News

Stay up-to-date with the latest news and events in the cybersecurity industry. Here, you'll find a wide range of articles, updates, and event listings covering topics such as data breaches, emerging threats, and new security technologies.

21 April 2026

Positive Technologies reports a new wave of attacks by CapFix

Experts at Positive Technologies have uncovered a new series of attacks by the CapFix threat group, spanning from late 2025 through March 2026. The threat actors used upgraded tools and compromised infrastructure, which they likely accessed by exploiting a critical vulnerability in the Roundcube Webmail client. An analysis of the group's attacks in autumn 2025 revealed that the criminals specifically targeted Russian companies in the industrial and aerospace sectors.

20 April 2026

Positive Technologies helps fix four vulnerabilities in Foswiki, a free enterprise collaboration platform

PT SWARM researcher Evgeny Kopytin discovered four vulnerabilities in Foswiki, a widely used open-source wiki collaboration platform. Organizations around the world rely on Foswiki for internal knowledge bases, project management, and collaborative document editing in a web browser. The security flaws could enable attackers to steal sensitive information, take over accounts of employees and administrators, and even gain full control over corporate servers. Affected are wiki engine versions 2.1.9 and earlier, as well as the bundled MentionsPlugin version 1.0 component. The findings were disclosed responsibly to the Foswiki project team, and patched software releases are already available.

13 April 2026

Positive Technologies helps fix vulnerabilities in Proxmox Mail Gateway

PT SWARM researcher Artyom Danilov identified four vulnerabilities in Proxmox Mail Gateway, an open-source platform developed by Proxmox Server Solutions to protect corporate email against spam and malware. If exploited, the vulnerabilities could allow an attacker to deliver malicious attachments to employees, including ransomware and spyware. The vendor was notified through responsible disclosure and issued an update to remediate the flaws.

10 April 2026

Positive Technologies helps strengthen security of Yealink video conferencing system

Egor Dimitrenko of PT SWARM identified and helped fix two vulnerabilities in Yealink Meeting Server. Tracked as PT-2025-54941 (BDU: 2025-06898) and PT-2025-54940 (BDU: 2025-06897), they received CVSS 3.1 scores of 8.8 and 5.3, corresponding to high and medium severity. Successful exploitation could have enabled remote attackers to take control of the server, intercept calls, access sensitive data, and use the compromised system as a foothold for attacks on internal corporate networks. The findings were reported to the vendor in accordance with responsible disclosure practices, and patches have already been released (1, 2).

2 April 2026

Positive Technologies: Mythic Likho resumes targeted attacks on Russian critical infrastructure

The Cyberthreat Intelligence team at Positive Technologies Expert Security Center (PT ESC TI) has conducted a comprehensive analysis of Mythic Likho, an APT group targeting Russia's critical information infrastructure (CII). The attackers craft unique phishing materials for each victim, using custom malware alongside a wide array of additional tools. To store and deliver malware, the group employs compromised websites of Russian companies and fraudulent sites. Their goal is to encrypt valuable data and demand a ransom for its restoration.

27 March 2026

Positive Technologies helped Yokogawa address six vulnerabilities affecting CENTUM VP

Yokogawa Electric Corporation thanked Positive Technologies researchers Dmitry Sklyar and Demid Uzenkov for identifying six vulnerabilities in the codebase of CENTUM VP, Yokogawa's distributed control system (DCS). If exploited, the security flaws could disrupt industrial operations and potentially cause production shutdowns. The vendor was notified through responsible disclosure and issued an update to fix the vulnerabilities.

20 March 2026

Foundry Gaming has strengthened the security of its gaming platform with support from Positive Technologies

PT SWARM researcher Oleg Surnin identified two vulnerabilities in Foundry Virtual Tabletop (Foundry VTT), an online gaming platform developed by Foundry Gaming. If exploited, the issues could lead to remote code execution on a server running Foundry VTT, giving an attacker the ability to take the server offline for extortion, hijack its resources for cryptomining, or use it as a foothold for subsequent attacks. The vendor was notified of the threat in line with the responsible disclosure policy and released a software patch.

6 March 2026

Year in review at Standoff Bug Bounty: 32% of findings were high- or critical-severity vulnerabilities

Positive Technologies, a leader in results-driven cybersecurity, announced the 2025 performance of its Standoff Bug Bounty platform. The community of security researchers, available programs, and validated vulnerabilities grew sharply year over year, with 32% of accepted findings classified as high or critical. Offline businesses turned out to be the most exposed sector, with 37% of accepted reports uncovering high- or critical-severity vulnerabilities.

27 February 2026

Positive Technologies helps fix vulnerabilities in XWiki, a generic wiki platform

PT SWARM experts Alexey Solovyov and Evgeny Kopytin have identified three vulnerabilities in XWiki, an open-source platform used by companies to create wiki sites. Exploiting these security flaws could allow attackers to steal employee data or block access to the system, disrupting business operations. The vendor was notified of the vulnerability under a responsible disclosure policy and released an update.

24 February 2026

Positive Technologies discovers unique tools of APT group targeting telecom companies in the CIS countries

Specialists from the Threat Intelligence department at Positive Technologies Expert Security Center (PT ESC TI) have identified attacks on telecommunications companies in Kyrgyzstan and Tajikistan. The attackers distributed phishing emails containing documents and links with malicious code embedded. The hackers disguised their malware as legitimate Microsoft Windows components.

Thinking about the best way to protect your company?

During the consultation we'll propose a solution precisely tailored to your organization.