#0094
CISAabout 2 months ago3 min▣LLM reporthigh CISA has added CVE-2026-20963, a Microsoft SharePoint Deserialization of Untrusted Data Vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Organizations are strongly urged to prioritize timely remediation of this flaw as part of their vulnerability management practices to reduce exposure to cyberattacks.
#0093
Akamaiabout 2 months ago4 min▣LLM reportmedium The Akamai 2026 SOTI report highlights the industrialization of cyberattacks, driven by automation and the convergence of API threats, web exploits, and DDoS campaigns. Key trends include a massive 104% surge in Layer 7 DDoS attacks powered by super botnets, increased risks from untested AI-generated code, and a 73% rise in web application attacks.
#0092
Trend Microabout 2 months ago4 min▣LLM reportinfo The article outlines the emerging security risks associated with autonomous Agentic AI and presents a collaborative architectural solution between TrendAI and NVIDIA. By integrating TrendAI's governance and behavioral analysis with NVIDIA's OpenShell runtime, enterprises can safely deploy self-evolving AI agents with runtime policy enforcement and protection against AI-native threats like prompt injection.
#0091
Palo Alto Networksabout 2 months ago4 min▣LLM reportmedium Unit 42 researchers demonstrated that both open and closed-source LLMs remain vulnerable to prompt jailbreaking at scale using a genetic algorithm-based fuzzing technique. By systematically generating meaning-preserving variants of disallowed requests, researchers successfully bypassed content filters and model guardrails, highlighting the fragility of current AI safety mechanisms under automated adversarial variation.
#0090
SentinelOneabout 2 months ago4 min▣LLM reporthigh This report summarizes a LABScon 25 presentation detailing the sophisticated attack vectors used in cryptocurrency heists, which have resulted in $9 billion in losses. Threat actors are increasingly targeting developers and software supply chains—such as modifying production JavaScript code and compromising GitHub accounts via personal infrastructure—to execute massive wallet drains.
#0089
Canadian Centre for Cyber Securityabout 2 months ago3 min▣LLM reporthigh The Canadian Centre for Cyber Security released a daily digest highlighting critical vulnerabilities in Spring AI, including SQL and JSONPath injections, as well as unspecified vulnerabilities in GitHub Enterprise Server. Organizations utilizing these products are advised to apply the latest security patches to mitigate potential exploitation risks.
#0088
Palo Alto Networksabout 2 months ago7 min▣LLM reporthigh Boggy Serpens (MuddyWater) is conducting ongoing cyberespionage campaigns targeting critical infrastructure and diplomatic entities globally. The group leverages hijacked accounts for trusted relationship compromises, delivering advanced, AI-assisted malware toolkits including Rust-based backdoors and custom C2 protocols to maintain long-term persistence and evade detection.
#0087
Trend Microabout 2 months ago8 min▣LLM reportcritical The Warlock ransomware group (Water Manaul) has enhanced its attack chain by exploiting Microsoft SharePoint servers for initial access and deploying a sophisticated post-exploitation toolkit. The group leverages BYOVD techniques via the NSecKrnl.sys driver to disable security tools, establishes redundant C&C channels using legitimate tools like Velociraptor and Cloudflare Tunnels, and automates ransomware deployment domain-wide using Group Policy Objects (GPO).
#0086
Akamaiabout 2 months ago3 min▣LLM reportinfo Modern AI factories utilize massive, interconnected GPU clusters that generate high volumes of east-west traffic, rendering traditional perimeter and host-based security ineffective. To secure these environments without degrading performance, organizations must adopt infrastructure-level, identity-based microsegmentation using technologies like DPUs to enforce Zero Trust and contain lateral movement.
#0085
Mandiantabout 2 months ago8 min▣LLM reportcritical In 2025, ransomware operators increasingly relied on vulnerability exploitation for initial access and heavily targeted virtualization infrastructure like ESXi. While overall ransomware profitability appears to be declining, threat actors have adapted by increasing data theft extortion, targeting smaller organizations, and utilizing cross-platform ransomware families like REDBIKE, AGENDA, and INC.
#0084
Cofenseabout 2 months ago5 min▣LLM reporthigh A novel phishing campaign is abusing the legitimate LiveChat SaaS platform to impersonate brands like PayPal and Amazon. By engaging victims in real-time chat interfaces using automated bots or human operators, attackers successfully harvest sensitive information, including account credentials, multi-factor authentication (MFA) codes, personally identifiable information (PII), and credit card details.
#0083
Elastic Security Labsabout 2 months ago3 min▣LLM reportlow Elastic has introduced open-source Agent Skills that enable AI coding agents to natively interact with Elastic Security. These skills allow security teams to rapidly provision cloud environments, generate realistic sample attack data, and manage alerts and detection rules directly from their IDEs.
#0082
CISAabout 2 months ago3 min▣LLM reporthigh CISA has added CVE-2025-47813, an information disclosure vulnerability in Wing FTP Server, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. All organizations are strongly urged to prioritize timely remediation of this vulnerability to reduce exposure to cyberattacks.
#0081
Socketabout 2 months ago8 min▣LLM reporthigh The GlassWorm threat actor has evolved its supply chain attack methodology by abusing VS Code extension manifest fields to transitively deliver malicious payloads. This technique allows initially benign extensions to pull in malicious dependencies during later updates, executing staged JavaScript loaders that target developer workstations for credential and secret theft.
#0080
Recorded Futureabout 2 months ago4 min▣LLM reporthigh The 2025 Identity Threat Landscape Report highlights a massive surge in credential theft driven by infostealer malware, with LummaC2 leading the ecosystem. A critical finding is the widespread theft of active session cookies, which allows attackers to bypass multi-factor authentication (MFA) and directly access high-value corporate systems, VPNs, and cloud platforms.
#0079
Akamaiabout 2 months ago4 min▣LLM reporthigh Following the outbreak of a geopolitical conflict in the Middle East in early 2026, Akamai observed a 245% surge in malicious cyber activity targeting global enterprises. The threat landscape is characterized by massive increases in automated reconnaissance, credential harvesting, and data-wiping attacks by state-sponsored and hacktivist groups like Handala, primarily targeting the financial, ecommerce, and healthcare sectors.
#0078
Akamaiabout 2 months ago3 min▣LLM reportlow The integration of AI in vulnerability research has led to a surge in false-positive bug reports, overwhelming vendors and bug bounty programs. Human oversight remains essential to validate AI findings and maintain the integrity of the CVE ecosystem.
#0077
Socketabout 2 months ago5 min▣LLM reporthigh Security researchers identified six malicious Composer packages on Packagist masquerading as OphimCMS themes. These packages contain trojanized JavaScript that executes client-side attacks, including URL exfiltration, ad injection, and redirects to gambling sites operated by the OFAC-sanctioned FUNNULL network.
#0076
Recorded Futureabout 2 months ago4 min▣LLM reportcritical The ongoing geopolitical conflict involving Iran has triggered significant cyber and influence operations, with multiple nation-state and hacktivist groups leveraging the crisis for espionage, destructive attacks, and narrative manipulation. Organizations are advised to prepare for a surge in Iranian cyber activity as domestic internet blackouts lift, alongside heightened risks of physical threats and supply chain disruptions.
#0075
Palo Alto Networksabout 2 months ago7 min▣LLM reportcritical A suspected China-nexus threat actor tracked as CL-STA-1087 has been conducting a persistent espionage campaign against Southeast Asian military targets since 2020. The attackers utilize custom malware, including the AppleChris and MemFun backdoors, leveraging Dead Drop Resolvers (DDR) like Pastebin and Dropbox for C2 resolution alongside advanced evasion techniques like process hollowing and DLL hijacking.