top of page

[TREND] Spike in Business Email Compromise (BEC) via Spoofed Vendors

Medium

Ongoing since February 2025

Attackers are using social engineering and spoofed domains to pose as known vendors, tricking employees into updating bank account details or initiating fraudulent payments.

Implement email authentication protocols (SPF/DKIM/DMARC), require secondary approval for financial changes, and train staff to verify unusual requests by phone.

[VULNERABILITY] FortiOS Zero-Day (CVE-2025-1234) Exploited in the Wild

Critical

March 28, 2025

A zero-day vulnerability in Fortinet’s FortiOS SSL-VPN allows unauthenticated remote code execution. Active exploitation has been confirmed in targeted attacks against small business networks using outdated firmware.

Immediately apply the latest firmware patch released by Fortinet. Audit external access rules and disable unused VPN endpoints.

[ALERT] Ongoing OneDrive Phishing Campaign Targeting SMBs

High

April 2025

A widespread phishing campaign is impersonating OneDrive file sharing notifications to harvest employee credentials and bypass MFA. The fake links lead to cloned Microsoft login pages with active credential-stealing scripts.

Block known phishing domains, enable conditional access on Microsoft accounts, and educate employees to verify file shares before clicking.

Threat Intelligence

Untitled.png

© 2025 CYDERO LTD. All rights reserved.

bottom of page