Cyberattack on email services confirmed by France’s Interior Ministry
French authorities confirmed a cyber incident affecting Interior Ministry email services, with public reporting indicating an active investigation and operational response.
Email-service compromise commonly enables account takeover, internal phishing propagation, mailbox rule abuse, and contact-graph theft, facilitating subsequent targeting of partners and suppliers.
Government and large-enterprise email breaches are a repeatable intrusion pattern: once mail infrastructure is compromised, downstream business email compromise, invoice fraud, and credential replay against SaaS platforms often follow.
Microsoft 365 account takeovers surge via device code phishing
Attackers abused Microsoft 365 device-code authentication workflows to obtain authorization tokens and take over accounts, with activity linked to tracked clusters and documented victims.
The technique relies on social engineering victims completing legitimate device-code sign-in flows, allowing attackers to operate via tokens and session grants rather than stolen passwords.
Detection shifts from password abuse to identity- and session-level anomalies, including unusual mailbox access, data staging, forwarding rules and later lateral movement.
GhostPoster embeds malicious JavaScript in Firefox extension logo assets
Researchers disclosed GhostPoster, a campaign embedding malicious JavaScript into logo assets used by Firefox extensions, with affected add ons reaching significant download volumes before takedown.
Observed behaviors included traffic hijacking, injected tracking logic and remote script execution within the browser context, which can also support credential theft and internal reconnaissance.
Browser add ons remain a soft enterprise target because they operate inside trusted workflows, persist quietly across sessions and often hold expansive permissions.
RansomHouse enhances encryptor with multistage data processing
RansomHouse significantly enhanced its encryptor using multilayered data processing, supplementing traditional linear encryption with additional processing stages.
The upgrade shifts from single-phase encryption to a more complex, multistage routine, improving robustness and resistance to automated decryption.
This evolution reflects ransomware operators strengthening extortion leverage by making unaided recovery more difficult and time consuming for victims.
Maximum-severity RCE flaw disclosed in HPE OneView
HPE disclosed and patched a maximum-severity remote code execution vulnerability (CVE-2025-37164) in OneView that can be exploited by unauthenticated attackers.
OneView’s role as a centralized management platform for servers, storage and networking amplifies impact, as compromise could grant control over downstream infrastructure.
Management-plane vulnerabilities are high-impact targets because a single compromise can undermine security across many dependent systems simultaneously.