Timothy E. Perdue

🚨 Hotel phishing is getting harder to spot. Microsoft says attackers used Calendly and Google URL redirects to push photo ZIPs at hotels in Europe and Asia. Inside? a fake image shortcut that drops the TonRAT Node.js implant. See how it works 🠖 thehackernews.com/2026/06/micros…

THIS IS ABSOLUTELY CRAZY. Last year, Bybit suffered a $1.5 billion hack carried out by North Korea's Lazarus group. Investigators traced those funds, and they ended up at wallet addresses linked to Iran's central bank. But that's not all. Since 2019, Iran-linked wallets have moved over $3.84 BILLION, much of it tied directly to the IRGC. This is why the US sanctioned Iran's crypto exchange Nobitex, which was laundering more than half of Iran's crypto income.

Russian Intelligence Services cyber threat actors are conducting phishing campaigns on commercial messaging apps. Read our updated PSA with @FBICyberDiv for recent tactics & samples of phishing messages. 🔗 go.dhs.gov/5xh

🚨 Russian intelligence-linked phishers have a new Signal trick. FBI and CISA say they are asking targets to share their Signal Backup Recovery Key. If they get it, they can restore old backups, read message history, and take over the account. Here’s how the phishing works: thehackernews.com/2026/06/fbi-wa…

🚨 CYBER INTELLIGENCE ALERT: MASSIVE SALE OF PERIMETER ACCESS (FORTIGATE) — UNITED STATES 🇺🇸 [STATUS: EXPOSED INFRASTRUCTURE / UNCONFIRMED / SALE OF INITIAL ACCESS (IAB) / SOURCE: UNDERGROUND FORUM] THREATENING ACTOR OFFERS MORE THAN 6,300 ACCESS CREDENTIALS TO NETWORK SECURITY DEVICES The threat actor identified under the alias Dark_Alpha, operating on behalf of the criminal cell ALPHA-GROUP, has put up for sale a massive batch allegedly containing 6,355 valid and verified access credentials to Fortinet FortiGate corporate security devices in the United States. 🏢 Allegedly Affected Entities: Multiple public and private sector organizations in the United States that operate firewalls or VPN gateways based on FortiGate technology. 👤 Threat Actor / Access Broker: Dark_Alpha / ALPHA-GROUP. ⚔️ Primary Attack Vector / Origin: Operation declared as "FortiBleed OP." This suggests the massive and automated exploitation of known remote code execution (RCE) vulnerabilities or authentication bypass in the logical management interfaces (such as the SSL-VPN or HTTPS portal) of unpatched FortiOS devices, or the mass harvesting of credentials through information-stealing Trojans (Infostealers). 🔍 Verification Status: UNCONFIRMED. A readable list of subdomains or IP addresses of the affected companies has not been published. The alert is being processed as a strictly preventative measure due to the high potential for destructive impact associated with the hijacking of VPN gateways and large-scale corporate network perimeters. 🛡️ GENERAL RECOMMENDATIONS AND SECURITY BEST PRACTICES 🛑 Immediate Firmware and Patch Updates (Mandatory Action): Infrastructure administrators using FortiGate firewalls are strongly urged to verify that their devices are running the latest, stable versions of FortiOS. Ensure the mitigation of both historical and recent critical vulnerabilities reported by the manufacturer regarding SSL-VPN services and web management portals. 🔑 Authentication Policy Hardening (MFA): Strictly prohibit any corporate VPN access that relies solely on static passwords. Implement mandatory Multi-Factor Authentication (MFA/2FA) policies based on dynamic tokens for all user profiles. 📊 MONITORING AND ASSESSMENT Intelligence System: analyzer.vecert.io Quickly assess your website's security at: monitor.vecert.io #CyberSecurity #USA #FortiGate #InitialAccess #DarkAlpha #AlphaGroup #VPNCompromise #FortiBleed #FirewallBreach #ThreatIntelligence #CyberAlert #VECERT #Infosec #UnverifiedIncident

ALERT: @Microsoft identifies USB-spreading malware that hijacks crypto transfers by silently swapping copied wallet addresses with attacker-controlled ones before you paste. Disable AutoRun for USBs, block .lnk file execution, and always verify wallet addresses after pasting.

🛑 FortiGate credentials are now the attack path. CISA is urging Fortinet customers to secure internet-facing FortiGate appliances after FortiBleed activity tied to credential attacks. The number of compromised devices stands at 86,644 as of June 19, 2026. Reset passwords. Kill active sessions. Enable MFA. Read - thehackernews.com/2026/06/cisa-w…

⚠️ We issued 8 🆕 public #ICS Advisories. These advisories provide info about current security issues, vulnerabilities, & exploits surrounding ICS. More at cisa.gov/news-events/ic…

CISA Urges Hardening Fortinet Devices Following FortiBleed Attack Source: cybersecuritynews.com/cisa-urges-har… CISA has issued an urgent advisory warning organizations to secure their Fortinet devices following reports of a large-scale credential exposure campaign known as “FortiBleed.” The alert comes after threat actors were found exploiting compromised credentials linked to tens of thousands of internet-facing Fortinet systems worldwide. The FortiBleed activity involves leaked credentials associated with approximately 74,000 Fortinet devices, including FortiGate firewalls and SSL VPN gateways. #cybersecuritynews

🚨 Operation Endgame disrupted SocGholish infrastructure, a long-running malware delivery network active since 2017. 🖥️ 106 servers taken down 🌐 14,971 WordPress sites cleaned SocGholish (FakeUpdates) has been used to deliver follow-on malware linked to groups including LockBit, Evil Corp, RansomHub, and Dridex. Read → thehackernews.com/2026/06/operat…

JUST IN: 🇺🇸🇮🇷 Bitcoin reclaims $65,000 after US announces peace deal with Iran.

🚨 ALERT - A critical Splunk Enterprise flaw can go from “no login required” to remote code execution. Tracked as CVE-2026-20253, the bug carries a 9.8 CVSS score and affects vulnerable Splunk Enterprise servers through exposed PostgreSQL sidecar endpoints. The exploit chain is now public. Read the full story: thehackernews.com/2026/06/critic…

Let us know what is the true meaning of being on safari for you? #wildearth

It is almost Sunrise Safari time! What's in the bush newspaper this morning? Tune in to find out as our guides drive around to find the best of the bush. #wildearth

🇺🇸 LATEST: US DOJ subpoenas JPMorgan, Bank of America, and Wells Fargo over alleged "debanking" of customers for political reasons, Reuters reports.

🚨 Fully patched Windows 10 and 11 are still at risk from a new Microsoft Defender zero-day. The exploit, "RoguePlanet," can hand attackers full SYSTEM control when it works. It's the latest public drop from a researcher feuding with Microsoft. Read: thehackernews.com/2026/06/micros…

🚨 Windows BitLocker 0-Day Vulnerability Allows Attackers to Bypass Security Feature Source: cybersecuritynews.com/windows-bitloc… Microsoft disclosed a new Windows BitLocker Security Feature Bypass vulnerability, tracked as CVE-2026-50507, on June 9, 2026, as part of its June Patch Tuesday security release. The flaw, rooted in a protection mechanism failure, allows an unauthorized attacker with physical access to bypass BitLocker Device Encryption and access sensitive data on the system's storage device. While there is no evidence of active exploitation at the time of release, proof‑of‑concept code exists, which typically accelerates the adoption of attacks. #cybersecuritynews

📢 ️Just Released: Binding Operational Directive 26-04 which updates BOD 19-02 & BOD 22-01. Agencies must now prioritize remediation based on KEV catalog status, asset exposure, exploit automation, & post-exploitation technical impact. Read more here 👉 go.dhs.gov/5cY

Dutch authorities have dismantled a botnet comprising at least 17 million infected devices, including computers, smartphones, tablets, and IoT devices. More than 200 servers in the Netherlands supported the operation. Police seized a subset of the infrastructure, and the hosting provider subsequently took the network offline. Read: thehackernews.com/2026/05/dutch-…

Join us today for a live event where we'll share our @NASAMoonBase plans! At 2pm ET (1800 UTC), we'll update you on our progress toward a long-term presence on the Moon. Watch right here on X.