#0369
Socketabout 2 months ago2 min▣LLM reportinfo Socket has announced a new integration with Jira Cloud to streamline vulnerability management and remediation workflows. The integration enables security and engineering teams to automatically or manually sync Socket security alerts into Jira issues, complete with customizable routing and two-way state synchronization.
#0368
Socketabout 2 months ago2 min▣LLM reportlow This article is a corporate announcement detailing Socket's recognition as a top sales organization by RepVue. It includes a brief Q&A with an Account Executive regarding company culture and highlights ongoing hiring efforts.
#0367
Huntressabout 2 months ago5 min▣LLM reporthigh Threat actors are actively deploying Nightmare-Eclipse proof-of-concept tools, including BlueHammer, RedSun, and UnDefend, in real-world intrusions to exploit Windows Defender race conditions for privilege escalation. The attacks, likely originating from compromised FortiGate VPN access, culminate in the deployment of BeigeBurrow, a Go-based reverse tunnel agent used for persistent command and control.
#0366
ESETabout 2 months ago4 min▣LLM reporthigh ESET researchers identified a new variant of the NGate Android malware that trojanizes the legitimate HandyPay application to facilitate NFC relay attacks and steal payment card PINs. Targeting users in Brazil through social engineering and fake app stores, the malware allows attackers to conduct unauthorized ATM cash-outs while requiring no suspicious device permissions.
#0365
ANY.RUNabout 2 months ago6 min▣LLM reporthigh Lazarus Group is conducting a new ClickFix campaign targeting macOS users in high-value sectors via Telegram. The attackers trick victims into executing a terminal command that deploys 'Mach-O Man,' a multi-stage Go-based malware kit designed to steal credentials, browser data, and macOS Keychain secrets, exfiltrating the data via Telegram.
#0364
Cisco Talosabout 2 months ago6 min▣LLM reporthigh The article details how threat actors can leverage native macOS binaries and protocols (Living-off-the-Land) to execute code, move laterally, and transfer tools while evading traditional security telemetry. By abusing Remote Application Scripting (RAS), Spotlight metadata, and built-in networking utilities, attackers can orchestrate fleet-wide compromises that bypass standard SSH-centric monitoring.
#0363
Recorded Futureabout 2 months ago4 min▣LLM reporthigh The rapid adoption of agentic AI in enterprise environments introduces significant security risks by amplifying existing software supply chain and identity management vulnerabilities. Threat actors can leverage prompt engineering, input manipulation, and malicious packages to weaponize AI agents, necessitating zero-trust principles, robust IAM for non-human identities, and human-in-the-loop safeguards.
#0362
Check Pointabout 2 months ago7 min▣LLM reportcritical The Gentlemen is an emerging Ransomware-as-a-Service (RaaS) operation that provides affiliates with versatile, multi-platform lockers. Recent incident response telemetry reveals affiliates utilizing Cobalt Strike and SystemBC for post-exploitation and C2, culminating in highly automated, domain-wide ransomware deployment via Group Policy and built-in lateral movement mechanisms.
#0361
NCSCabout 2 months ago2 min▣LLM reportlow The CEO of the UK's National Cyber Security Centre (NCSC) warns of a 'perfect storm' in cyber security fueled by AI advancements and geopolitical conflicts. The majority of significant incidents are now driven by nation-states, requiring a fundamental cultural shift across all organizations to prioritize cyber resilience and adapt to AI-accelerated vulnerability exploitation.
#0360
Canadian Centre for Cyber Securityabout 2 months ago2 min▣LLM reportmedium The Canadian Centre for Cyber Security issued an advisory regarding multiple vulnerabilities in Mozilla Firefox and Firefox ESR. Organizations are urged to update their browser deployments to Firefox 150, Firefox ESR 115.35, or Firefox ESR 140.10 to ensure protection against potential security risks.
#0359
Huntressabout 2 months ago5 min▣LLM reporthigh A Linux endpoint compromised by multiple threat actors deploying cryptominers was further complicated when the user utilized OpenAI's Codex to troubleshoot system issues. The AI agent generated commands that structurally resembled malicious activity, triggering EDR alerts and creating significant noise that hindered SOC triage and incident response.
#0358
Akamaiabout 2 months ago5 min▣LLM reporthigh Threat actors are actively exploiting CVE-2025-29635, a command injection vulnerability in end-of-life D-Link DIR-823X routers, to deploy a Mirai botnet variant. The campaign utilizes malicious HTTP POST requests to download and execute shell scripts that fetch the final Mirai payload, while also targeting vulnerabilities in TP-Link and ZTE devices.
#0357
Varonisabout 2 months ago5 min▣LLM reportcritical On April 19, 2026, Vercel disclosed a critical security breach originating from a compromised third-party AI tool, Context.ai. The threat actor, ShinyHunters, utilized an infostealer to harvest OAuth tokens, bypassed MFA to access Vercel's Google Workspace, and pivoted via SSO to bulk-extract customer environment variables containing highly sensitive cloud, database, and source code credentials.
#0356
Trend Microabout 2 months ago5 min▣LLM reportcritical A supply chain attack leveraging a compromised third-party OAuth application (Context.ai) allowed threat actors to breach Vercel's internal systems. The attackers exploited Vercel's environment variable sensitivity model to enumerate and expose unencrypted customer secrets, leading to potential downstream credential abuse across multiple cloud and SaaS platforms.
#0355
Akamaiabout 2 months ago4 min▣LLM reporthigh Security researchers identified a signal-reentrancy weakness in a signed macOS OpenSSL wrapper binary. The vulnerability arises from the intersection of legacy TLS capabilities and async-unsafe POSIX functions, which can be exploited via race conditions and forced TLS downgrades to cause Denial of Service (DoS) or potential memory corruption.
#0354
CISAabout 2 months ago4 min▣LLM reportcritical A software supply chain compromise impacted the Axios npm package, injecting a malicious dependency ([email protected]) into versions 1.14.1 and 0.30.4. This dependency downloads multi-stage payloads, including a Remote Access Trojan (RAT), which communicates with a known malicious C2 domain.
#0353
Canadian Centre for Cyber Securityabout 2 months ago5 min▣LLM reporthigh The Canadian Centre for Cyber Security published a daily digest of six security advisories on April 20, 2026. The advisories cover critical vulnerabilities and updates for various IBM, Dell, Ubuntu, Red Hat, and ICS/SCADA products, including a specific NTP vulnerability (CVE-2020-11868) in Moxa Ethernet switches.
#0352
CISAabout 2 months ago3 min▣LLM reporthigh CISA has added eight actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, affecting various enterprise software including PaperCut, JetBrains TeamCity, Zimbra, and Cisco Catalyst SD-WAN Manager. Organizations are strongly urged to prioritize remediation of these flaws to reduce exposure to cyberattacks.
#0351
Socketabout 2 months ago3 min▣LLM reporthigh NIST has officially shifted the National Vulnerability Database (NVD) to a risk-based enrichment model, ceasing analysis for most new CVEs due to overwhelming submission volumes. This policy change leaves thousands of vulnerabilities without critical CVSS and CPE metadata, forcing organizations to rely on decentralized data sources and CNA-provided scores that often conflict with independent analysis.
#0350
Trail of Bitsabout 2 months ago4 min▣LLM reporthigh Trail of Bits researchers successfully forged a zero-knowledge proof for a quantum circuit by exploiting memory safety and logic vulnerabilities in Google's Rust-based zkVM prover. By leveraging unsafe deserialization and register aliasing, they bypassed resource counters and quantum reversibility constraints, demonstrating critical attack surfaces in modern zero-knowledge proof implementations.