Akamai Security Research has posted a blog detailing their analysis of a WordPress-focused, Paypal-themed phishing kit seen in the wild. What’s unique about this kit is how thoroughly it attempts to steal a victim’s identity, including credit card information, PIN numbers, SSNs, email credentials, answers to common verification questions, and even selfies and pictures of government documents.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Microsoft Security posted a blog detailing their team’s observations of a phishing campaign targeting over 10,000 organizations with the ability to bypass the multifactor authentication (MFA) process. The campaign begins with a phishing email that redirects the victim to a spoofed login site. The attacker uses the gathered credentials on the actual site that returns a request for the MFA, which is then sent back to the victim. Once the victim gives the spoofed site the MFA information, the attacker can use it to continuously access the target site with the session cookie.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
CrowdStrike has posted a blog detailing a newly identified phishing campaign where threat actors have been observed posing as popular cybersecurity providers in order to gain a victim’s trust and access their computers. This campaign is what CrowdStrike labels a “callback phishing” campaign, as the victims are expected to call the number provided by the threat actors in order to be persuaded into installing a remote access tool (RAT) on their machine by a false customer service representative.
Microsoft has temporarily suspended a recently announced feature of auto blocking macros in Office files downloaded from the Internet.
Organizations spend an extensive amount of time and money ensuring they are protected from cyber threats. However, organizations with robust cybersecurity defenses are still being compromised through their supply chains, demonstrating that you are only as strong as your weakest link. A survey from the polling agency Opinion Matters found that 97 percent of organizations have been negatively affected by a cybersecurity incident occurring in the supply chain. Organizations looking to strengthen their supply chain should consider utilizing a third-party risk management (TPRM) tool.
People use internet browsers every day to conduct business and for recreation. Unfortunately, browsers collect large amounts of sensitive user data which provide attractive targets for threat actors to exploit. Additionally, browsers are frequently updated with new features that increase the risk of vulnerabilities in the source code that adversaries can leverage to compromise systems. Relatedly, there are only two types of open source browser engines, Chromium and Mozilla Firefox.
The Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Department of the Treasury recently published a joint Cybersecurity Advisory (CSA) providing information on Maui ransomware, which has been utilized by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health (HPH) Sector organizations.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
