#0302
Socketabout 2 months ago4 min▣LLM reporthigh North Korean state actors compromised the lead maintainer of the popular Axios npm package through a highly targeted social engineering campaign. By establishing credibility via fake corporate personas and communication channels, the attackers tricked the developer into executing malware disguised as a software update, ultimately gaining unauthorized publish access to the npm registry.
#0301
Canadian Centre for Cyber Securityabout 2 months ago2 min▣LLM reportmedium The Canadian Centre for Cyber Security issued an advisory regarding vulnerabilities in Google Chrome for Desktop. Organizations must update Chrome to version 147.0.7727.55/56 for Windows/Mac and 147.0.7727.55 for Linux to mitigate potential security risks.
#0300
Sophosabout 2 months ago5 min▣LLM reportmedium Sophos researchers successfully deployed the OpenClaw AI agent in a controlled red team engagement against a legacy on-prem network. By implementing strict safety guardrails and custom-built skills, the agent autonomously conducted Active Directory reconnaissance and exploitation, significantly reducing operational time while identifying 23 actionable security findings.
#0299
Recorded Futureabout 2 months ago3 min▣LLM reportinfo The article advocates for an intelligence-driven approach to third-party risk management, arguing that static security ratings are insufficient against modern supply chain threats. It highlights the necessity of integrating external hygiene data with real-time threat intelligence to proactively detect vendor compromises such as ransomware extortion and credential leaks.
#0298
Infobloxabout 2 months ago6 min▣LLM reporthigh An Android banking trojan is being distributed globally as a Malware-as-a-Service (MaaS) from scam centers in Cambodia, utilizing forced labor to conduct social engineering campaigns. The malware features extensive surveillance capabilities, including SMS interception and biometric capture, allowing attackers to bypass KYC and OTP protections to commit direct financial fraud.
#0297
Socketabout 2 months ago6 min▣LLM reporthigh North Korea's Contagious Interview campaign has launched a coordinated supply chain attack across five major open-source ecosystems. The threat actors published malicious packages masquerading as legitimate developer tools that act as staged loaders to deliver remote access trojans (RATs) and infostealers to developer workstations.
#0296
Trail of Bitsabout 2 months ago4 min▣LLM reportinfo Trail of Bits has published a new C/C++ security checklist in their Testing Handbook, detailing common bug classes, API gotchas, and environment-specific vulnerabilities across Linux and Windows. The guide serves as a foundation for manual code review and highlights specific issues like libc quirks, Windows driver registry flaws, and seccomp/BPF sandbox bypasses.
#0295
Microsoftabout 2 months ago5 min▣LLM reporthigh Storm-2755 is a financially motivated threat actor targeting Canadian organizations with 'payroll pirate' attacks. By leveraging SEO poisoning and Adversary-in-the-Middle (AiTM) techniques, the actor steals session tokens to bypass legacy MFA, maintains persistence using the Axios HTTP client, and alters direct deposit information to steal employee salaries.
#0294
Cisco Talosabout 2 months ago4 min▣LLM reporthigh This threat intelligence newsletter highlights the emerging 'Platform-as-a-Proxy' (PaaP) technique, where attackers abuse legitimate SaaS notifications to bypass traditional email security. It also covers active campaigns, including Storm-1175 deploying Medusa ransomware via CVE-2026-1731, and UAT-10362 targeting Taiwanese organizations with a novel Lua-based malware called LucidRook.
#0293
Zscaler ThreatLabzabout 2 months ago5 min▣LLM reporthigh Attackers are utilizing a fake Adobe Acrobat Reader lure to deploy a highly obfuscated VBScript loader that executes a .NET payload entirely in-memory. The attack chain leverages PEB manipulation for process masquerading and abuses auto-elevated COM objects to bypass UAC, ultimately installing the legitimate ScreenConnect remote access tool for malicious purposes.
#0292
ANY.RUNabout 2 months ago5 min▣LLM reporthigh German critical industries are facing coordinated, highly targeted phishing campaigns utilizing Phishing-as-a-Service platforms like EvilProxy and FlowerStorm. These attacks leverage Adversary-in-the-Middle (AitM) techniques to intercept session cookies, effectively bypassing traditional Multi-Factor Authentication (MFA) to compromise Microsoft 365 and Okta accounts.
#0291
Cofenseabout 2 months ago4 min▣LLM reporthigh A sophisticated, multi-stage phishing campaign is spoofing the IRS and Elon Musk to conduct full-stack financial fraud. The attack leverages promises of a $5000 tax refund to trick victims into surrendering extensive PII, government IDs, bank account details, and direct cryptocurrency transfers, with stolen data exfiltrated via Telegram.
#0290
Elastic Security Labsabout 2 months ago2 min▣LLM reportlow Elastic provided the core defensive security platform and AI capabilities for the UK Ministry of Defence's Defence Cyber Marvel 2026 (DCM26) cyber exercise. The deployment featured a highly scalable, multi-tenanted Elastic Cloud architecture managed via Terraform, integrating advanced AI assistants and automated workflows to support 40 defending Blue Teams.
#0289
Canadian Centre for Cyber Securityabout 2 months ago3 min▣LLM reportmedium The Canadian Centre for Cyber Security published a daily digest of security advisories on April 9, 2026. The digest highlights multiple vulnerabilities across HPE servers, Juniper Networks operating systems, Qualcomm products, and Tenable Security Center, urging administrators to apply available vendor updates.
#0288
Palo Alto Networksabout 2 months ago4 min▣LLM reporthigh The AWS Bedrock AgentCore starter toolkit automatically provisions overly permissive IAM roles that grant wildcard access across the AWS account. This "Agent God Mode" misconfiguration allows a compromised AI agent to exfiltrate ECR images, access other agents' memories, and escalate privileges by invoking other code interpreters or agents.
#0287
Socketabout 2 months ago5 min▣LLM reporthigh A high-severity social engineering campaign is actively targeting open source developers on Slack by impersonating Linux Foundation leaders. The multi-stage attack uses a fake AI tool lure to harvest credentials and trick victims into installing a malicious root certificate, leading to traffic interception and malware execution on macOS and Windows systems.
#0286
Sophosabout 2 months ago5 min▣LLM reportcritical A zero-day vulnerability in Adobe Reader is being actively exploited in targeted attacks against the Russian oil and gas sector. Threat actors are utilizing malicious PDF files embedded with obfuscated JavaScript to execute privileged APIs, enabling sensitive data theft and potential remote code execution.
#0285
Recorded Futureabout 2 months ago2 min▣LLM reportinfo This report provides geopolitical intelligence on the political landscape of Venezuela following a January 2026 US military operation that removed Nicolás Maduro. It analyzes Acting President Delcy Rodríguez's strategies for consolidating power, managing internal regime rivals, and navigating US diplomatic pressure and OFAC sanctions relief.
#0284
Cofenseabout 2 months ago5 min▣LLM reporthigh Threat actors are increasingly abusing legitimate Git repository platforms like GitHub and GitLab to host malware and credential phishing pages. By leveraging the inherent trust organizations place in these domains, attackers successfully bypass secure email gateways (SEGs) to deliver dual-threat campaigns involving remote access trojans (RATs), infostealers, and credential harvesting.
#0283
Akamaiabout 2 months ago3 min▣LLM reportmedium AI fetcher bots are severely impacting the publishing industry by scraping proprietary content in real-time to feed AI chatbots, leading to a drastic reduction in referral traffic and revenue. Organizations are advised to implement advanced bot management and monetization strategies rather than relying solely on default blocking to mitigate infrastructure strain and financial losses.