Featured Story
Phishers Migrate to Telegram
Experts warn that Telegram is becoming a privileged platform for phishers, who use it to automate their operations and share phishing kits, stolen data, and tactics. These resources are often provided for free, encouraging less experienced cybercriminals to join the ecosystem.
Phishing-as-a-Service (PhaaS) has become increasingly popular, mirroring the rise of Ransomware-as-a-Service. Telegram channels are now home to free kits targeting global brands, driving both recruitment and rapid attack development.
Following the footsteps of RaaS, phishing-as-a-service provides a low-barrier, cost-effective model for launching sophisticated scams. As phishing tactics evolve, human vigilance remains the most critical defense. We encourage reporting suspicious emails, texts, or calls and offer our Managed Email Threat service for further protection.
Other Stories
CISA Releases Seven Industrial Control Systems Advisories
CISA released seven new ICS advisories providing critical insights into vulnerabilities impacting operational technology. The bulletins emphasize timely patching and system segmentation to reduce exposure in industrial environments.
ICS/OT systems often lag in security updates and controls. We recommend treating them with the same rigor as IT systems: enforce segmentation, apply strong access controls, enable monitoring (IDPS), and provide dedicated training. Our 360° security portfolio supports both IT and OT environments.
Zimbra Flaw Exploited by Russia Against NATO Countries Added to CISA ‘Must Patch’ List
A Zimbra webmail vulnerability (CVE-2022-27926) was exploited by Russian hackers in attacks against NATO-aligned nations. The XSS flaw enabled phishing campaigns and the injection of JavaScript payloads to harvest credentials from public Zimbra portals.
Despite its low CVSS score (6.1), this vulnerability had a major impact. Edge-exposed systems are attractive targets, and any patching strategy should account for exposure, not just severity score. If you use Zimbra Collaboration, patch immediately.
Italy Temporarily Blocks ChatGPT Over Privacy Concerns
Italy’s data protection authority has temporarily blocked ChatGPT, citing a breach and potential violations of the GDPR. The platform is now restricted while the regulator assesses compliance measures to protect user data.
The rise of AI platforms like ChatGPT creates new privacy and compliance challenges. Organizations using generative AI must evaluate data handling risks and ensure personal information isn’t shared unintentionally. Balancing innovation and privacy is key. (Fun fact: this analysis was generated with ChatGPT!)
