Hackers, dubbed “Scattered Spider”, are targeting insurance and financial enterprises with cloud service attacks to steal data and demand ransom. The hackers’ methods include searching services like GitHub for cloud access tokens accidentally left in source code by programmers. The stolen data is exfiltrated and a ransom demanded for its return. Admins can protect against such attacks by enabling multi-factor authentication (MFA) and ensuring staff can recognise phishing attempts.
Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253)
CISA has added CVE-2026-20253, a critical, remotely exploitable vulnerability in Splunk Enterprise, to its Known Exploited Vulnerabilities catalog, and ordered US federal civilian agencies to
