#0509
Canadian Centre for Cyber Securityabout 2 months ago4 min▣LLM reportcritical The Canadian Centre for Cyber Security released a daily digest highlighting critical vulnerabilities across Cisco, IBM, Dell, Ubuntu, and various ICS platforms. Notably, Cisco ASA and FTD devices are affected by a newly identified persistence mechanism known as the FIRESTARTER backdoor, which survives previous patches for CVE-2025-20333, CVE-2025-20362, and CVE-2025-20363.
#0508
Trend Microabout 2 months ago4 min▣LLM reporthigh In May 2026, threat actor SHADOW-AETHER-015 compromised Instructure's Canvas LMS backend, exposing sensitive data from 8,809 global educational institutions. The breach, likely facilitated via API exploitation or third-party integration compromise, exposed PII and private communications, creating significant risk for highly targeted follow-on spear-phishing and credential abuse campaigns.
#0507
Elastic Security Labsabout 2 months ago5 min▣LLM reportcritical Copy Fail and DirtyFrag are critical Linux kernel privilege escalation vulnerabilities that exploit page cache corruption via legitimate kernel interfaces like AF_ALG and splice(). These flaws allow local attackers to corrupt the in-memory view of setuid binaries or critical files like /etc/passwd to gain root access. Copy Fail has been exploited in the wild, prompting CISA to add it to the Known Exploited Vulnerabilities catalog.
#0506
Recorded Futureabout 2 months ago4 min▣LLM reportlow This article provides a comprehensive overview of 14 common payment fraud tactics, including phishing, account takeover, and wire transfer fraud, highlighting the projected $362 billion in global losses by 2028. It emphasizes the need for organizations, particularly in e-commerce and finance, to implement layered defenses such as PCI compliance, 3D Secure authentication, and machine learning-based anomaly detection to mitigate financial and reputational damage.
#0505
Elastic Security Labsabout 2 months ago5 min▣LLM reportmedium The article details a defensive architecture using Elastic Security to detect web server probing and directory fuzzing against Traefik reverse proxies. By analyzing HTTP 403 and 404 error thresholds, security teams can trigger automated workflows that dynamically update Cloudflare WAF rules to block malicious source IPs at the edge.
#0504
Canadian Centre for Cyber Securityabout 2 months ago4 min▣LLM reporthigh The Canadian Centre for Cyber Security issued advisories for Microsoft Edge, cPanel/WHM, and critical Linux kernel vulnerabilities (CVE-2026-43284, CVE-2026-43500) dubbed 'Dirty Frag'. The Linux flaws allow local privilege escalation to root, have public PoCs, and currently lack a universal patch, requiring immediate module-disabling mitigations.
#0503
Varonisabout 2 months ago4 min▣LLM reportcritical The threat group ShinyHunters compromised Instructure's Canvas learning management system, likely via voice phishing (vishing) targeting their interconnected Salesforce environment. The breach resulted in the theft of 3.65 TB of sensitive data affecting 275 million users, which the actors are now leveraging in an active extortion campaign and which poses a severe downstream phishing risk.
#0502
Akamaiabout 2 months ago4 min▣LLM reporthigh Akamai has disclosed CVE-2026-34354, a local privilege escalation vulnerability in the Guardicore Platform Agent and Zero Trust Client for macOS and Linux. The vulnerability leverages an unauthenticated IPC socket and a TOCTOU flaw to make root-owned files world-writable, alongside a secondary command injection vector in a diagnostic tool.
#0501KKasperskyabout 2 months ago4 min▣LLM reportcritical Kaspersky researchers discovered CVE-2025-68670, a pre-authentication Remote Code Execution (RCE) vulnerability in the xrdp server for Linux. The flaw stems from a stack buffer overflow in the xrdpwmparsedomaininformation function when processing specially crafted domain names during the Secure Settings Exchange phase, allowing an attacker to overwrite the return address and execute arbitrary code.
#0500
CISAabout 2 months ago3 min▣LLM reporthigh CISA has added CVE-2026-42208, a SQL Injection vulnerability affecting BerriAI LiteLLM, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Organizations are strongly urged to prioritize timely remediation of this vulnerability to reduce their exposure to cyberattacks.
#0499
Socketabout 2 months ago7 min▣LLM reportcritical A supply chain attack utilizing five malicious NuGet packages typosquatting Chinese .NET libraries has been discovered distributing a cross-platform infostealer. The malware leverages .NET Reactor and JIT hooking via module initializers to execute automatically upon assembly load, targeting credentials and cryptocurrency wallets across developer workstations and CI/CD pipelines.
#0498
Socketabout 2 months ago4 min▣LLM reportinfo The release of pnpm 11 introduces significant supply chain security enhancements, including a default 24-hour minimum release age for packages, the blocking of exotic subdependencies, and a streamlined allowBuilds model. These features are designed to mitigate rapid supply chain attacks, such as the recent Mini Shai-Hulud campaign, by restricting install-time execution and unexpected dependency sources.
#0497
Elastic Security Labsabout 2 months ago7 min▣LLM reporthigh Elastic Security Labs identified TCLBANKER, a new Brazilian banking trojan distributed via DLL sideloading that features robust anti-analysis mechanisms and environment-gated payload decryption. The malware deploys a full-featured banking trojan with a WPF-based social engineering overlay framework, alongside worm modules that self-propagate by hijacking WhatsApp Web sessions and Microsoft Outlook accounts.
#0496
Recorded Futureabout 2 months ago4 min▣LLM reporthigh The emergence of cryptographically relevant quantum computers (CRQCs) poses a critical threat to modern public-key encryption. Threat actors are already conducting 'Harvest Now, Decrypt Later' (HNDL) operations to intercept and store long-lived sensitive data, necessitating immediate organizational planning for post-quantum cryptography (PQC) migration and cryptographic agility.
#0495
ESETabout 2 months ago5 min▣LLM reportmedium ESET researchers discovered a cluster of 28 fraudulent Android applications, dubbed CallPhantom, that accumulated over 7.3 million downloads on Google Play. These apps deceive users by falsely claiming to retrieve call and message logs for arbitrary phone numbers, instead presenting hardcoded, randomly generated data to extort subscription payments via Google Play billing, UPI, or direct card entry.
#0494KKasperskyabout 2 months ago5 min▣LLM reporthigh In Q1 2026, vulnerability registrations continued to rise, heavily influenced by AI-assisted discovery tools. Threat actors and APT groups actively exploited a mix of legacy and newly discovered vulnerabilities across Windows, Linux, and Microsoft Office, frequently utilizing C2 frameworks like Metasploit and Sliver to bypass authentication and gain initial access.
#0493
Sophosabout 2 months ago6 min▣LLM reporthigh A malvertising campaign is leveraging a fake Claude AI website to distribute a malicious MSI installer. The infection chain employs DLL sideloading via a legitimate G DATA executable to execute DonutLoader, which ultimately deploys a novel backdoor dubbed 'Beagle' for remote command execution and file manipulation.
#0492
Canadian Centre for Cyber Securityabout 2 months ago4 min▣LLM reportcritical The Canadian Centre for Cyber Security released a daily digest highlighting five security advisories. Notably, Ivanti Endpoint Manager Mobile (EPMM) contains an actively exploited vulnerability (CVE-2026-6973), and critical updates were issued for Spring Cloud Config, VM2 Node.js library, Mozilla Firefox, and multiple Broadcom VMware Tanzu products.
#0491
CISAabout 2 months ago3 min▣LLM reporthigh CISA has added CVE-2026-6973, an improper input validation vulnerability in Ivanti Endpoint Manager Mobile (EPMM), to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Federal Civilian Executive Branch (FCEB) agencies are mandated to remediate this vulnerability per BOD 22-01, and all organizations are strongly urged to prioritize patching to reduce exposure to cyberattacks.
#0490KKasperskyabout 2 months ago5 min▣LLM reportmedium The article details the threat landscape of 'suspicious websites' that evade traditional phishing classifications but remain highly dangerous. These include fake online stores, dubious crypto exchanges, and fake browser extensions. Threat actors leverage newly registered domains, cheap TLDs, and poor infrastructure security (missing HTTP headers, lack of SPF/DMARC) to conduct financial fraud, data theft, and browser hijacking. Detection requires a multi-faceted approach analyzing domain age, IP reputation, and infrastructure configurations.