Latest Internet & Cybersecurity News
Cisco confirms active exploitation of Secure Email Gateway and Secure Email and Web Manager
Cisco acknowledged active exploitation of vulnerabilities in its Secure Email Gateway and Secure Email and Web Manager, urging immediate mitigations after observed attacks targeting those appliances. Cisco’s advisory prompted broad incident-response activity across affected organizations and featured in H‑ISAC daily headlines highlighting it as a leading story
.
Surge in credential‑based attacks targeting Palo Alto GlobalProtect and Cisco SSL VPNs
Researchers observed a coordinated surge of automated brute‑force login attempts against Palo Alto Networks GlobalProtect and Cisco SSL VPN portals, with millions of sessions and thousands of unique attacking IPs detected over mid‑December. GreyNoise linked the activity to centralized cloud hosting and noted shared tooling between the Palo Alto and Cisco campaign
.
Chainalysis: North Korea‑linked groups stole $2.02B in crypto during 2025
Chainalysis reported DPRK‑linked threat actors, including the Lazarus Group, were responsible for approximately $2.02 billion in cryptocurrency thefts in 2025, a sharp year‑over‑year increase and the largest share of global crypto thefts. The report ties those operations to high‑profile exchange breaches and ongoing state‑backed financial cybercrime campaigns
.
Ransomware disrupts PDVSA administrative systems, halts oil loading at terminals
A ransomware attack against PDVSA’s administrative systems forced pauses in oil loading at key terminals such as the Jose crude terminal, according to maritime cybersecurity reporting. The incident underscores growing risk to energy supply chains from cyber incidents impacting operational or administrative controls
.
Gladinet CentreStack and Triofox vulnerabilities actively exploited
Security bulletins and ISAC reporting flagged active exploitation of vulnerabilities in Gladinet CentreStack and Triofox file‑sharing products, with threat actors leveraging those flaws for unauthorized access or data theft. H‑ISAC included these exploits among notable vulnerabilities observed in December briefings
.
Oracle/Cerner supply‑chain breach concerns persist for hospitals and healthcare providers
Healthcare sector reporting notes continuing fallout and incomplete impact assessment from an Oracle/Cerner related breach that may affect many hospitals, with estimates of millions potentially impacted and ongoing investigations. Experts warn that vendor compromises like Change Healthcare earlier in 2025 demonstrate how a single third‑party breach can cascade across providers
.
Parked domains increasingly deliver malware, scams and phishing (research finding)
New research cited by ISAC reporting found that about 90% of parked domains now host or redirect to malware, scams, or phishing pages, raising risks for defensive domain management and brand protection teams. The trend increases exposure from routine domain scans and innocuous links
.
Gladinet/Triofox and Microsoft IIS/MSMQ issues prompt urgent admin action
Reports indicate Microsoft engaged administrators to address failures and issues related to Windows IIS and MSMQ services while vendors and ISACs urged immediate remediation for affected products. The combination of platform service problems and exploited third‑party products magnifies operational cyber risk for enterprises
.
Regulatory and standards momentum after a pivotal 2025: NIS2, DORA, CIRCIA and AI risk focus
Analyses of 2025 policy activity show enforcement of EU NIS2 and DORA, U.S. moves like CIRCIA rapid reporting requirements, and evolving NIST/AI RMF guidance—driving international alignment and increased compliance burden for critical entities. Experts expect 2026 emphasis on AI governance, provenance, and harmonization across jurisdictions
.
Credential‑stuffing and automated campaigns exploit gaps in MFA adoption and VPN security
Multiple reports highlight that many attacks rely on credential stuffing and opportunistic automated login attempts rather than zero‑day exploits, revealing persistent weaknesses where MFA is absent or misconfigured. Industry commentary notes traditional MFA approaches can introduce operational friction, complicating defenses while attackers refine social‑engineering and AI‑assisted phishing tactics
.