Security Bulletin

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The attackers, identified as UNC6508, likely exploited older, vulnerable versions of REDCap to gain initial access, although the exact method remains undetermined.

A report by Incogni found that ZipRecruiter, LinkedIn, and Monster are among the top platforms for collecting and sharing personal information.

The cyberattack on Mackay Sugar occurred during its peak crushing season, forcing two of its three mills offline and disrupting operations.

As reported by Bleeping Computer, the U.S. Federal Bureau of Investigation (FBI) has issued a warning regarding a trend in cryptocurrency investment scams, commonly known as "pig butchering" or "romance baiting."

The SearchLeak vulnerability, identified as CVE-2026-42824, is a three-stage attack chain developed by Varonis researchers.

1Password, known for its password manager, will integrate Apono's just-in-time access management platform to secure cloud environments and manage AI agent access.

The integration connects Zscaler Private Access, which grants application access based on identity and policy without users landing on the corporate network, with Gigamon Application Metadata Intelligence.

Unit 42 says exploited PAN-OS GlobalProtect flaw remains a VPN risk despite patches.

The critical, three-stage attack is now patched, but it's part of a new group of AI prompt-injection issues that use hidden URLs and other variables.