Annie - RH-ISAC - Page 2 of 23 Blog

Executive Summary On Feb. 6, 2026, BeyondTrust released a security advisory regarding CVE-2026-1731. BeyondTrust is an identity and access management platform. This specific vulnerability involves a pre-authentication remote code execution (RCE) issue within BeyondTrust remote support software. It could allow attackers to execute operating system commands in the context of the site user, which may lead to system…

Summary Threat actors increasingly leverage airline brand impersonation to facilitate sophisticated reward fraud and illicit online gambling schemes, according to a report published by Help Net Security. Analysis of over 11,000 domains reveals a high-volume ecosystem where keywords such as “rewards” and “points” serve as primary lures for loyalty credential harvesting. Additionally, malicious operators exploit airline…

Executive Summary With QR codes having a notable presence in our everyday lives, some people instinctively scan them without hesitation. But QR codes are also a vector for attack. QR codes enable attackers to bypass organizational security by exploiting the weaker controls of personal mobile devices. By doing this, they can trick users into scanning…

Summary A fraudulent website impersonating Avast’s visual identity targets French-speaking users by claiming a non-existent €499.99 charge requires a refund, according to a new report by Malwarebytes Labs. The operation utilizes a sophisticated blend of urgency, real-time live chat support via Tawk[.]to, and dynamic page elements to harvest full credit card details and personal information. Technical…

Executive Summary During a September 2025 incident response investigation, Unit 42 discovered a rogue virtual machine (VM) which we believe with high confidence to be used by the cybercrime group Muddled Libra (aka Scattered Spider, UNC3944). The contents of this rogue VM and activity from the attack provide valuable insight into the operational playbook of…

VIENNA, VA (12 February 2026) — The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) has announced the keynote speakers for its annual Cybersecurity Summit, taking place 13-15 April 2026, in Austin, Texas. This annual event brings together cybersecurity professionals from the retail and hospitality sectors to discuss the current security landscape. 2026 Keynote…

Summary Threat actors are actively exploiting critical vulnerabilities in internet-exposed SolarWinds Web Help Desk (WHD) instances to achieve unauthenticated remote code execution. These intrusions follow a high-impact pattern where a single unpatched application serves as a gateway for lateral movement and full domain compromise. Once inside, attackers deploy a mix of legitimate remote monitoring tools and…

Executive Summary On 9 February 2026, Singapore authorities confirmed that the China-linked cyber espionage group UNC3886 conducted a deliberate, targeted, and well-planned operation against all four of the country’s major telecommunications operators: M1, SIMBA Telecom, Singtel, and StarHub. Threat Actor Profile UNC3886 is reported as a highly disciplined and stealthy state-linked threat actor. The group targets strategic organizations…

VIENNA, VA (27 January 2026) —The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) today announced the release of its 2025 Year in Review report. The report details a landmark year of expansion, featuring continued growth in membership numbers, the launch of critical fraud-fighting initiatives, and a strengthened global footprint across the Americas, Asia Pacific,…

Summary A newly identified cluster of automated malicious activity is targeting Fortinet FortiGate appliances by exploiting an unauthenticated Single Sign-On (SSO) bypass, according to new intelligence from Arctic Wolf. Commencing in January 2026, threat actors have successfully compromised devices even after the application of patches for CVE-2025-59718 and CVE-2025-59719, indicating a new attack path or incomplete remediation. The automated…