#0384
NCSCabout 2 months ago3 min▣LLM reportlow The UK's National Cyber Security Centre (NCSC) has developed SilentGlass, a commercially available plug-and-play hardware device designed to secure HDMI and DisplayPort connections against malicious exploitation. Manufactured by Goldilock Labs, the device treats physical display interfaces as security boundaries to prevent unauthorized network access and espionage.
#0383
Palo Alto Networksabout 2 months ago4 min▣LLM reporthigh Researchers have disclosed AirSnitch, a novel set of attack techniques that bypass WPA2 and WPA3-Enterprise Wi-Fi encryption and client isolation. By exploiting vulnerabilities in protocol-infrastructure interactions such as MAC address tables and routing layers, attackers can achieve Meddler-in-the-Middle (MitM) capabilities to intercept and inject traffic across enterprise networks.
#0382
Cofenseabout 2 months ago4 min▣LLM reporthigh Threat actors are increasingly weaponizing legitimate software and known vulnerabilities to bypass endpoint detection and response (EDR) systems. Between December 2021 and December 2024, the abuse of legitimate Remote Access Tools (RATs) like NetSupport Manager and ConnectWise has surged, often delivered via phishing emails exploiting older Microsoft Office vulnerabilities to establish persistent, stealthy access.
#0381
Zscaler ThreatLabzabout 2 months ago6 min▣LLM reporthigh Tropic Trooper is conducting a cyber espionage campaign targeting Chinese-speaking individuals in Asia using military-themed lures. The threat actors employ a trojanized SumatraPDF reader (TOSHIS loader) to deploy a custom AdaptixC2 Beacon that uses GitHub for command-and-control, ultimately establishing persistent remote access via VS Code tunnels.
#0380
Socketabout 2 months ago5 min▣LLM reportcritical A supply chain attack targeting npm packages associated with Namastex.ai has been discovered, utilizing CanisterWorm-style malware. The malicious packages execute upon installation to harvest developer credentials, cloud secrets, and cryptocurrency wallets, exfiltrating data to an ICP canister and webhooks while attempting to self-propagate across the npm and PyPI ecosystems.
#0379
SentinelOneabout 2 months ago4 min▣LLM reportmedium Security researchers analyzed ultra-cheap Chinese smart home devices, revealing a shadow supply chain utilizing shared hardware with hardcoded root passwords and superficial security fixes. These devices route metadata and video content through servers in China and are shielded from regulatory oversight by shell companies, creating a massive, vulnerable IoT attack surface.
#0378
Socketabout 2 months ago2 min▣LLM reportlow Socket has launched a new extensible reporting framework within its dashboard to provide chart-based views of vulnerabilities, dependencies, and usage. The feature aims to streamline security reporting by offering exportable visualizations aligned with standard frameworks like OWASP and CWE, improving operational visibility and risk communication.
#0377
Cisco Talosabout 2 months ago6 min▣LLM reporthigh Talos IR's Q1 2026 trends report highlights the resurgence of phishing as the primary initial access vector, heavily targeting public administration and healthcare. The quarter saw novel abuses of AI tools like Softr for credential harvesting, the emergence of the Crimson Collective extortion group leveraging valid accounts and TruffleHog, and Rhysida ransomware deploying the MeowBackConn backdoor.
#0376
Recorded Futureabout 2 months ago5 min▣LLM reporthigh Dabai Guarantee is a decentralized, Telegram-based marketplace utilized by Chinese-speaking cybercriminal syndicates to coordinate global fraud, ghost-tapping, and money laundering operations. The platform acts as an escrow service using USDT, enabling siloed teams to execute retail and financial fraud across various countries while minimizing trust issues among criminals and reducing law enforcement visibility.
#0375
Canadian Centre for Cyber Securityabout 2 months ago2 min▣LLM reportcritical The Canadian Centre for Cyber Security issued a daily digest highlighting two major security advisories. Notably, Microsoft released an out-of-band update to patch a critical elevation of privilege vulnerability (CVE-2026-40372) in ASP.NET Core, and GitLab released updates to address vulnerabilities across its Community and Enterprise editions.
#0374
CISAabout 2 months ago2 min▣LLM reporthigh CISA has added CVE-2026-33825, an insufficient granularity of access control vulnerability in Microsoft Defender, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation in the wild.
#0373
Recorded Futureabout 2 months ago3 min▣LLM reportmedium The integration of AI into vulnerability research is scaling up existing challenges for defenders by increasing the volume of vulnerability reports and shrinking the time-to-exploit from days to hours. While AI currently augments skilled operators rather than enabling mass low-skill exploitation, organizations must adopt automated, exposure-based prioritization and accelerated patching to manage the growing noise and mitigate high-impact threats.
#0372
Cofenseabout 2 months ago3 min▣LLM reportmedium Polymorphic phishing campaigns utilize constant variation across all email elements and infrastructure to evade traditional, signature-based security controls. AI accelerates these attacks by increasing their volume and realism, necessitating a shift towards context-based detection and layered defenses that include human insight.
#0371
Trend Microabout 2 months ago6 min▣LLM reportcritical Void Dokkaebi (Famous Chollima) is conducting a self-propagating supply chain campaign targeting software developers via fake job interviews. By tricking victims into cloning malicious repositories, the attackers deploy the DEV#POPPER RAT and weaponize the victim's own code contributions to infect downstream developers and organizational repositories.
#0370
Huntressabout 2 months ago6 min▣LLM reportcritical Huntress has observed an uptick in threat actors exploiting CVE-2026-1731 in outdated Bomgar RMM instances to compromise organizations and their downstream clients. Attackers utilize this access to establish persistence via secondary RMM tools, evade defenses using BYOVD techniques, and ultimately deploy LockBit ransomware.
#0369
Elastic Security Labsabout 2 months ago4 min▣LLM reportlow Elastic Security Labs conducted research on the capabilities of Large Language Models (LLMs), specifically Claude Opus 4.6, to reverse engineer obfuscated binaries. The research demonstrates that while LLMs can defeat traditional obfuscation, novel techniques targeting LLM weaknesses—such as context window limits, budget caps, and shortcut biases—can effectively and cheaply disrupt automated static analysis pipelines.
#0368
Socketabout 2 months ago2 min▣LLM reportinfo Socket has announced a new integration with Jira Cloud to streamline vulnerability management and remediation workflows. The integration enables security and engineering teams to automatically or manually sync Socket security alerts into Jira issues, complete with customizable routing and two-way state synchronization.
#0367
Socketabout 2 months ago2 min▣LLM reportlow This article is a corporate announcement detailing Socket's recognition as a top sales organization by RepVue. It includes a brief Q&A with an Account Executive regarding company culture and highlights ongoing hiring efforts.
#0366
Huntressabout 2 months ago5 min▣LLM reporthigh Threat actors are actively deploying Nightmare-Eclipse proof-of-concept tools, including BlueHammer, RedSun, and UnDefend, in real-world intrusions to exploit Windows Defender race conditions for privilege escalation. The attacks, likely originating from compromised FortiGate VPN access, culminate in the deployment of BeigeBurrow, a Go-based reverse tunnel agent used for persistent command and control.
#0365
ESETabout 2 months ago4 min▣LLM reporthigh ESET researchers identified a new variant of the NGate Android malware that trojanizes the legitimate HandyPay application to facilitate NFC relay attacks and steal payment card PINs. Targeting users in Brazil through social engineering and fake app stores, the malware allows attackers to conduct unauthorized ATM cash-outs while requiring no suspicious device permissions.