Bishop Fox

Critical Fortinet FortiClient EMS bug under active attack (CVE-2026-21643)

Bishop Fox, Defused Cyber, Don't miss, enterprise, Fortinet, Hot stuff, News, vulnerability /

Critical Fortinet FortiClient EMS bug under active attack (CVE-2026-21643) 2026-03-30 at 15:37 By Zeljka Zorz A critical SQL injection vulnerability (CVE-2026-21643) in Fortinet FortiClient Endpoint Management Server (EMS), a management server for FortiClient endpoint agents on various platforms, is under active exploitation. The warning comes from Defused Cyber, which helps organizations deploy honeypots/fake assets, and […]

Critical Fortinet FortiClient EMS bug under active attack (CVE-2026-21643) Read More »

5,000+ SonicWall firewalls still open to attack (CVE-2024-53704)

Bishop Fox, CVE, Don't miss, enterprise, Hot stuff, News, security update, SMBs, SonicWall, vulnerability /

5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) 2025-01-27 at 17:20 By Zeljka Zorz 5,000+ SonicWall firewalls are still vulnerable to attack via a high-severity vulnerability (CVE-2024-53704) that, according to SonicWall, should be considered “at imminent risk of exploitation”. The warning came last week from Bishop Fox researchers, after they successfully exploited the vulnerability on

5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) Read More »

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022)

Anyscale, authentication, Bishop Fox, Don't miss, enterprise, Hot stuff, machine learning, News, Oligo Security, vulnerability /

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022) 2024-03-27 at 13:16 By Zeljka Zorz Attackers are leveraging a vulnerability (CVE-2023-48022) in Anyscale’s Ray AI software to compromise enterprise servers and saddle them with cryptominers and reverse shells. “To our knowledge, the attack started 7 months ago,” Avi Lumelsky, a researcher at Oligo

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022) Read More »

CloudFoxable: Open-source AWS penetration testing playground

AWS, Bishop Fox, cybersecurity, News, penetration testing, research, skill development, software /

CloudFoxable: Open-source AWS penetration testing playground 2024-01-22 at 07:02 By Mirko Zorz CloudFoxable is a capture-the-flag (CTF) style learning platform you can deploy to your playground AWS account. It primarily targets current penetration testers seeking to learn exploitation of cloud-native attack paths, and cloud security experts aiming to practice offensive security techniques safely. “What makes

CloudFoxable: Open-source AWS penetration testing playground Read More »

Truebot Hackers Exploiting Netwrix Auditor Flaw: CISA, FBI Alert

Application Security, Bishop Fox, CVE-2022-31199, FBI, Malware & Threats, netwrix auditor, Ransomware /

Truebot Hackers Exploiting Netwrix Auditor Flaw: CISA, FBI Alert 06/07/2023 at 23:04 By Ryan Naraine Hackers linked to the Truebot malware are exploiting a year-old Netwrix Auditor flaw to break into organizations in the U.S. and Canada. The post Truebot Hackers Exploiting Netwrix Auditor Flaw: CISA, FBI Alert appeared first on SecurityWeek. This article is

Truebot Hackers Exploiting Netwrix Auditor Flaw: CISA, FBI Alert Read More »

Bishop Fox expands social engineering adversarial emulation services

Bishop Fox, Industry news /

Bishop Fox expands social engineering adversarial emulation services 28/06/2023 at 17:32 By Industry News Bishop Fox has expanded its social engineering testing services, which are an integral part of the company’s Red Team portfolio. In contrast to narrow and rudimentary security awareness solutions, Bishop Fox’s services emulate complex, multistage and multilayer adversarial attack behavior, provide

Bishop Fox expands social engineering adversarial emulation services Read More »

Red teaming can be the ground truth for CISOs and execs

Bishop Fox, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, opinion, red team /

Red teaming can be the ground truth for CISOs and execs 16/06/2023 at 08:03 By Help Net Security This year, against the backdrop of attacks on everyone from healthcare institutions and schools to financial services organizations, as well as the introduction of legislation across the UK and EU to move security up the agenda, cybersecurity

Red teaming can be the ground truth for CISOs and execs Read More »

Scroll to Top