#0114
Canadian Centre for Cyber Securityabout 2 months ago2 min▣LLM reportcritical The Canadian Centre for Cyber Security issued an advisory regarding a critical vulnerability in multiple versions of the Ubiquiti UniFi Network application. Administrators are strongly encouraged to apply the latest vendor updates to mitigate potential risks.
#0113
CrowdStrikeabout 2 months ago2 min▣LLM reportlow CrowdStrike announced new product capabilities at Fal.Con Gov 2026 aimed at modernizing national security and protecting critical government systems. The updates include Falcon Flex for flexible procurement and new Charlotte AI features for automated, natural language-driven security investigations within FedRAMP-authorized environments.
#0112
Trend Microabout 2 months ago7 min▣LLM reporthigh A targeted campaign is delivering the PureLog Stealer via localized copyright violation lures. The attack employs a sophisticated multi-stage infection chain, utilizing a Python-based loader to bypass AMSI, establish registry persistence, and execute the final .NET stealer entirely in memory to evade detection.
#0111
CISAabout 2 months ago3 min▣LLM reporthigh CISA has added CVE-2026-20131, a deserialization of untrusted data vulnerability affecting Cisco Secure Firewall Management Center (FMC) and Cisco Security Cloud Control (SCC), to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation.
#0110PProjectzeroabout 2 months ago5 min▣LLM reporthigh Security researchers identified and disclosed nine methods to bypass the new Windows Administrator Protection feature by abusing the UI Access flag. These bypasses leveraged logical flaws in secure directory checks, shared user profiles, and RPC method handling to achieve arbitrary code execution and privilege escalation.
#0109
SentinelOneabout 2 months ago4 min▣LLM reportinfo SentinelOne Labs developed a multi-agent LLM architecture using OpenClaw and Claude models to automate malware reverse engineering. By employing a serial consensus pipeline with an active rejection mandate, the system forces independent tool agents (radare2, Ghidra, Binary Ninja, IDA Pro) to cross-validate findings, significantly reducing decompiler artifacts and hallucinations.
#0108
Sophosabout 2 months ago6 min▣LLM reporthigh Security researchers have identified the Keenadu backdoor embedded in the firmware of multiple low-cost Android devices. The malware compromises the core Zygote process via a trojanized shared object library, allowing it to download second-stage modules for ad fraud and potentially exposing corporate credentials on BYOD devices.
#0107
Palo Alto Networksabout 2 months ago4 min▣LLM reportmedium Unit 42 analyzed two malware samples leveraging Large Language Models (LLMs) for remote decision-making. One is a .NET infostealer using GPT-3.5-Turbo for superficial 'AI theater', while the other is a Golang dropper that uses GPT-4 to evaluate system telemetry and determine if the environment is safe to deploy a Sliver payload.
#0106PProjectzeroabout 2 months ago5 min▣LLM reporthigh The GetProcessHandleFromHwnd API contains historical design flaws allowing attackers to bypass User Interface Privilege Isolation (UIPI) and hijack Protected Processes. By forcing a protected process like WerFaultSecure.exe to create a window, attackers can obtain a privileged handle to inject shellcode, a vulnerability that remains exploitable on Windows 10 and pre-24H2 Windows 11 systems.
#0105
Recorded Futureabout 2 months ago4 min▣LLM reporthigh In 2025, Insikt Group observed the continued dominance of Cobalt Strike, AsyncRAT, and infostealers like Vidar, alongside the rise of new offensive tools such as RedGuard, Ligolo, and CastleLoader. The report highlights the critical role of Threat Activity Enablers (TAEs) and the abuse of legitimate infrastructure services, such as CDNs, in sustaining cybercriminal and APT operations.
#0104
Trend Microabout 2 months ago3 min▣LLM reportmedium The convergence of IT and OT in electric grid infrastructure has increased the risk of lateral movement by adversaries. To protect critical operations and comply with regulations like NERC-CIP-15, organizations must implement deep east-west network visibility capable of understanding specialized industrial protocols.
#0103
Trend Microabout 2 months ago3 min▣LLM reportinfo Trend Micro collaborated with INTERPOL and other global law enforcement agencies in Operation Synergia III, leading to the takedown of 45,000 malicious servers and 94 arrests. The operation targeted distributed infrastructure supporting widespread cybercrime, including BEC, phishing, and extortion schemes.
#0102
Mandiantabout 2 months ago5 min▣LLM reportcritical Google Threat Intelligence Group discovered DarkSword, a sophisticated iOS full-chain exploit leveraging six zero-day vulnerabilities to target iOS 18.4-18.7 devices. Adopted by multiple state-sponsored actors and commercial surveillance vendors, the pure-JavaScript exploit chain bypasses modern iOS mitigations to deploy data-mining payloads like GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER.
#0101
Akamaiabout 2 months ago4 min▣LLM reporthigh The proliferation of autonomous AI agents like OpenClaw has introduced severe security risks, including unauthorized data access and silent exfiltration via prompt injection and malicious plug-ins. To mitigate these threats, organizations must transition from local agent deployments to hardened, isolated cloud environments utilizing defense-in-depth strategies such as kernel-level eBPF monitoring and runtime prompt interception.
#0100
Zscaler ThreatLabzabout 2 months ago5 min▣LLM reporthigh SnappyClient is a newly discovered C++ C2 framework implant delivered via HijackLoader, primarily designed for cryptocurrency theft and remote access. It utilizes advanced evasion techniques such as AMSI patching, Heaven's Gate, and transacted hollowing to bypass security controls, including Chromium's App-Bound Encryption, while communicating over a custom ChaCha20-Poly1305 encrypted protocol.
#0099
Socketabout 2 months ago2 min▣LLM report The TC39 committee has advanced the Temporal API to Stage 4, marking its official inclusion in the ECMAScript 2026 specification as a modern, immutable replacement for JavaScript's legacy Date object.
#0098
Cisco Talosabout 2 months ago4 min▣LLM reportinfo Cisco Talos introduced DispatchLogger, an open-source dynamic analysis tool designed to intercept and log late-bound COM automation calls. By utilizing transparent proxying and recursive object wrapping, the tool provides analysts with deep semantic visibility into script-based malware behavior, such as WMI abuse and fileless execution, effectively bypassing common script obfuscation techniques.
#0097
Trend Microabout 2 months ago5 min▣LLM reporthigh Threat actors exploited an exposed Spring Boot Actuator endpoint and plaintext credentials found in a spreadsheet to authenticate via the legacy ROPC flow. This allowed them to bypass MFA, obtain a Microsoft Graph access token, and exfiltrate sensitive data from SharePoint Online without deploying malware.
#0096
Canadian Centre for Cyber Securityabout 2 months ago3 min▣LLM reportcritical The Canadian Centre for Cyber Security published a daily digest of 11 security advisories on March 18, 2026. The advisories highlight vulnerabilities across various enterprise, networking, and consumer products, including a critical remote pre-auth buffer overflow in GNU InetUtils telnetd, and urge administrators to apply necessary updates and mitigations.
#0095
CISAabout 2 months ago4 min▣LLM reporthigh CISA has issued an alert regarding malicious cyber activity targeting endpoint management systems, specifically highlighting a recent attack on Stryker Corporation's Microsoft environment. The alert strongly urges organizations to harden Microsoft Intune and similar platforms by enforcing least privilege, phishing-resistant MFA, and Multi Admin Approval to prevent unauthorized high-impact administrative actions.