Annie - RH-ISAC - Page 2 of 22 Blog

Executive Summary On 9 February 2026, Singapore authorities confirmed that the China-linked cyber espionage group UNC3886 conducted a deliberate, targeted, and well-planned operation against all four of the country’s major telecommunications operators: M1, SIMBA Telecom, Singtel, and StarHub. Threat Actor Profile UNC3886 is reported as a highly disciplined and stealthy state-linked threat actor. The group targets strategic organizations…

VIENNA, VA (27 January 2026) —The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) today announced the release of its 2025 Year in Review report. The report details a landmark year of expansion, featuring continued growth in membership numbers, the launch of critical fraud-fighting initiatives, and a strengthened global footprint across the Americas, Asia Pacific,…

Summary A newly identified cluster of automated malicious activity is targeting Fortinet FortiGate appliances by exploiting an unauthenticated Single Sign-On (SSO) bypass, according to new intelligence from Arctic Wolf. Commencing in January 2026, threat actors have successfully compromised devices even after the application of patches for CVE-2025-59718 and CVE-2025-59719, indicating a new attack path or incomplete remediation. The automated…

Executive Summary Okta has issued a warning about sophisticated vishing (voice-based social engineering) attacks targeting single sign-on (SSO) credentials. Threat actors are using custom phishing kits designed specifically for real-time voice call interactions to steal Okta SSO credentials and conduct data theft operations. These attacks are currently active and targeting companies in the Fintech, financial, and…

Summary Securonix researchers have identified a new malware campaign, dubbed PHALT#BLYX, actively targeting the hospitality sector with a multi-stage infection chain. Threat actors leverage a “ClickFix” social engineering tactic, using fake reservation emails and deceptive “Blue Screen of Death” (BSOD) pages to deceive victims into executing malicious PowerShell commands. This campaign notably bypasses defenses by…

Summary A critical unauthenticated vulnerability dubbed MongoBleed (CVE-2025-14847) has been disclosed in MongoDB’s zlib message compression, allowing remote attackers to extract sensitive data from uninitialized memory. This flaw affects nearly all versions released since 2017, enabling the exfiltration of credentials, PII, and session tokens without requiring authentication. While MongoDB released patches for supported versions in late December…

VIENNA, VA (11 December 2025) — The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) today announced the results of the 2025 Board of Directors elections. Chris McFarland (Abercrombie & Fitch), Michael South (Dick’s Sporting Goods), and Lena Taylor (Crocs) were elected as new members of the board. Steve Bonilla (Wynn Las Vegas) and Brett…

Summary A  vulnerability with a CVSS score of 10.0, tracked as CVE-2025-55182 in React and CVE-2025-66478 in Next.js, has been publicly disclosed, enabling unauthenticated remote code execution (RCE). The flaw resides in how React Server Components (RSC) decode payloads sent to Server Function endpoints, allowing attackers to execute arbitrary JavaScript on the server via specially crafted HTTP requests. Sector Impact…

VIENNA, VA (14 November 2025) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) announced the winners of the first-ever EMEA Sharing and Collaboration Challenge during the organization’s CISO Forum, held in Amsterdam on November 11, 2025. The awards recognize outstanding companies and individuals who have demonstrated exceptional dedication to RH-ISAC’s mission of…

Retail and hospitality organizations are facing a surge in distributed denial-of-service (DDoS) attacks. As adversaries adopt new tools, leverage APIs, and exploit transactional endpoints, layered defenses and edge-based mitigation have become critical to maintaining uptime and customer trust through the peak holiday season. What We’re Seeing In the past year, DDoS activity targeting retail and…