Aggregator

Organizations in the energy sector are being targeted with phishing emails aimed at compromising enterprise accounts, Microsoft warns. The attack campaign The attacks started with phishing emails with “NEW PROPOSAL – NDA” in the subject line, coming from a compromised email address belonging to a trusted organization. The subject line and the SharePoint link URL included in the email are unlikely to raise suspicion with users, and will often dodge traditional email‑centric detection mechanisms. Users … More →

The post Energy sector orgs targeted with AiTM phishing campaign appeared first on Help Net Security.

You must login to view this content

A new cluster of automated malicious activity targeting FortiGate firewall devices. Beginning January 15, 2026, threat actors have been observed executing unauthorized configuration changes, establishing persistence through generic accounts, and exfiltrating sensitive firewall configuration data. This campaign echoes a December 2025 incident involving malicious SSO logins shortly after Fortinet disclosed critical vulnerabilities CVE-2025-59718 and CVE-2025-59719. […]

The post FortiGate Firewalls Hacked in Automated Attacks to Steal Configuration Data appeared first on Cyber Security News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert after confirming active exploitation of a zero-day remote code execution (RCE) vulnerability in multiple Cisco Unified Communications products. Tracked as CVE-2026-20045, the flaw enables code injection attacks that grant attackers user-level access to the underlying OS, followed by full root privilege escalation. Added […]

The post CISA Warns of Cisco Unified CM 0-Day RCE Vulnerability Exploited in Attacks appeared first on Cyber Security News.

A new malicious package on the Python Package Index (PyPI), named sympy-dev, has been caught impersonating the widely used SymPy library to deliver cryptomining malware. SymPy is a popular symbolic mathematics library that sees tens of millions of downloads every month, making it an attractive target for attackers looking to abuse developer trust and widespread adoption. […]

The post Malicious PyPI Package Mimic as Popular Sympy-Dev to Attack Millions of Users appeared first on Cyber Security News.

You must login to view this content

Many new teachers step into classrooms that still reflect traditional, teacher-centered models. These classrooms often place the teacher at the front, the curriculum at the center, and students in the role of listeners. Today’s learners live, think, and communicate differently, so they need more than memorization and recall. They need learning environments that value curiosity, ...

The post What Is Student-Centered Learning? A Practical Guide for New Teachers appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.

The post What Is Student-Centered Learning? A Practical Guide for New Teachers appeared first on Security Boulevard.

You must login to view this content

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2025-31125 Vite Vitejs Improper Access Control Vulnerability
• CVE-2025-34026 Versa Concerto Improper Authentication Vulnerability
• CVE-2025-54313 Prettier eslint-config-prettier Embedded Malicious Code Vulnerability
• CVE-2025-68645 Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.