Commonwealth Sentinel Cyber Security

Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks The vulnerability was disclosed and mitigated in 2021 but its in-the-wild exploitation has only now come to light.

Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks

CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog CISA adds VMware Aria Operations command injection flaw CVE-2026-22719 to KEV after reports of active exploitation; patches released by Broadcom.

CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog

How Port-Out Fraud Created a Catastrophe for AT&T » In early 2024, a group of sophisticated fraudsters hijacked the phone numbers of dozens of AT&T customers and launched a port-out fraud cyber attack.

How Port-Out Fraud Created a Catastrophe for AT&T

LastPass Warns of New Phishing Campaign The attackers are sending out fake alerts claiming unauthorized access or master password changes.

LastPass Warns of New Phishing Campaign

From phishing to Google Drive C2: Silver Dragon expands APT41 playbook APT group Silver Dragon, linked to APT41, targets governments via server exploits and phishing, using Cobalt Strike and Google Drive for C2.

From phishing to Google Drive C2: Silver Dragon expands APT41 playbook

How Pirated Software Turns Helpful Employees Into Malware Delivery Agents Employees seeking free versions of paid software may unknowingly install malware-laced “cracked” apps that can steal credentials, deploy cryptominers, or open the door to ransomware.

How Pirated Software Turns Helpful Employees Into Malware Delivery Agents

Firewalls Understanding Guardians of the Network » In our digital lives, a lot is happening behind the scenes to keep our devices and data safe. Firewalls are a major player in this protection.

Firewalls Understanding Guardians of the Network »

WordPress Calendar Plugin Vulnerability Affects Up To 100k Sites Vulnerability in the LatePoint WordPress calendar plugin hits up to 100,000+ websites.

WordPress Calendar Plugin Vulnerability Affects Up To 100k Sites via @sejournal, @martinibuster

1.2 Million Affected by University of Hawaii Cancer Center Data Breach Hackers stole names, Social Security numbers, driver’s license information, voter registration records, and health-related information.

1.2 Million Affected by University of Hawaii Cancer Center Data Breach

LexisNexis confirms data breach as hackers leak stolen files American data analytics company LexisNexis Legal & Professional has confirmed to BleepingComputer that hackers breached its servers and accessed some customer and business information.

LexisNexis confirms data breach as hackers leak stolen files www.bleepingcomputer.com/news/securit...

WordPress User Registration & Membership Plugin Vulnerability Critical vulnerability affecting a WordPress user registration and membership plugin enables attackers to take full control of a website.

WordPress User Registration & Membership Plugin Vulnerability via @sejournal, @martinibuster

Middle east crisis prompts UK warning on potential Iranian cyber activity UK’s NCSC warns of potential Iranian cyberattacks as Middle East tensions rise, urging vigilance from exposed organizations.

Middle east crisis prompts UK NCSC warning on potential Iranian cyber activity

Part 3 "A Cyber Security Parable: The Turn Toward Safety" Who thought a cyber security breach could affect the perception of time? The weeks after felt longer than the years before it. Lindon County kept running.

Final installment: of A Cyber Security Parable: The Turn Toward Safety.

“You don’t fix this by pointing fingers.”

Part 3 is about what recovery really takes: clarity, coverage, monitoring, training, and a partner who stands beside your team, not over it.

Phishing campaign exploits OAuth redirection to bypass defenses Microsoft researchers warn that threat actors abuse OAuth redirects to target government users and deliver malware.

Phishing campaign exploits OAuth redirection to bypass defenses

Common Facebook Scam Method A friend posted this on Facebook and it came up on my feed...

Common Facebook Scam Method

Hijacked The Menace of the SIM Swap How to Protect Yourself Our smartphones are gateways to our personal and financial information, making them targets for cyber criminals. One method they use is the SIM Swap attack.

Hijacked The Menace of the SIM Swap How to Protect Yourself

Fake Video Meeting Invites Trick Users Into Installing RMM Tools Threat actors are using phony meeting invites for Zoom, Microsoft Teams, Google Meet, and other video conferencing applications to trick users into...

Fake Video Meeting Invites Trick Users Into Installing RMM Tools

Russia-linked APT28 exploited MSHTML zero-day CVE-2026-21513 before patch Russia-linked APT28 reportedly exploited MSHTML zero-day CVE-2026-21513 before Microsoft patched it, a high-severity bypass flaw.

Russia-linked APT28 exploited MSHTML zero-day CVE-2026-21513 before patch securityaffairs.com/188782/secur...

Don’t Be Your Cyber Security Weakest Link – 3 Steps to Safe! Strong cyber security begins with basic steps that should be executed by anyone and everyone in your organization. Hackers exploit these weaknesses every day.

Don’t Be Your Cyber Security Weakest Link – 3 Steps to Safe!

Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant Malicious extensions could hijack the Gemini Live in Chrome feature to spy on users and steal their files.

Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant

Report Shows WordPress Sites Are Getting Hacked At Faster Rate Patchstack's WordPress vulnerability report shows site are getting hacked within hours of vulnerability disclosure

Report Shows WordPress Sites Are Getting Hacked At Faster Rate via @sejournal, @martinibuster buff.ly/hg2j2uM

ShinyHunters leaked the full Odido dataset Cybercrime group ShinyHunters leaked the full Odido dataset, the Netherlands is facing the biggest data leak in its history.

ShinyHunters leaked the full Odido dataset

APT37 hackers use new malware to breach air-gapped networks North Korean hackers are deploying newly uncovered tools to move data between internet-connected and air-gapped systems, spread via removable drives, and conduct covert surveillance.

APT37 hackers use new malware to breach air-gapped networks

Cyber Security Weekly: Top stories from Last Week (Feb 22–Feb 28, 2026) » Commonwealth Sentinel Cisco Catalyst SD-WAN auth bypass — CVE-2026-20127 (actively exploited, CVSS 10)Why it’s top: Internet-exposed SD-WAN control-plane components are high-impact; exploitation has been publicly…

Cyber Security Weekly: Top stories from Last Week (Feb 22–Feb 28, 2026) » Commonwealth Sentinel

Suspected Nork intruders infecting US healthcare, education : Who is knocking at the Dohdoor?

Suspected Nork digital intruders caught breaking into US healthcare, education orgs