The vendor belatedly admitted the max-severity vulnerability was actively exploited weeks after researchers and officials confirmed as much independently.
The security vendor’s customers have confronted a barrage of actively exploited defects since 2021. The brute-force attack on a company-controlled system underscores broader security pitfalls are afoot.
The notorious ransomware group exploited multiple vulnerabilities, including a zero-day, for at least eight weeks before alleged victims received extortion demands.
Okta thwarted the supply-chain attack with security controls it had in place. Zscaler did not. Their experiences provide insights into the root of a much broader problem.
The emails, which are littered with broken English, aim to instill fear, apply pressure, threaten public exposure and seek negotiation for a ransom payment.
The Signal encrypted messaging application is seen on a mobile device in this illustration photo taken in Warsaw, Poland on March 25, 2025. (Photo by Jaap Arriens/NurPhoto)
Okta Threat Intelligence uncovered a large-scale and sustained operation, reflecting the North Korean regime’s pursuit of any opportunity that allows for remote employment.