#0364
ANY.RUNabout 2 months ago6 min▣LLM reporthigh Lazarus Group is conducting a new ClickFix campaign targeting macOS users in high-value sectors via Telegram. The attackers trick victims into executing a terminal command that deploys 'Mach-O Man,' a multi-stage Go-based malware kit designed to steal credentials, browser data, and macOS Keychain secrets, exfiltrating the data via Telegram.
#0363
Cisco Talosabout 2 months ago6 min▣LLM reporthigh The article details how threat actors can leverage native macOS binaries and protocols (Living-off-the-Land) to execute code, move laterally, and transfer tools while evading traditional security telemetry. By abusing Remote Application Scripting (RAS), Spotlight metadata, and built-in networking utilities, attackers can orchestrate fleet-wide compromises that bypass standard SSH-centric monitoring.
#0362
Recorded Futureabout 2 months ago4 min▣LLM reporthigh The rapid adoption of agentic AI in enterprise environments introduces significant security risks by amplifying existing software supply chain and identity management vulnerabilities. Threat actors can leverage prompt engineering, input manipulation, and malicious packages to weaponize AI agents, necessitating zero-trust principles, robust IAM for non-human identities, and human-in-the-loop safeguards.
#0361
Check Pointabout 2 months ago7 min▣LLM reportcritical The Gentlemen is an emerging Ransomware-as-a-Service (RaaS) operation that provides affiliates with versatile, multi-platform lockers. Recent incident response telemetry reveals affiliates utilizing Cobalt Strike and SystemBC for post-exploitation and C2, culminating in highly automated, domain-wide ransomware deployment via Group Policy and built-in lateral movement mechanisms.
#0360
NCSCabout 2 months ago2 min▣LLM reportlow The CEO of the UK's National Cyber Security Centre (NCSC) warns of a 'perfect storm' in cyber security fueled by AI advancements and geopolitical conflicts. The majority of significant incidents are now driven by nation-states, requiring a fundamental cultural shift across all organizations to prioritize cyber resilience and adapt to AI-accelerated vulnerability exploitation.
#0359
Canadian Centre for Cyber Securityabout 2 months ago2 min▣LLM reportmedium The Canadian Centre for Cyber Security issued an advisory regarding multiple vulnerabilities in Mozilla Firefox and Firefox ESR. Organizations are urged to update their browser deployments to Firefox 150, Firefox ESR 115.35, or Firefox ESR 140.10 to ensure protection against potential security risks.
#0358
Huntressabout 2 months ago5 min▣LLM reporthigh A Linux endpoint compromised by multiple threat actors deploying cryptominers was further complicated when the user utilized OpenAI's Codex to troubleshoot system issues. The AI agent generated commands that structurally resembled malicious activity, triggering EDR alerts and creating significant noise that hindered SOC triage and incident response.
#0357
Akamaiabout 2 months ago5 min▣LLM reporthigh Threat actors are actively exploiting CVE-2025-29635, a command injection vulnerability in end-of-life D-Link DIR-823X routers, to deploy a Mirai botnet variant. The campaign utilizes malicious HTTP POST requests to download and execute shell scripts that fetch the final Mirai payload, while also targeting vulnerabilities in TP-Link and ZTE devices.
#0356
Varonisabout 2 months ago5 min▣LLM reportcritical On April 19, 2026, Vercel disclosed a critical security breach originating from a compromised third-party AI tool, Context.ai. The threat actor, ShinyHunters, utilized an infostealer to harvest OAuth tokens, bypassed MFA to access Vercel's Google Workspace, and pivoted via SSO to bulk-extract customer environment variables containing highly sensitive cloud, database, and source code credentials.
#0355
Trend Microabout 2 months ago5 min▣LLM reportcritical A supply chain attack leveraging a compromised third-party OAuth application (Context.ai) allowed threat actors to breach Vercel's internal systems. The attackers exploited Vercel's environment variable sensitivity model to enumerate and expose unencrypted customer secrets, leading to potential downstream credential abuse across multiple cloud and SaaS platforms.
#0354
Akamaiabout 2 months ago4 min▣LLM reporthigh Security researchers identified a signal-reentrancy weakness in a signed macOS OpenSSL wrapper binary. The vulnerability arises from the intersection of legacy TLS capabilities and async-unsafe POSIX functions, which can be exploited via race conditions and forced TLS downgrades to cause Denial of Service (DoS) or potential memory corruption.
#0353
CISAabout 2 months ago4 min▣LLM reportcritical A software supply chain compromise impacted the Axios npm package, injecting a malicious dependency ([email protected]) into versions 1.14.1 and 0.30.4. This dependency downloads multi-stage payloads, including a Remote Access Trojan (RAT), which communicates with a known malicious C2 domain.
#0352
Canadian Centre for Cyber Securityabout 2 months ago5 min▣LLM reporthigh The Canadian Centre for Cyber Security published a daily digest of six security advisories on April 20, 2026. The advisories cover critical vulnerabilities and updates for various IBM, Dell, Ubuntu, Red Hat, and ICS/SCADA products, including a specific NTP vulnerability (CVE-2020-11868) in Moxa Ethernet switches.
#0351
CISAabout 2 months ago3 min▣LLM reporthigh CISA has added eight actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, affecting various enterprise software including PaperCut, JetBrains TeamCity, Zimbra, and Cisco Catalyst SD-WAN Manager. Organizations are strongly urged to prioritize remediation of these flaws to reduce exposure to cyberattacks.
#0350
Socketabout 2 months ago3 min▣LLM reporthigh NIST has officially shifted the National Vulnerability Database (NVD) to a risk-based enrichment model, ceasing analysis for most new CVEs due to overwhelming submission volumes. This policy change leaves thousands of vulnerabilities without critical CVSS and CPE metadata, forcing organizations to rely on decentralized data sources and CNA-provided scores that often conflict with independent analysis.
#0349
Trail of Bitsabout 2 months ago4 min▣LLM reporthigh Trail of Bits researchers successfully forged a zero-knowledge proof for a quantum circuit by exploiting memory safety and logic vulnerabilities in Google's Rust-based zkVM prover. By leveraging unsafe deserialization and register aliasing, they bypassed resource counters and quantum reversibility constraints, demonstrating critical attack surfaces in modern zero-knowledge proof implementations.
#0348
Varonisabout 2 months ago3 min▣LLM reporthigh Varonis Threat Labs discovered a logging evasion vulnerability in AWS where anonymous requests to external S3 buckets via VPC endpoints failed to generate CloudTrail Network Activity events. This flaw allowed attackers to invisibly exfiltrate data or download malware from compromised VPCs, though AWS has since patched the issue to ensure these requests are properly logged.
#0347
Socketabout 2 months ago3 min▣LLM reportlow Socket has been selected for OpenAI's Cybersecurity Grant Program, gaining API credits and access to frontier models via the Trusted Access for Cyber framework. This partnership enhances Socket's ability to detect malicious packages in open-source registries like npm and PyPI in near real-time, countering the increasing speed and automation of supply chain attacks.
#0346
Sophosabout 2 months ago4 min▣LLM reportcritical Microsoft's April 2026 Patch Tuesday addresses 163 CVEs across 17 product families, including 8 Critical vulnerabilities and one actively exploited zero-day (CVE-2026-32201 in SharePoint). Organizations should prioritize patching the exploited SharePoint flaw, the publicly disclosed Defender bug (CVE-2026-33825), and a highly critical 9.8 CVSS RCE in Windows IKE (CVE-2026-33824).
#0345
Canadian Centre for Cyber Securityabout 2 months ago3 min▣LLM reporthigh The Canadian Centre for Cyber Security released a daily digest highlighting recent security updates for Microsoft Edge, HashiCorp Vault, and JetBrains YouTrack. Organizations are advised to apply the necessary patches to address vulnerabilities including Denial-of-Service and Server-Side Request Forgery.