✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Real Estate/Mortgage
Breach intelligence, attack campaigns, and threat reports targeting the Real Estate/Mortgage sector.
Explore Other Sectors
Real Estate/Mortgage Threat Reports
Urgent Update: WP Maps Pro Vulnerability (CVE-2026-8732) Threatens WordPress Sites
In May 2026, a critical vulnerability (CVE-2026-8732) was discovered in the WP Maps Pro plugin for WordPress, affecting versions up to and including 6.1.0. This flaw allowed unauthenticated attackers to create administrator accounts by exploiting an insecure AJAX endpoint, leading to potential full site takeovers. The vulnerability stemmed from inadequate nonce protection, making it possible for attackers to bypass authentication mechanisms and gain elevated privileges. The exploitation of this vulnerability underscores the persistent risks associated with third-party plugins in content management systems. It highlights the necessity for website administrators to maintain rigorous update practices and implement robust security measures to mitigate such threats.
3 weeks ago
Kill Chain
Critical Vulnerability in ABB EIBPORT Devices Disclosed
In May 2026, ABB disclosed a critical vulnerability in its EIBPORT V3 KNX and KNX GSM devices, versions prior to 3.9.2. The flaw, identified as CVE-2021-22291, is a cross-site scripting (XSS) vulnerability that could allow attackers to access sensitive information and alter device configurations. ABB has released firmware updates to address this issue and recommends immediate application to mitigate potential risks. This incident underscores the persistent threat of web-based vulnerabilities in industrial control systems, emphasizing the need for continuous monitoring and timely patch management to protect critical infrastructure from evolving cyber threats.
3 weeks ago
Kill Chain
ADT Data Breach 2026: Lessons in SSO Security
In April 2026, home security company ADT experienced a data breach orchestrated by the ShinyHunters extortion group. The attackers gained unauthorized access to ADT's systems through a voice phishing (vishing) attack, compromising an employee's Okta single sign-on (SSO) account. This access allowed them to infiltrate ADT's Salesforce instance and exfiltrate personal information, including names, phone numbers, addresses, and, in some cases, dates of birth and partial Social Security numbers. Notably, no payment information or customer security systems were affected. ADT promptly terminated the intrusion, launched an investigation, and notified all affected individuals. This incident underscores the escalating threat posed by sophisticated social engineering attacks targeting SSO credentials. Organizations must enhance their security awareness training and implement robust multi-factor authentication protocols to mitigate such risks.
2 months ago
Kill Chain
ADT Data Breach 2026: Lessons in Cloud Security and Social Engineering
In April 2026, home security giant ADT experienced a significant data breach orchestrated by the cyber extortion group ShinyHunters. The attackers gained unauthorized access to ADT's cloud-based environments by compromising an employee's Okta single sign-on (SSO) account through a voice phishing (vishing) attack. This breach led to the exfiltration of personal information belonging to approximately 5.5 million individuals, including names, phone numbers, physical addresses, dates of birth, and partial Social Security numbers or Tax IDs. Notably, no payment information or customer security systems were compromised. This incident underscores the escalating threat posed by sophisticated social engineering tactics targeting SSO credentials. Organizations must bolster their defenses against such attacks, as the reliance on cloud-based services and centralized authentication systems continues to grow, making them attractive targets for cybercriminals.
1 month ago
Kill Chain
Cybercriminals Exploit Vacant Homes to Intercept Mail and Commit Fraud
In April 2026, cybersecurity analysts uncovered a sophisticated fraud scheme where adversaries exploit vacant residential properties to intercept sensitive mail, facilitating identity theft and financial fraud. Attackers identify unoccupied homes through real estate listings, register for postal services like Informed Delivery to monitor incoming mail, and use change-of-address requests to redirect mail to addresses under their control. This method combines open-source intelligence, legitimate postal services, and fake identities to gain persistent access to victims' correspondence. This incident highlights a growing trend where cybercriminals blend digital tactics with physical-world manipulation, exploiting legitimate services to bypass traditional cybersecurity defenses. The rise in such hybrid cybercrime underscores the need for enhanced vigilance and cross-domain monitoring to detect and prevent these evolving threats.
2 months ago
Kill Chain
Critical Security Flaws in Apeman Cameras: A 2025 Analysis
In late 2025, multiple critical vulnerabilities were identified in Apeman ID71 cameras, including hard-coded credentials (CVE-2025-11126), cross-site scripting (CVE-2025-11851), and missing authentication for critical functions (CVE-2025-11852). These flaws could allow remote attackers to gain unauthorized access, manipulate device settings, or intercept camera feeds. Despite early notifications, Apeman did not respond to these disclosures, leaving devices exposed to potential exploitation. The prevalence of IoT devices with unpatched vulnerabilities underscores the urgent need for manufacturers to implement robust security measures and for users to apply timely updates. This incident highlights the critical importance of proactive vulnerability management in safeguarding connected devices against emerging threats.
3 months ago
Kill Chain
FBI Issues Warning on Phishing Attacks Impersonating Local Government Officials
In March 2026, the FBI issued a warning about a phishing campaign where criminals impersonated U.S. city and county officials to target individuals and businesses applying for land-use permits. The attackers used publicly available information to craft convincing emails, instructing victims to pay fraudulent fees via wire transfer, peer-to-peer payment, or cryptocurrency. This scheme exploited the victims' trust in official communications, leading to financial losses and potential exposure of sensitive information. This incident underscores a growing trend of cybercriminals leveraging publicly accessible data to enhance the credibility of their phishing attacks. The increasing sophistication of such schemes highlights the urgent need for heightened vigilance and robust verification processes in all interactions involving sensitive transactions.
3 months ago
Kill Chain
Microsoft Dismantles RedVDS: Takedown of a Major Cybercrime Infrastructure in 2026
In January 2026, Microsoft, in collaboration with Europol and German authorities, disrupted RedVDS, a global cybercrime-as-a-service platform responsible for at least $40 million in fraud losses since March 2025. RedVDS provided criminals with affordable, disposable virtual Windows servers and administrator-level access, enabling mass phishing, business email compromise (BEC) scams, credential theft, and sophisticated social engineering—including attacks leveraging AI technologies. The takedown involved legal action, seizure of RedVDS infrastructure, and removal of its marketplace and customer portal, significantly impacting cybercriminal campaigns that leveraged these services to attack organizations and individuals worldwide. This incident underscores the increasing threat posed by cybercrime-as-a-service models, which drastically lower barriers for criminals to launch high-volume, geographically-targeted attacks leveraging cloud infrastructure. The rise of AI-generated phishing, deepfakes, and anonymized payment methods heightens risk, challenging both organizational defenses and global law enforcement.
5 months ago
Kill Chain
Microsoft & Law Enforcement Dismantle RedVDS Cybercrime Platform in 2026
In January 2026, Microsoft, in collaboration with U.S. and U.K. law enforcement, disrupted the RedVDS cybercrime infrastructure, dismantling a crimeware-as-a-service network that fueled millions in global fraud losses. Managed by the threat actor Storm-2470, RedVDS offered inexpensive, disposable Windows-based RDP servers with no logging, enabling cybercriminals to conduct mass phishing, business email compromise (BEC) schemes, account takeovers, and other online fraud at scale. RedVDS’s infrastructure was critical in facilitating over $40 million in reported fraud losses in the U.S. since March 2025, impacting at least 191,000 organizations across sectors like healthcare, legal, finance, manufacturing, and real estate. The incident underscores the rapidly growing risk posed by cybercrime subscription models that democratize access to sophisticated attack tools. As CaaS platforms pair with generative AI, threat actors are increasingly able to automate and scale targeted campaigns, elevating both regulatory risk and enterprise exposure across all industries.
5 months ago
Kill Chain
Microsoft, Europol Disrupt RedVDS Cybercrime Marketplace in Major Global Takedown (2025)
In June 2025, Microsoft, in collaboration with international law enforcement, dismantled the infrastructure powering the RedVDS cybercrime marketplace, a platform notorious for enabling large-scale cyber fraud. Since at least March 2025, RedVDS provided cybercriminals with access to disposable, unlicensed virtual Windows servers for as little as $24 per month, facilitating attacks such as phishing, credential theft, and business email compromise. The platform's operations are tied to over $40 million in U.S. fraud losses, including multi-million-dollar incidents targeting the pharmaceutical and real estate sectors. Over a month, attackers using RedVDS compromised more than 191,000 Microsoft email accounts, demonstrating the platform's operational scale and global reach. This takedown underscores the growing threat of Cybercrime-as-a-Service marketplaces, which lower barriers for cybercriminals and accelerate the pace and scale of attacks. Organizations across industries must prioritize modern security strategies as such platforms proliferate and regulatory bodies intensify their scrutiny of supply chain and email-based threats.
5 months ago
Kill Chain
YoSmart YoLink 2026: IoT Flaws Enable Remote Takeover and Data Exposure
In January 2026, YoSmart's YoLink Smart Hub platform was found vulnerable to a series of security flaws that placed smart home users at risk worldwide. Discovered and reported by Bishop Fox and disclosed via CISA, these issues included insufficient authorization in device communication, the use of predictable device identifiers, cleartext transmission of sensitive information over MQTT, and excessive session token lifetimes. Attackers could remotely control users' smart devices, intercept data, and hijack sessions without physical access, affecting both the hub and its mobile app ecosystem. The vulnerabilities were present in core server infrastructure, device APIs, and user-facing applications. While YoSmart resolved the vulnerabilities through server-side and over-the-air updates, this incident highlights critical and ongoing risks in the IoT and smart device sector. The attack methods exploited insecure-by-design communication and poor identity management—trends increasingly scrutinized by regulators and targeted by sophisticated threat actors worldwide.
5 months ago
Kill Chain
Flock Cloud Misconfiguration Exposes AI Camera Surveillance Feeds in 2026
In January 2026, Flock, a prominent provider of AI-enabled surveillance technologies, faced a significant cybersecurity incident due to a cloud misconfiguration. Unauthorized online access was discovered, revealing live video streams from Flock’s advanced Condor pan-tilt-zoom cameras deployed in public areas and private properties. These cameras, designed for AI-driven facial and movement tracking, unintentionally exposed high-resolution footage of civilians—including children—across multiple locations, highlighting considerable privacy and operational risks. No evidence suggests the exposure was caused by active exploitation; instead, the open access points were a direct result of insufficient cloud security controls and misapplied access permissions. The incident triggered regulatory and public concern around surveillance, data protection, and compliance obligations, emphasizing the criticality of proper cloud configurations in the era of AI-driven physical security systems. This breach is indicative of a broader rise in cloud infrastructure misconfigurations exposing sensitive, AI-powered surveillance data. Regulatory agencies and industry groups are increasing pressure on technology vendors to enforce robust controls, with cloud and IoT security now considered foundational to protecting physical as well as digital environments.
5 months ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports