Man-in-the-Middle is a attack_type tracked across 50 threat clusters and 186 intelligence report mentions on ThreatCluster. First observed October 31, 2025; most recent activity July 16, 2026.
The FBI and partners disrupted a covert network of compromised TP-Link and MikroTik routers exploited by the Russian GRU (APT28) to steal Outlook credentials. This operation, known as Operation Masquerade, revealed that…
A critical vulnerability in FortiWeb Web Application Firewall (WAF) has been actively exploited, allowing attackers to gain full administrative access to affected systems. Organizations using FortiWeb are at risk of…
Check Point Software Technologies disclosed a critical authentication bypass vulnerability (CVE-2026-50751) affecting its Remote Access VPN and Mobile Access products, with exploitation confirmed since May 7, 2026. The…
CVE-2026-11624, published on June 13, 2026, exposes the Model Context Protocol to DNS rebinding attacks due to improper validation of the 'Origin' header. This vulnerability allows unauthenticated attackers to bypass…
Russian cyber group APT28, also known as Fancy Bear, has been exploiting vulnerabilities in TP-Link and MikroTik routers to conduct large-scale DNS hijacking operations. This campaign, which has affected over 18,000…
Russian hackers have infiltrated the email accounts of UK government officials and Foreign Office staff in a significant cyber breach, dubbed 'FortiBleed.' The attack exploited vulnerabilities in over 80,000 Fortinet…
A vulnerability in the ldns library affects Ubuntu systems, allowing remote attackers to inject arbitrary DNS responses due to improper validation of DNS responses when used as a stub resolver over UDP. Discovered by…
Microsoft has patched a high-severity zero-day vulnerability in Exchange Server, tracked as CVE-2026-42897, which allows attackers to execute arbitrary JavaScript via crafted emails in Outlook Web Access. The flaw…
A significant update for nginx has been released to address multiple vulnerabilities affecting openSUSE Leap 15.6. The vulnerabilities include CVE-2026-1642, a plaintext data injection flaw, CVE-2026-27654, a buffer…
Oracle Linux versions 8 and 9 have been found vulnerable to multiple critical code execution and denial of service vulnerabilities in nginx. The vulnerabilities include CVE-2026-42945, which allows arbitrary code…