#0287
Sophosabout 2 months ago5 min▣LLM reportcritical A zero-day vulnerability in Adobe Reader is being actively exploited in targeted attacks against the Russian oil and gas sector. Threat actors are utilizing malicious PDF files embedded with obfuscated JavaScript to execute privileged APIs, enabling sensitive data theft and potential remote code execution.
#0286
Recorded Futureabout 2 months ago2 min▣LLM reportinfo This report provides geopolitical intelligence on the political landscape of Venezuela following a January 2026 US military operation that removed Nicolás Maduro. It analyzes Acting President Delcy Rodríguez's strategies for consolidating power, managing internal regime rivals, and navigating US diplomatic pressure and OFAC sanctions relief.
#0285
Cofenseabout 2 months ago5 min▣LLM reporthigh Threat actors are increasingly abusing legitimate Git repository platforms like GitHub and GitLab to host malware and credential phishing pages. By leveraging the inherent trust organizations place in these domains, attackers successfully bypass secure email gateways (SEGs) to deliver dual-threat campaigns involving remote access trojans (RATs), infostealers, and credential harvesting.
#0284
Akamaiabout 2 months ago3 min▣LLM reportmedium AI fetcher bots are severely impacting the publishing industry by scraping proprietary content in real-time to feed AI chatbots, leading to a drastic reduction in referral traffic and revenue. Organizations are advised to implement advanced bot management and monetization strategies rather than relying solely on default blocking to mitigate infrastructure strain and financial losses.
#0283
Socketabout 2 months ago4 min▣LLM reportinfo Microsoft has released the open-source Agent Governance Toolkit to address the growing security risks associated with autonomous AI agents. The toolkit provides runtime policy enforcement, cryptographic identity, and execution sandboxing to mitigate threats outlined in the OWASP Top 10 for Agentic Applications, though challenges in credential scoping and semantic intent classification remain.
#0282
Cisco Talosabout 2 months ago6 min▣LLM reporthigh Cisco Talos identified a new threat actor, UAT-10362, targeting Taiwanese organizations with a sophisticated Lua-based malware suite named LucidRook. The attack leverages spear-phishing, DLL sideloading, and compromised FTP servers to deliver staged Lua bytecode payloads while employing strict geo-fencing to evade analysis.
#0281
Canadian Centre for Cyber Securityabout 2 months ago3 min▣LLM reportcritical The Canadian Centre for Cyber Security released a daily digest highlighting vulnerabilities across HPE, CUPS, and GitLab products. Most notably, CUPS versions 2.4.16 and prior suffer from a critical remote unauthenticated RCE-to-root chain (CVE-2026-34990, CVE-2026-34980), requiring immediate mitigation and patching to prevent system compromise.
#0280
Palo Alto Networksabout 2 months ago5 min▣LLM reporthigh Unit 42 researchers discovered a method to bypass the network isolation of Amazon Bedrock AgentCore's Code Interpreter sandbox using DNS tunneling. Combined with a legacy MMDSv1 configuration that lacked session token enforcement, attackers could potentially exploit SSRF to extract highly privileged IAM credentials and exfiltrate them via the DNS covert channel.
#0279
CISAabout 2 months ago3 min▣LLM reporthigh CISA has added CVE-2026-1340, a code injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM), to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. All organizations, especially federal agencies under BOD 22-01, are strongly urged to prioritize timely remediation to protect their networks against active threats.
#0278
Socketabout 2 months ago5 min▣LLM reportcritical A sophisticated social engineering campaign linked to DPRK-nexus actor UNC1069 is targeting high-impact Node.js and npm maintainers. Attackers build rapport over weeks before luring victims to spoofed video conferencing sites that deploy infostealing malware designed to hijack session tokens, bypass 2FA, and compromise the open-source software supply chain.
#0277
Trail of Bitsabout 2 months ago4 min▣LLM reporthigh An audit of WhatsApp's Private Inference feature revealed critical implementation flaws in its Trusted Execution Environment (TEE) deployment. Vulnerabilities included unmeasured environment variables, unverified ACPI tables, and missing attestation freshness guarantees, which could have allowed attackers to bypass privacy protections and access plaintext data before Meta patched the issues.
#0276
Palo Alto Networksabout 2 months ago6 min▣LLM reportcritical Threat actors are increasingly targeting Kubernetes environments by exploiting vulnerabilities like React2Shell and misconfigurations to steal service account tokens. These stolen identities are then used to escalate privileges and move laterally into backend cloud infrastructure, leading to severe impacts such as cryptocurrency theft.
#0275
NCSCabout 2 months ago3 min▣LLM reporthigh The UK NCSC has issued an advisory warning that the Russian state-sponsored threat group APT28 is compromising vulnerable internet routers to conduct DNS hijacking. By altering DNS configurations, the attackers perform adversary-in-the-middle attacks to covertly reroute user traffic and harvest credentials and access tokens from personal web and email services.
#0274
Microsoftabout 2 months ago4 min▣LLM reporthigh Russian military intelligence actor Forest Blizzard is compromising vulnerable SOHO routers to alter DNS settings and hijack network traffic. This compromised infrastructure is subsequently used to conduct selective Adversary-in-the-Middle (AiTM) attacks, intercepting TLS connections to steal credentials and sensitive data from targeted organizations.
#0273
Huntressabout 2 months ago5 min▣LLM reporthigh The rapid adoption of AI agents like OpenClaw has introduced a new identity threat surface in Microsoft cloud environments. These applications are often granted sweeping tenant-wide permissions, effectively acting as highly privileged service principals that bypass traditional endpoint defenses and could allow attackers to inherit administrative control if the agent is compromised.
#0272
Huntressabout 2 months ago5 min▣LLM reporthigh Huntress analyzed recent NightSpire ransomware incidents, noting a shift from using native LOLBins to deploying a suite of third-party tools for persistence, discovery, and exfiltration. The variation in TTPs and tooling between incidents suggests NightSpire may operate under a Ransomware-as-a-Service (RaaS) model with multiple affiliates.
#0271
CISAabout 2 months ago5 min▣LLM reportcritical Iranian-affiliated APT actors are actively targeting internet-exposed programmable logic controllers (PLCs), specifically Rockwell Automation devices, across multiple U.S. critical infrastructure sectors. The attackers utilize native configuration software and Dropbear SSH to manipulate project files and HMI displays, leading to operational disruptions and financial losses.
#0270
Cisco Talosabout 2 months ago4 min▣LLM reporthigh The Talos 2025 Year in Review highlights a dual threat landscape where attackers rapidly exploit newly discovered vulnerabilities like React2Shell while continuing to heavily target legacy flaws in embedded components such as Log4j and PHPUnit. Threat actors are increasingly focusing on identity-adjacent systems and network infrastructure to bypass authentication and segmentation, aided by Agentic AI accelerating exploit development.
#0269
Sekoia.ioabout 2 months ago5 min▣LLM reporthigh EvilTokens is an advanced Phishing-as-a-Service (PhaaS) platform that automates Business Email Compromise (BEC) attacks via Microsoft device code phishing. It uniquely integrates AI models to automatically analyze compromised mailboxes, identify financial targets, and generate context-aware BEC lures, significantly reducing the time and skill required for threat actors to monetize compromised accounts.
#0268
Huntressabout 2 months ago4 min▣LLM reportmedium Threat actors are increasingly utilizing real-time deepfake technology to conduct sophisticated identity-based social engineering attacks over video calls. While physical tests like the 'three-finger test' can currently expose cheaper AI overlays due to object occlusion rendering flaws, rapid advancements in generative AI are rendering these visual tells obsolete. Organizations must shift from relying on human detection to implementing resilient, out-of-band verification processes for sensitive transactions.