#0175
Cofense17 days ago▣LLM reporthigh Threat actors are actively abusing legitimate Cloudflare services, specifically Workers and Tunnels, to conduct adversary-in-the-middle (AiTM) phishing and distribute malware. By leveraging Cloudflare's trusted infrastructure and free tiers, attackers successfully bypass traditional security controls to deliver remote access trojans like Xeno RAT and XWorm RAT via obfuscated WebDAV connections.
#0174
Socket17 days ago▣LLM reportcritical The threat actor TeamPCP is conducting a highly coordinated supply chain campaign targeting widely used open-source security tools and developer infrastructure, including Trivy, Checkmarx' KICS, and LiteLLM. By compromising CI/CD pipelines and GitHub Actions, the attackers are successfully turning trusted security scanners into infostealers to harvest and exfiltrate massive amounts of enterprise credentials.
#0173
CERT-EU17 days ago▣LLM reportcritical CERT-EU issued an urgent security advisory regarding CVE-2026-20963, a critical unauthenticated remote code execution vulnerability in Microsoft SharePoint caused by the deserialization of untrusted data. The flaw is actively being exploited in the wild, prompting strong recommendations to immediately patch internet-facing servers, enable AMSI, and rotate ASP.NET machine keys.
#0172
Akamai17 days ago▣LLM reportlow Akamai details its internal Machine Learning Operations (MLOps) platform, highlighting the transition from manual model management to a standardized, Kubeflow-based infrastructure. The platform enhances real-time security detections by streamlining model evaluation, tuning, and deployment, and is currently evolving to support LLMOps and AgentOps for generative AI applications.
#0171
ANY.RUN17 days ago▣LLM reporthigh Kamasers is a sophisticated, multi-vector DDoS botnet and loader that leverages resilient Dead Drop Resolver (DDR) mechanisms via legitimate public services to maintain command-and-control communication. It poses significant enterprise risk by turning infected hosts into attack infrastructure and facilitating follow-on payload delivery, including potential ransomware deployment.
#0170
WithSecure17 days ago▣LLM reportcritical Threat actors are exploiting critical RCE vulnerabilities (CVE-2026-1281 and CVE-2026-1340) in Ivanti EPMM to deploy AntSword-based webshells. The automated attacks achieve root privilege escalation and rapidly exfiltrate sensitive databases and configuration files containing credentials.
The Canadian Centre for Cyber Security released a daily digest of six security advisories on March 25, 2026. The advisories highlight vulnerabilities across various enterprise products including GitLab, Node.js, n8n, Hitachi, ISC BIND, and Cisco, urging administrators to apply necessary updates and mitigations.
#0168
Recorded Future17 days ago▣LLM reporthigh Insikt Group identified five distinct threat clusters utilizing the ClickFix social engineering technique to trick users into manually executing malicious commands via native system tools. This living-off-the-land approach bypasses traditional browser security to deliver payloads like NetSupport RAT and macOS infostealers across both Windows and macOS environments.
#0167
CISA17 days ago▣LLM reporthigh CISA has added CVE-2026-33017, a code injection vulnerability affecting Langflow, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Organizations are strongly urged to prioritize timely remediation to reduce their exposure to cyberattacks.
#0166Akamai17 days ago▣LLM reportlow This informational article highlights Akamai's recognition in the 2026 GigaOm Radar for Microsegmentation report. It emphasizes the strategic importance of microsegmentation and Zero Trust architectures in modern enterprise environments to contain breaches and prevent lateral movement.
#0165Socket17 days ago▣LLM reportlow TypeScript 6.0 has been released as the final JavaScript-based version, serving as a transitional bridge to the upcoming Go-native TypeScript 7.0 compiler. The release introduces new standard library APIs, stricter default configurations to improve build performance, and deprecates several legacy features.
#0164Socket17 days ago▣LLM reportcritical A supply chain attack on Aqua Security's Trivy project resulted in compromised Docker images containing the TeamPCP infostealer being pushed to Docker Hub. The attackers leveraged unauthorized access to the Aqua Security GitHub organization to distribute malicious versions (0.69.4, 0.69.5, 0.69.6) that exfiltrate sensitive CI/CD data to a typosquatted C2 domain.
#0163
Arctic Wolf17 days ago▣LLM reporthigh AI-assisted malware development has rapidly matured, driven largely by the adoption of models like DeepSeek R1, which lowers the barrier to entry for threat actors. This surge has resulted in a high volume of structurally novel malware, including infostealers, RATs, and ransomware, many of which evade traditional signature-based detection while leaving distinct LLM-generated artifacts in their code.
#0162
Elastic Security Labs17 days ago▣LLM reportlow The article outlines the evolution of the Agentic SOC, detailing how Elastic Security leverages AI agents and automated workflows to streamline alert triage, enrich investigations, and accelerate incident response.
#0161
Trail of Bits17 days ago▣LLM reportmedium The article introduces dimensional analysis as a methodology for identifying arithmetic and logic vulnerabilities in DeFi smart contracts. By ensuring that variables representing different tokens, prices, or liquidity shares are not erroneously combined, developers can prevent severe financial logic flaws. The post highlights real-world examples of dimensional bugs and advocates for explicit unit documentation in Solidity codebases.
#0160
Sekoia.io17 days ago▣LLM reporthigh Silver Fox (also known as Void Arachne) is a China-based threat actor conducting dual-purpose campaigns in South Asia that blend financial cybercrime with APT-style espionage. Recent operations leverage tax-themed phishing to deliver evolving payloads, transitioning from the ValleyRAT backdoor to abused legitimate RMM tools, and most recently, a custom Python-based stealer disguised as a WhatsApp application.
#0159Elastic Security Labs17 days ago▣LLM reportlow Elastic has introduced Elastic Workflows, a native automation capability within its SIEM that allows security teams to build YAML-based playbooks for alert triage, enrichment, and response. The feature integrates directly with Elasticsearch data, external threat intelligence platforms, and AI-driven analysis tools to streamline security operations.
#0158
Huntress17 days ago▣LLM reportcritical Threat actors are leveraging the EvilTokens Phishing-as-a-Service platform hosted on Railway.com to conduct large-scale device code phishing campaigns against Microsoft 365 users. By abusing legitimate cloud infrastructure and multi-hop redirect chains, attackers successfully bypass email filtering and MFA to harvest persistent OAuth tokens.
#0157
NCSC17 days ago▣LLM reportlow At the RSAC Conference, the NCSC CEO discussed the dual nature of 'vibe coding' (AI-generated software). While unreviewed AI code poses significant security risks, properly trained AI tools offer a transformative opportunity to create secure-by-design software and reduce collective vulnerability to cyber attacks.
#0156Akamai17 days ago▣LLM reportlow This article emphasizes the strategic importance of cyber resilience through microsegmentation and Zero Trust architectures. By assuming breach is inevitable, organizations can focus on containing lateral movement and controlling the blast radius to prevent localized incidents from escalating into business-impacting crises.
