively exploited in the wild, allowing attackers to execute remote code on Magento and Adobe Commerce servers. The flaw is a PHP object injection vulnerability that can be exploited without authentication, posing a significant risk to thousands of online stores using the affected extension. The vulnerability was publicly disclosed on May 26, and threat actors have been exploiting it for remote code execution shortly thereafter. CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog, urging immediate action to mitigate potential security breaches.
Rapid Read Rapid Read
US Cybersecurity Agency Urges Immediate Patch for Mirasvit Vulnerability on Magento Servers

US Cybersecurity Agency Urges Immediate Patch for Mirasvit Vulnerability on Magento Servers

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive for federal agencies to patch a critical vulnerability in the Mirasvit Full Page Cache Warmer for Magento 2 extension. This vulnerability, identified as CVE-2026-45247, has been actively exploited for remote code execution (RCE) on Magento and Adobe Commerce servers. The flaw is a PHP object injection vulnerability that allows attackers to execute arbitrary code remotely without authentication. The vulnerability is exploited through crafted serialized PHP objects injected into the CacheWarmer cookie, which are deserialized without class restrictions. Thousands of Magento and Adobe Commerce stores using versions of the extension prior to 1.11.12 are at risk. CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog, urging federal agencies to patch within three days as per Binding Operational Directive 22-01.
Rapid Read Rapid Read
CISA Warns of Exploited Linux Kernel Vulnerability Affecting Container Security

CISA Warns of Exploited Linux Kernel Vulnerability Affecting Container Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the active exploitation of a vulnerability in the Linux kernel, specifically affecting container security. The vulnerability, identified as CVE-2022-0492, has a CVSS score of 7.8 and is classified as an improper authentication flaw. It allows attackers to elevate privileges and bypass namespace isolation, which is crucial for container security. The flaw is located in the cgroups feature of the Linux kernel, which is responsible for resource allocation among process groups. Only the first version of cgroups is affected. The vulnerability enables attackers to modify the release_agent file in the cgroup hierarchy, potentially allowing malicious scripts to run as root, leading to container escapes and privilege escalation. Although the technical details of this vulnerability were published three years ago, its active exploitation was only recently reported, prompting CISA to add it to its Known Exploited Vulnerabil...
Rapid Read Rapid Read
Cybercrime Group Utilizes Malicious Ads to Spread FlutterShell Backdoor to macOS Users

Cybercrime Group Utilizes Malicious Ads to Spread FlutterShell Backdoor to macOS Users

A cybersecurity campaign known as Operation FlutterBridge is targeting macOS users through malicious Google and YouTube ads, spreading a backdoor called FlutterShell. According to Palo Alto Networks Unit 42, the campaign is linked to a cybercrime group tracked as CL-CRI-1089, active since at least 2023. FlutterShell, built using the Flutter framework, infects targets with adware and possesses backdoor capabilities, including shell command execution and file system manipulation. The campaign uses Google-verified shell companies to distribute ads that trick users into downloading malware disguised as legitimate applications. The target audience includes macOS users in the U.S., Canada, Australia, France, and Germany. The malware modifies Google Chrome configuration files to hijack the browser, forcing traffic through an attacker-controlled site. FlutterShell's WebView-based architecture allows dynamic alteration of malware behavior without recompiling.
Trendline Trendline
Hackers Infiltrate Global Stock Exchange, Compromise Executive Email for Espionage

Hackers Infiltrate Global Stock Exchange, Compromise Executive Email for Espionage

Hackers Infiltrate Global Stock Exchange, Compromise Executive Email for Espionage
Rapid Read Rapid Read
Democrats Criticize GOP's Proposed $250M Cut to CISA Budget

Democrats Criticize GOP's Proposed $250M Cut to CISA Budget

House Democrats have voiced strong opposition to a Republican-proposed Department of Homeland Security spending bill that includes a $250 million cut to the Cybersecurity and Infrastructure Security Agency (CISA). The proposed budget, which allocates $2.4 billion to CISA, is part of the fiscal 2027 funding legislation. Democrats argue that the reduction comes at a time when the U.S. faces increasing cybersecurity threats from foreign adversaries targeting businesses, healthcare systems, and government entities. The proposed cuts have sparked concerns about the nation's ability to protect critical infrastructure and counter foreign propaganda efforts. The bill is set to be reviewed by the House Appropriations subcommittee on homeland security.
Rapid Read Rapid Read
FlutterShell Backdoor Targets macOS Users via Malicious Ads

FlutterShell Backdoor Targets macOS Users via Malicious Ads

A new cybersecurity threat, known as the FlutterShell backdoor, is targeting macOS users through a malvertising campaign called Operation FlutterBridge. According to Palo Alto Networks Unit 42, this campaign is an evolution of a previous activity cluster named JSCoreRunner. The attackers, identified as CL-CRI-1089, have been active since at least 2023. FlutterShell, built using the Flutter framework, infects systems with adware and possesses backdoor capabilities, including shell command execution and file system manipulation. The campaign uses malicious Google and YouTube ads to lure users into downloading malware disguised as legitimate applications. These ads are distributed by shell companies linked to Ukrainian individuals, targeting users in the U.S., Canada, Australia, France, and Germany.
Rapid Read Rapid Read
House Democrats Criticize GOP for Proposed $250 Million Cut to CISA Budget

House Democrats Criticize GOP for Proposed $250 Million Cut to CISA Budget

House Democrats have expressed strong opposition to a draft spending bill proposed by Republicans that would reduce funding for the Cybersecurity and Infrastructure Security Agency (CISA) by $250 million. The bill, which is part of the Department of Homeland Security's fiscal 2027 budget, allocates $2.4 billion to CISA. Republicans, led by House Appropriations Chairman Tom Cole, argue that the bill aims to enhance cybersecurity resilience. However, Democrats contend that the funding reduction comes at a time when sophisticated cyberattacks from foreign adversaries are increasing against U.S. businesses, healthcare systems, utilities, schools, and government entities. The bill also reportedly limits the Department of Homeland Security's ability to counter foreign propaganda and protect states during elections. The subcommittee on homeland security is scheduled to vote on the bill soon.
FactFable FactFable
What Data security: detecting threats early Actually Looks Like in a Real Incident

What Data security: detecting threats early Actually Looks Like in a Real Incident

A minute-by-minute look inside a real cyber incident reveals how security teams move from a single alert to containing a major threat before it's too late.
Rapid Read Rapid Read
Cyber Espionage Targets Stock Exchange Executive, Exposing Sensitive Data

Cyber Espionage Targets Stock Exchange Executive, Exposing Sensitive Data

A sophisticated cyber espionage operation compromised the Outlook mailbox of a senior executive at a major global stock exchange for approximately 150 days, from October 2025 to March 2026. The attackers maintained covert access, exfiltrating sensitive data in small batches using legitimate cloud storage services like Dropbox and OneDrive. The operation was discovered by Symantec and Carbon Black, who published technical indicators and a detailed timeline. The attackers used malware disguised as Adobe and OneDrive processes to evade detection, focusing solely on the executive's mailbox without broader network compromise. The operation's discipline suggests a state-linked actor, though no specific country or group has been identified.
Rapid Read Rapid Read
Chinese Cybercrime Group TA4922 Expands Campaigns Targeting Global Organizations

Chinese Cybercrime Group TA4922 Expands Campaigns Targeting Global Organizations

A Chinese-speaking cybercrime group known as TA4922 has been intensifying its activities, targeting organizations across various regions including Japan, the UK, Germany, and South Africa. According to Proofpoint, the group employs social engineering tactics and distributes multiple malware families, focusing on credential phishing and fraud schemes. TA4922's campaigns are financially motivated, aiming to gain remote access to victim organizations for data theft and fraud. The group uses HR, payroll tax, and invoicing themes to lure victims into downloading malicious payloads or sharing credentials. Recently, TA4922 has expanded its operations to include European organizations, utilizing tools like RomulusLoader and SilentRunLoader to exfiltrate sensitive information.
Rapid Read Rapid Read
Chinese Cybercrime Group TA4922 Escalates Global Campaigns Targeting Multiple Regions

Chinese Cybercrime Group TA4922 Escalates Global Campaigns Targeting Multiple Regions

A Chinese-speaking cybercrime group, identified as TA4922, has been intensifying its activities and expanding its reach to new geographical areas, according to a report by Proofpoint. The group employs social engineering tactics and has been updating its arsenal to include multiple malware families. Their operations focus on credential phishing and fraud schemes, such as credit card theft, rather than espionage. TA4922 has been active in regions including Japan, Taiwan, Korea, Singapore, and India, and has recently expanded to target organizations in the UK, Germany, Italy, and South Africa. The group uses themes related to HR, payroll tax, and invoicing to lure victims into downloading malicious payloads or sharing credentials. They have also been observed shifting communications to platforms like LINE, WhatsApp, and Microsoft Teams to bypass traditional email security measures.