PT-2025-47274

Name of the Vulnerable Software and Affected Versions SolarWinds Observability Self-Hosted affected versions not specified Description SolarWinds Observability Self-Hosted is affected by an open redirection issue. The application does not properly sanitize URLs, allowing an attacker to redirect a...

Hackers Using Device Registration Trick to Attack Enterprises with Lateral Phishing

Microsoft has disclosed details of a large-scale, multi-phase phishing campaign that uses stolen credentials to register devices on a victim's network to further propagate spam emails and widen the infection pool. The tech giant said the attacks manifested through accounts that were not secured...

Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA

We have recently uncovered a large-scale, multi-phase campaign that adds a novel technique to traditional phishing tactics by joining an attacker-operated device to an organization’s network to further propagate the campaign. We observed that the second stage of the campaign was successful agains...

This Week in Security News: Unpatched Systems and Lateral Phishing

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about an attack against Elasticsearch that delivers backdoors as its payload. Additionally, read how cybercriminals are turning to...