Salesforce warns customers about threats to public Experience Cloud sites, as the ShinyHunters group claim to exploit a new bug. The danger stems from attempts to take advantage of “overly permissive” guest user configurations, the company says in a trust site post reminiscent of the voice phishing incidents of late 2025. …
Read More »
ALERT
Apple Unveils Emergency Updates For iOS 15.8.7 to Block ‘Coruna’ Exploit Kit
Apple released an urgent security update, iOS 15.8.7 and iPadOS 15.8.7, to safeguard older devices from the serious ‘Coruna’ exploit kit threat. On March 11, 2026, a critical patch was released that brings fixes from newer iOS versions to protect users of older devices from cyberattacks. The Coruna exploit kit targets …
Read More »Hackers leverage CloudFlare Anti-Security to Steal Microsoft 365 Login Credentials
Security researchers recently identified a phishing campaign targeting Microsoft 365 users that takes advantage of CloudFlare’s anti-bot and verification systems. Attackers employ various anti-detection techniques to ensure only genuine victims access the credential-stealing sites. CloudFlare Used as a Protective Shield The campaign begins with a phishing domain hosted behind CloudFlare …
Read More »Hacker offers to sell Bangladeshi courier “Steadfast” full database
Steadfast Courier, a leading logistics and package delivery service operating in Bangladesh, has reportedly been compromised. The hacker offers to sell the full database of the company on a forum for $2,000. The allegedly compromised data includes: Customer full names Phone numbers Detailed delivery addresses Package tracking IDs Cash-on-Delivery (COD) …
Read More »Seedworm hackers found inside US bank, airline, tech networks
An Iran-related hacking group (Seedworm) has infiltrated multiple US organizations since early February, heightening fears of potential larger cyber operations linked to rising geopolitical tensions in the Middle East. New backdoors used by Seedworm Researchers from Symantec and Carbon Black have connected the activity to Seedworm (also known as MuddyWater), …
Read More »Thousands of iPhones likely Compromised via Coruna Exploit Kit with 23 Vulns
Google’s Threat Intelligence Group found Coruna, a complex iOS exploit kit with 23 exploits in five chains, affecting thousands of iPhones on iOS 13.0 to 17.2.1 in 2025. The Coruna exploit kit is a sophisticated iOS attack tool by GTIG that targets iPhones from iOS 13.0 (September 2019) to iOS 17.2.1 …
Read More »
BurrowShell Backdoor Found
India linked “SloppyLemming” target Bangladesh & Pakistan Critical Systems
An India-nexus threat actor operated an extensive cyber espionage campaign deploying BurrowShell and Rust-Based RAT, targeting government entities and critical infrastructure operators in Pakistan and Bangladesh. Arctic Wolf has been tacking the campaign conducted by “SloppyLemming” over the last 12 month. Arctic Wolf said, the campaign impersonated Pakistani and Bangladeshi …
Read More »UNC2814 breached Bangladeshi Govt and telco since 2023 including 42 countries
Google’s Threat Intelligence Group, Mandiant, and their partners disrupted a global espionage campaign linked to a suspected Chinese threat actor UNC2814. This group used SaaS API calls to disguise malicious traffic in attacks against telecom and government networks. The campaign has been ongoing since 2023 and has affected 53 organizations …
Read More »
Amazon Report
Hacker compromised 600+ FortiGate devices in 55 countries
Amazon Threat Intelligence observed that a Russian-speaking hacker used generative AI services to compromise over 600 FortiGate devices in 55 countries between January 11 and February 18, 2026. The attack did not exploit FortiGate vulnerabilities but targeted exposed management ports and weak, single-factor authentication, enabling a less-skilled attacker to exploit …
Read More »French National Bank Account Registry Exposes 1.2M Bank Accounts
The French national bank account registry was breached in late January 2026, with a potential exposure of 1.2 million accounts, according to a press release. A threat actor stole credentials from an official to access a database of bank accounts at French banks. The compromised data might include: Bank account …
Read More »
InfoSecBulletin Cybersecurity for mankind