The Remote Authentication Dial-In User Service (RADIUS) protocol, a widely used security protocol dating back to the days of dial-up Internet, has been found to contain vulnerabilities that leave many networked devices exposed to an attack and enable an adversary to gain control of traffic on an organization's network.

According to Abnormal Security, threat actors are using popular file-hosting or e-signature solutions to trick victims into revealing private information or downloading malware. A file-sharing phishing attack involves a cybercriminal posing as a familiar colleague, file-hosting solution, or e-signature solution and sending a malicious email with a link to what seems to be a shared file or document. Clicking on the link starts the second phase of the attack, which may involve stealing login credentials or infecting the target's device with malware.

Joseph K. Nwankpa, Miami University Associate Professor of Information Systems and Analytics, points out that default privacy settings are a potential risk to user privacy. As a cybersecurity scholar, he finds that many apps' privacy settings can often increase the vulnerability of end users to data exposure despite appearing to enable privacy. According to Nwankpa, these apps intentionally have complicated default privacy settings that make the user's information more public than private. Users are often unaware of the additional steps required for optimal privacy settings.

Czech Republic, Hungary, and Georgia are facing financial fraud campaigns involving a recently discovered sophisticated mobile phishing technique. This phishing technique uses Progressive Web Applications (PWAs), which offer a native-app-like experience and are growing on Android and iOS devices. ESET researchers detected the campaigns, noting that this method installs a phishing app from a third-party website without user consent. This article continues to discuss observations regarding the PWA phishing method.

The French security company Quarkslab found a major backdoor in millions of contactless cards made by Shanghai Fudan Microelectronics Group, a leading Chinese chip manufacturer. According to Quarkslab researcher Philippe Teuwen, the backdoor allows instantaneous cloning of RFID smart cards used to open office doors and hotel rooms worldwide. Teuwen explained that a supply chain attacker could execute instantaneous, scaled attacks using the backdoor, which requires only a few minutes of physical proximity to an affected card.

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Jenkins vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The exploitation of this flaw enables Remote Code Execution (RCE). Jenkins is a popular open source automation server that lets developers automate the process of building, testing, and deploying software using Continuous Integration (CI) and Continuous Delivery (CD).

The Iranian-linked threat actor "TA453," also known as "Charming Kitten," has been using a PowerShell-based malware toolkit named "BlackSmith" in a sophisticated phishing attack. According to researchers at Proofpoint, the campaign began in July 2024, targeting a prominent Jewish figure with emails spoofing the Institute for the Study of War (ISW). TA453, posing as the ISW Research Director, invited the target to a podcast to appear legitimate. After building trust, the group sent a malicious link masked as a legitimate podcast URL to deliver BlackSmith.