#0052
ANY.RUN17 days ago▣LLM reporthigh Threat actors are increasingly utilizing OAuth Device Code phishing to compromise Microsoft 365 accounts. By tricking victims into entering a verification code on the legitimate Microsoft device login page, attackers can obtain OAuth access and refresh tokens without ever harvesting the user's credentials. This technique bypasses traditional phishing defenses by operating over encrypted channels and legitimate Microsoft infrastructure.
#0051
Check Point17 days ago▣LLM reporthigh Iranian Ministry of Intelligence and Security (MOIS) affiliated threat actors, including Void Manticore and MuddyWater, are increasingly integrating cybercriminal tools, infrastructure, and affiliate models into their operations. This strategic shift, which includes the use of commercial infostealers like Rhadamanthys and RaaS platforms like Qilin, enhances their operational capabilities while complicating attribution efforts.
#0050
Socket17 days ago▣LLM reporthigh A malicious Google Chrome extension impersonating the imToken cryptocurrency wallet is actively stealing user seed phrases and private keys. The extension functions as a lightweight redirector, fetching a destination URL from a hardcoded endpoint and sending victims to a homoglyph-obfuscated phishing site designed to harvest wallet recovery secrets.
#0049
Akamai17 days ago▣LLM reportlow Akamai has announced the integration of AI-powered WAF detections into its App & API Protector platform. This enhancement leverages machine learning models trained on global traffic to autonomously identify and mitigate sophisticated web attacks, such as evasive SQL injections and parameter pollution, while maintaining human oversight and minimizing false positives.
#0048
Palo Alto Networks17 days ago▣LLM reporthigh Unit 42 researchers developed AdvJudge-Zero, an automated fuzzer that identifies stealthy prompt injection sequences to bypass AI judges. By using low-perplexity formatting tokens, attackers can manipulate LLM-based security gatekeepers into approving harmful content or corrupting training data without triggering traditional detection mechanisms.
#0047
Trend Micro17 days ago▣LLM reporthigh TrendAI researchers demonstrated novel attack vectors against AI systems, including exploiting AI-driven KYC pipelines using 'executable documents' to leak customer data. Additionally, they introduced FENRIR, an automated vulnerability hunting system that has discovered numerous zero-days in AI and Model Context Protocol (MCP) ecosystems.
#0046
SentinelOne17 days ago▣LLM reportlow SentinelLabs explores the use of Large Language Models (LLMs) to automate the extraction of indicators of compromise (IOCs) and contextual data from Cyber Threat Intelligence (CTI) narratives. The research demonstrates that LLMs can accurately parse unstructured reports into structured knowledge graphs, significantly reducing processing time while highlighting the importance of custom data models, prompt optimization, and evidence-grading frameworks.
#0045
CISA17 days ago▣LLM reporthigh CISA has added three actively exploited vulnerabilities affecting Omnissa Workspace ONE, SolarWinds Web Help Desk, and Ivanti Endpoint Manager to its Known Exploited Vulnerabilities (KEV) Catalog. Organizations are strongly urged to apply patches immediately to mitigate the risk of compromise.
#0044
Mandiant17 days ago▣LLM reporthigh This comprehensive guide outlines proactive hardening strategies to defend against destructive cyberattacks, such as ransomware and wipers. It provides actionable recommendations for securing external-facing assets, segmenting IT/OT and virtualization infrastructure, restricting lateral movement, and protecting privileged credentials across on-premises and cloud environments.
#0043
Elastic Security Labs17 days ago▣LLM reporthigh Researchers successfully patch-diffed a Windows Desktop Window Manager (DWM) vulnerability using LLMs, drastically reducing exploit development time. The vulnerability is a Use-After-Free in dwmcore.dll that can be exploited via the DirectComposition API, combined with a novel heap spray and CFG bypass, to achieve Local Privilege Escalation to SYSTEM.
#0042
Zscaler ThreatLabz17 days ago▣LLM reporthigh Threat actors are capitalizing on Middle East geopolitical tensions using over 8,000 newly registered domains to launch opportunistic cyber attacks. Campaigns include Mustang Panda deploying the LOTUSLITE backdoor via DLL sideloading, fake news sites distributing StealC malware, and various phishing/scam operations exhibiting Persian-language artifacts.
#0041Palo Alto Networks17 days ago▣LLM reporthigh Since 2020, a Chinese threat actor tracked as CL-UNK-1068 has targeted critical infrastructure in Asia for cyberespionage. The group utilizes a diverse, cross-platform toolkit including web shells, custom Go-based scanners, modified Fast Reverse Proxy (FRP) for tunneling, and legacy Python executables for DLL side-loading to maintain stealth, escalate privileges, and exfiltrate sensitive data.
#0040
Microsoft17 days ago▣LLM reporthigh Threat actors, particularly North Korean state-sponsored groups, are increasingly operationalizing AI to accelerate cyberattacks. They leverage generative AI for reconnaissance, social engineering, identity fabrication, and malware development, acting as a force multiplier that reduces technical friction while human operators maintain control over objectives.
#0039Socket17 days ago▣LLM reportinfo Latio's 2026 Application Security Market Report highlights supply chain malware and the securing of AI-generated code as the top security concerns for practitioners. The report emphasizes the inadequacy of traditional CVE scanning, citing the multi-wave Shai Hulud campaign—which compromised over 500 npm packages, exposed GitHub secrets, and targeted AI toolchains—as evidence that proactive dependency analysis is essential.
#0038Trend Micro17 days ago▣LLM reporthigh A new information stealer named BoryptGrab is being distributed through deceptive GitHub repositories that masquerade as legitimate software tools. The malware employs complex infection chains involving DLL side-loading, VBS downloaders, and encrypted payloads to deliver the stealer alongside additional backdoors like TunnesshClient and HeaconLoad.
#0037Socket17 days ago▣LLM reportlow This article is a promotional announcement for the Socket team's attendance at the RSAC and BSidesSF 2026 conferences. It briefly highlights the growing industry trend of threat actors weaponizing AI coding assistants to execute supply chain attacks by slipping malicious dependencies into developer workflows.
#0036Mandiant17 days ago▣LLM reportcritical Google Threat Intelligence Group's 2025 review highlights 90 exploited zero-day vulnerabilities, with a significant shift toward enterprise infrastructure and edge devices. Commercial surveillance vendors outpaced state-sponsored actors in zero-day usage, while financially motivated groups and PRC-nexus espionage operators continued to heavily leverage zero-days for initial access, persistence, and data theft.
#0035Elastic Security Labs17 days ago▣LLM reporthigh This report details the taxonomy, evolution, and hooking techniques of Linux rootkits. It highlights the shift from userland and LKM-based rootkits to advanced evasive techniques leveraging eBPF and io_uring, which challenge traditional EDR visibility and kernel hardening measures.
#0034CISA17 days ago▣LLM reporthigh CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog with five additional flaws affecting Hikvision, Rockwell, and Apple products based on evidence of active exploitation. Organizations, particularly federal agencies under BOD 22-01, are urged to prioritize remediation to reduce their exposure to cyberattacks.
#0033Akamai17 days ago▣LLM reportmedium The article highlights the critical need to transition various network protocols, including SSH, IPsec, OpenPGP, and DNSSEC, to post-quantum cryptography (PQC) to mitigate the 'harvest now, decrypt later' threat. While TLS and SSH have clear upgrade paths with hybrid key exchanges, protocols like DNSSEC face complex architectural challenges due to signature sizes and UDP limitations.
