433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Synology issues critical fix for MailPlus Server vulnerabilities

Synology has has fixed critical vulnerabilities in MailPlus Server, a software package used to run private email infrastructure on Synology NAS devices. The security update fixes three flaws: CVE-2026-13136, stemming from faulty authorization checks, may allow remote attackers to read or write arbitrary files and conduct denial-of-service (DoS) attacks CVE-2026-13135, caused by improper restriction of communication channel to intended endpoints, may allow remote attackers to access internal services CVE-2025-15660, arising from the use of a … More → The post Synology issues critical fix for MailPlus Server vulnerabilities appeared first on Help Net Security.
http://news.poseidon-us.com/TTDNdX

Ransomware gangs find Europe’s weakest link in third-party suppliers

Ransomware attacks against European organizations increased during the first months of 2026, with third-party suppliers becoming a major entry point for attackers. Black Kite examined 2,066 ransomware incidents across 31 countries between January 2025 and April 2026 in its 2026 European Cyber Risk Report. Country distribution of ransomware attacks (Source: Black Kite) “Three forces are converging on European organisations at once: ransomware is accelerating, supply chains are becoming a primary attack path, and regulations are … More → The post Ransomware gangs find Europe’s weakest link in third-party suppliers appeared first on Help Net Security.
http://news.poseidon-us.com/TTDNdM

Mirage2FA phishing kit uses HTML smuggling to steal Microsoft 365 credentials

Mirage2FA, a phishing kit that combines short-lived HTML smuggling with obfuscated JavaScript loaders to deliver fake Microsoft 365 login pages and steal credentials during MFA prompts, has been identified by researchers at Fortra. Fortra based its analysis on a suspicious HTML and JavaScript attachment delivered by email, supporting DNS data, and the second-stage phishing page. Researchers said the campaign relied on business-themed lures, including secure documents, remittance services, automated billing, and payment requests. Opening the … More → The post Mirage2FA phishing kit uses HTML smuggling to steal Microsoft 365 credentials appeared first on Help Net Security.
http://news.poseidon-us.com/TTDNcF

Mystery hackers use novel SharkLoader dropper against governments, software devs

Kaspersky researchers have uncovered a previously unknown cyberattack campaign that has compromised government organizations and software development companies in multiple countries. They first stumbled onto the campaign while investigating an attack on a diplomatic organization in Indonesia. What initially looked like an isolated incident revealed a global operation they’ve dubbed StrikeShark, due to the attackers’ use of a previously unknown dropper the researchers named SharkLoader. How the attackers get in The attackers gain access either … More → The post Mystery hackers use novel SharkLoader dropper against governments, software devs appeared first on Help Net Security.
http://news.poseidon-us.com/TTDHC9

SIM-swapping gang busted in international police operation

Officers from Poland’s Central Bureau for Combating Cybercrime (CBZC) arrested four suspected members of an organized cybercrime group accused of SIM swap attacks, cryptocurrency theft, and money laundering. The operation involved agents from the U.S. Federal Bureau of Investigation (FBI) and Homeland Security Investigations (HSI). The investigation is being supervised by the Regional Prosecutor’s Office in Kraków and remains ongoing. “The investigation revealed that members of the group, operating within organized structures, deliberately breached IT … More → The post SIM-swapping gang busted in international police operation appeared first on Help Net Security.
http://news.poseidon-us.com/TTDDwj

ZeroTier Quantum RC2 brings post-quantum security closer to general availability

ZeroTier has announced the release candidate 2 (RC2) for ZeroTier Quantum, its end-to-end quantum-secure networking platform. This milestone marks the final testing phase, positioning the platform one step away from general availability (GA). ZeroTier Quantum addresses the looming threat quantum computing poses to traditional encryption by meeting the NIST and NSA’s highest CNSA 2.0 standards, meeting or exceeding the post-quantum cryptography (PQC) requirements defined by the U.S. government for regulated industries beginning in 2027. “Reaching … More → The post ZeroTier Quantum RC2 brings post-quantum security closer to general availability appeared first on Help Net Security.
http://news.poseidon-us.com/TTDDwW

ThreatModeler introduces Nexus to automate threat modeling with AI governance

ThreatModeler has announced the general availability of ThreatModeler Nexus, an agentic threat modeling platform that brings governed, architecture-aware security to the way modern software is actually built. As AI writes a growing share of production code, the question is no longer whether to threat model, but where and when. ThreatModeler Nexus answers that with a platform built to threat model everything, starting wherever a team already is. ThreatModeler Nexus pairs a multi-agent system with a … More → The post ThreatModeler introduces Nexus to automate threat modeling with AI governance appeared first on Help Net Security.
http://news.poseidon-us.com/TTDDv9

Microsoft gives Windows 10 users an unexpected extra year of free security updates

Microsoft has given Windows 10 users another year of free security updates, extending its consumer Extended Security Updates (ESU) program until October 12, 2027. “Windows 10 support has ended. You can enroll in ESU any time until the program ends on October 12, 2027. If you’re already enrolled, your coverage will automatically continue through that date—no action needed,” the company said. The news quietly appeared in updates to Microsoft’s Windows 10 ESU documentation and as … More → The post Microsoft gives Windows 10 users an unexpected extra year of free security updates appeared first on Help Net Security.
http://news.poseidon-us.com/TTD9Mj

A privacy-first take on local malware analysis

Submitting a suspicious file to VirusTotal or MalwareBazaar places a copy of that file on a platform other people can search. Analysts across the industry rely on these services to get a quick verdict on whether a binary is dangerous. The convenience carries a condition many overlook. Once a sample reaches a public repository, the person who wrote it can locate it there. Skilled operators watch these platforms for the hashes of their own tools, … More → The post A privacy-first take on local malware analysis appeared first on Help Net Security.
http://news.poseidon-us.com/TTD9M3