#0179
NCSCabout 2 months ago4 min▣LLM reporthigh The NCSC has issued an alert regarding two vulnerabilities in customer-managed Citrix NetScaler ADC and Gateway appliances. CVE-2026-3055 allows for a memory overread in SAML IDP configurations, while CVE-2026-4368 causes user session mixups via a race condition in Gateway or AAA virtual server configurations. Immediate patching is strongly recommended.
#0178
Varonisabout 2 months ago4 min▣LLM reporthigh Varonis Threat Labs identified a Local File Inclusion (LFI) vulnerability (CVE-2026-4270) in the AWS Remote MCP Server that allows authenticated users to read arbitrary files. By exploiting the AWS CLI shorthand file-loading syntax via the aws___call_aws tool, attackers can bypass access restrictions and extract sensitive file contents through error messages.
#0177
Trail of Bitsabout 2 months ago3 min▣LLM reportlow Trail of Bits has released a new Claude plugin that leverages LLMs to perform dimensional analysis on arithmetic-heavy codebases, such as smart contracts. By annotating code with dimensional types and mechanically flagging mismatches, the tool achieved a 93% recall rate in identifying bugs during testing, significantly outperforming baseline LLM prompts.
#0176
Palo Alto Networksabout 2 months ago4 min▣LLM reportmedium Since August 2025, a sophisticated phishing campaign has targeted senior professionals by impersonating Palo Alto Networks recruiters. Attackers use scraped LinkedIn data to build rapport, then falsely claim the victim's resume failed an Applicant Tracking System (ATS), ultimately soliciting fees for fraudulent resume optimization services.
#0175
Cofenseabout 2 months ago5 min▣LLM reporthigh Threat actors are actively abusing legitimate Cloudflare services, specifically Workers and Tunnels, to conduct adversary-in-the-middle (AiTM) phishing and distribute malware. By leveraging Cloudflare's trusted infrastructure and free tiers, attackers successfully bypass traditional security controls to deliver remote access trojans like Xeno RAT and XWorm RAT via obfuscated WebDAV connections.
#0174
Socketabout 2 months ago4 min▣LLM reportcritical The threat actor TeamPCP is conducting a highly coordinated supply chain campaign targeting widely used open-source security tools and developer infrastructure, including Trivy, Checkmarx' KICS, and LiteLLM. By compromising CI/CD pipelines and GitHub Actions, the attackers are successfully turning trusted security scanners into infostealers to harvest and exfiltrate massive amounts of enterprise credentials.
#0173
CERT-EUabout 2 months ago3 min▣LLM reportcritical CERT-EU issued an urgent security advisory regarding CVE-2026-20963, a critical unauthenticated remote code execution vulnerability in Microsoft SharePoint caused by the deserialization of untrusted data. The flaw is actively being exploited in the wild, prompting strong recommendations to immediately patch internet-facing servers, enable AMSI, and rotate ASP.NET machine keys.
#0172
Akamaiabout 2 months ago2 min▣LLM reportlow Akamai details its internal Machine Learning Operations (MLOps) platform, highlighting the transition from manual model management to a standardized, Kubeflow-based infrastructure. The platform enhances real-time security detections by streamlining model evaluation, tuning, and deployment, and is currently evolving to support LLMOps and AgentOps for generative AI applications.
#0171
ANY.RUNabout 2 months ago5 min▣LLM reporthigh Kamasers is a sophisticated, multi-vector DDoS botnet and loader that leverages resilient Dead Drop Resolver (DDR) mechanisms via legitimate public services to maintain command-and-control communication. It poses significant enterprise risk by turning infected hosts into attack infrastructure and facilitating follow-on payload delivery, including potential ransomware deployment.
#0170
WithSecureabout 2 months ago5 min▣LLM reportcritical Threat actors are exploiting critical RCE vulnerabilities (CVE-2026-1281 and CVE-2026-1340) in Ivanti EPMM to deploy AntSword-based webshells. The automated attacks achieve root privilege escalation and rapidly exfiltrate sensitive databases and configuration files containing credentials.
#0169
Canadian Centre for Cyber Securityabout 2 months ago3 min▣LLM reporthigh The Canadian Centre for Cyber Security released a daily digest of six security advisories on March 25, 2026. The advisories highlight vulnerabilities across various enterprise products including GitLab, Node.js, n8n, Hitachi, ISC BIND, and Cisco, urging administrators to apply necessary updates and mitigations.
#0168
Recorded Futureabout 2 months ago6 min▣LLM reporthigh Insikt Group identified five distinct threat clusters utilizing the ClickFix social engineering technique to trick users into manually executing malicious commands via native system tools. This living-off-the-land approach bypasses traditional browser security to deliver payloads like NetSupport RAT and macOS infostealers across both Windows and macOS environments.
#0167
CISAabout 2 months ago3 min▣LLM reporthigh CISA has added CVE-2026-33017, a code injection vulnerability affecting Langflow, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Organizations are strongly urged to prioritize timely remediation to reduce their exposure to cyberattacks.
#0166
Akamaiabout 2 months ago2 min▣LLM reportlow This informational article highlights Akamai's recognition in the 2026 GigaOm Radar for Microsegmentation report. It emphasizes the strategic importance of microsegmentation and Zero Trust architectures in modern enterprise environments to contain breaches and prevent lateral movement.
#0165
Socketabout 2 months ago2 min▣LLM reportlow TypeScript 6.0 has been released as the final JavaScript-based version, serving as a transitional bridge to the upcoming Go-native TypeScript 7.0 compiler. The release introduces new standard library APIs, stricter default configurations to improve build performance, and deprecates several legacy features.
#0164
Socketabout 2 months ago5 min▣LLM reportcritical A supply chain attack on Aqua Security's Trivy project resulted in compromised Docker images containing the TeamPCP infostealer being pushed to Docker Hub. The attackers leveraged unauthorized access to the Aqua Security GitHub organization to distribute malicious versions (0.69.4, 0.69.5, 0.69.6) that exfiltrate sensitive CI/CD data to a typosquatted C2 domain.
#0163
Arctic Wolfabout 2 months ago7 min▣LLM reporthigh AI-assisted malware development has rapidly matured, driven largely by the adoption of models like DeepSeek R1, which lowers the barrier to entry for threat actors. This surge has resulted in a high volume of structurally novel malware, including infostealers, RATs, and ransomware, many of which evade traditional signature-based detection while leaving distinct LLM-generated artifacts in their code.
#0162
Elastic Security Labsabout 2 months ago2 min▣LLM reportlow The article outlines the evolution of the Agentic SOC, detailing how Elastic Security leverages AI agents and automated workflows to streamline alert triage, enrich investigations, and accelerate incident response.
#0161
Trail of Bitsabout 2 months ago3 min▣LLM reportmedium The article introduces dimensional analysis as a methodology for identifying arithmetic and logic vulnerabilities in DeFi smart contracts. By ensuring that variables representing different tokens, prices, or liquidity shares are not erroneously combined, developers can prevent severe financial logic flaws. The post highlights real-world examples of dimensional bugs and advocates for explicit unit documentation in Solidity codebases.
#0160
Sekoia.ioabout 2 months ago10 min▣LLM reporthigh Silver Fox (also known as Void Arachne) is a China-based threat actor conducting dual-purpose campaigns in South Asia that blend financial cybercrime with APT-style espionage. Recent operations leverage tax-themed phishing to deliver evolving payloads, transitioning from the ValleyRAT backdoor to abused legitimate RMM tools, and most recently, a custom Python-based stealer disguised as a WhatsApp application.