#0348
Socketabout 2 months ago3 min▣LLM reportlow Socket has been selected for OpenAI's Cybersecurity Grant Program, gaining API credits and access to frontier models via the Trusted Access for Cyber framework. This partnership enhances Socket's ability to detect malicious packages in open-source registries like npm and PyPI in near real-time, countering the increasing speed and automation of supply chain attacks.
#0347
Sophosabout 2 months ago4 min▣LLM reportcritical Microsoft's April 2026 Patch Tuesday addresses 163 CVEs across 17 product families, including 8 Critical vulnerabilities and one actively exploited zero-day (CVE-2026-32201 in SharePoint). Organizations should prioritize patching the exploited SharePoint flaw, the publicly disclosed Defender bug (CVE-2026-33825), and a highly critical 9.8 CVSS RCE in Windows IKE (CVE-2026-33824).
#0346
Canadian Centre for Cyber Securityabout 2 months ago3 min▣LLM reporthigh The Canadian Centre for Cyber Security released a daily digest highlighting recent security updates for Microsoft Edge, HashiCorp Vault, and JetBrains YouTrack. Organizations are advised to apply the necessary patches to address vulnerabilities including Denial-of-Service and Server-Side Request Forgery.
#0345
Palo Alto Networksabout 2 months ago6 min▣LLM reporthigh Unit 42 observed active, automated exploitation attempts targeting CVE-2023-33538, a command injection vulnerability in end-of-life TP-Link routers, to deploy Mirai-like botnet malware. While the observed in-the-wild attacks were flawed and failed, technical analysis confirmed the vulnerability is exploitable if attackers authenticate using default credentials, allowing them to inject shell commands via the ssid1 parameter.
#0344
Huntressabout 2 months ago4 min▣LLM reportmedium A third-party security researcher discovered a vulnerability in a staging environment via Server-Side Request Forgery (SSRF) probing. The incident underscores the critical importance of applying production-level security monitoring, access controls, and incident response capabilities to non-production environments to prevent them from becoming initial access vectors.
#0343
Huntressabout 2 months ago4 min▣LLM reportinfo A recent Huntress survey reveals that modern security teams struggle primarily with alert fatigue and a shifting threat landscape rather than budget constraints. Organizations are increasingly vulnerable to identity-based attacks such as business email compromise and session hijacking, necessitating a strategic pivot from traditional endpoint-centric prevention to Identity Threat Detection and Response (ITDR) supported by AI.
#0342
Huntressabout 2 months ago6 min▣LLM reportcritical A potentially unwanted program (PUP) signed by Dragon Boss Solutions LLC utilizes a silent update mechanism to deploy a sophisticated AV-killing PowerShell payload. The updater's primary domain was left unregistered, creating a severe supply chain vulnerability that exposed over 25,000 endpoints to arbitrary code execution before being sinkholed by researchers.
#0341
Sophosabout 2 months ago7 min▣LLM reportcritical Threat actors are actively abusing the QEMU hardware emulator to create hidden virtual machines on compromised hosts, effectively shielding their attack toolkits from endpoint detection and response (EDR) solutions. Recent campaigns, including those linked to the PayoutsKing ransomware group, leverage this technique alongside vulnerability exploitation and legitimate remote access tools to establish persistence, harvest credentials, and exfiltrate data.
#0340
Zscaler ThreatLabzabout 2 months ago5 min▣LLM reportcritical Payouts King is a sophisticated ransomware family operated by former BlackBasta affiliates. It gains initial access via social engineering tactics like spam bombing and Quick Assist, then deploys ransomware that utilizes direct system calls, custom API hashing, and robust RSA/AES encryption while actively evading EDR detection.
#0339
Cisco Talosabout 2 months ago5 min▣LLM reporthigh The Q1 2026 vulnerability landscape shows a continued rise in overall CVEs and KEVs, with a significant focus on software supply chain compromises and networking gear. A notable emerging threat is the abuse of the n8n AI workflow automation platform to bypass traditional security filters, alongside the discovery of the PowMix botnet targeting Czech workers and ongoing exploitation of legacy vulnerabilities.
#0338
Recorded Futureabout 2 months ago4 min▣LLM reportmedium Threat actors are increasingly utilizing business impersonation to exploit ecosystem gaps in the financial and retail sectors. By creating copycat corporate entities and AI-generated fake storefronts, fraudsters successfully bypass traditional security controls like Positive Pay and 3D Secure authentication to conduct commercial check fraud and card-not-present scams.
#0337
Sekoia.ioabout 2 months ago4 min▣LLM reportmedium Sekoia TDR details their methodology for automating .NET malware analysis, focusing on an obfuscated Covenant Grunt implant used by APT28. The researchers demonstrate how to programmatically decrypt strings and decompile code using pythonnet and dnlib, culminating in the release of RePythonNET-MCP, a tool that enables AI-assisted reverse engineering and configuration extraction.
#0336
Socketabout 2 months ago3 min▣LLM reportinfo The article highlights a podcast discussion featuring Socket CEO Feross Aboukhadijeh on the escalating threats to the open-source supply chain, including the Axios backdoor attack and nation-state targeting of maintainers. It emphasizes the systemic risks of relying on unreviewed open-source code and the dual role of AI in both exacerbating and defending against these emerging threats.
#0335
Microsoftabout 2 months ago7 min▣LLM reporthigh Microsoft Threat Intelligence identified a macOS-focused campaign by North Korean threat actor Sapphire Sleet that uses social engineering to deliver malicious AppleScripts disguised as Zoom updates. The attack leverages built-in macOS utilities like curl and osascript to bypass security controls, manipulate TCC databases, harvest credentials, and exfiltrate sensitive data such as cryptocurrency wallets.
#0334
Mandiantabout 2 months ago4 min▣LLM reporthigh The rapid advancement of AI models has significantly lowered the barrier for threat actors to discover vulnerabilities and generate exploits at scale, compressing the attack lifecycle. To defend against these machine-speed threats, organizations must modernize their security posture by integrating AI defensively, automating vulnerability management, securing software supply chains, and protecting newly deployed AI assets.
#0333
Canadian Centre for Cyber Securityabout 2 months ago3 min▣LLM reportcritical The Canadian Centre for Cyber Security issued advisories for critical vulnerabilities in Drupal core and Nginx UI. Notably, the Nginx UI vulnerability (CVE-2026-33032) is currently being exploited in the wild, requiring immediate patching and monitoring of exposed management interfaces.
#0332
CISAabout 2 months ago3 min▣LLM reporthigh CISA has added CVE-2026-34197, an improper input validation vulnerability in Apache ActiveMQ, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Organizations are strongly urged to prioritize patching and remediation to reduce their exposure to cyberattacks.
#0331
ANY.RUNabout 2 months ago5 min▣LLM reporthigh BlobPhish is an evasive credential-phishing campaign that generates fake authentication forms directly in the victim's browser memory using Blob objects. By avoiding traditional HTTP requests and disk writes, it bypasses standard network and file-based detection mechanisms to steal high-value financial and cloud service credentials.
#0330
Recorded Futureabout 2 months ago4 min▣LLM reportcritical Threat actor TeamPCP leveraged stolen credentials to compromise trusted software repositories, including LiteLLM and Checkmarx, injecting credential-harvesting malware into the supply chain. This campaign highlights the severe business risks of identity compromise, as stolen access tokens enable downstream attacks such as ransomware, payroll redirection, and logistics fraud without triggering traditional perimeter alerts.
#0329
WithSecureabout 2 months ago7 min▣LLM reporthigh Threat actors are leveraging social media platforms, SEO poisoning, and AI agent responses to distribute ClickFix-style attacks disguised as tech tips. Victims are socially engineered into executing malicious PowerShell commands that initiate a fileless infection chain, bypassing traditional security controls to deploy information stealers like Vidar on their endpoints.