#0159
Elastic Security Labsabout 2 months ago2 min▣LLM reportlow Elastic has introduced Elastic Workflows, a native automation capability within its SIEM that allows security teams to build YAML-based playbooks for alert triage, enrichment, and response. The feature integrates directly with Elasticsearch data, external threat intelligence platforms, and AI-driven analysis tools to streamline security operations.
#0158
Huntressabout 2 months ago6 min▣LLM reportcritical Threat actors are leveraging the EvilTokens Phishing-as-a-Service platform hosted on Railway.com to conduct large-scale device code phishing campaigns against Microsoft 365 users. By abusing legitimate cloud infrastructure and multi-hop redirect chains, attackers successfully bypass email filtering and MFA to harvest persistent OAuth tokens.
#0157
NCSCabout 2 months ago2 min▣LLM reportlow At the RSAC Conference, the NCSC CEO discussed the dual nature of 'vibe coding' (AI-generated software). While unreviewed AI code poses significant security risks, properly trained AI tools offer a transformative opportunity to create secure-by-design software and reduce collective vulnerability to cyber attacks.
#0156
Akamaiabout 2 months ago3 min▣LLM reportlow This article emphasizes the strategic importance of cyber resilience through microsegmentation and Zero Trust architectures. By assuming breach is inevitable, organizations can focus on containing lateral movement and controlling the blast radius to prevent localized incidents from escalating into business-impacting crises.
#0155
Elastic Security Labsabout 2 months ago3 min▣LLM reportlow The article provides a technical overview of Elastic Security XDR, detailing its capabilities in endpoint protection, cross-environment telemetry correlation, AI-driven investigations, and automated incident response workflows.
#0154
Morphisecabout 2 months ago4 min▣LLM reporthigh Morphisec Threat Labs analyzed a Linux variant of the Iranian-attributed Pay2Key ransomware. The malware requires root privileges to execute, utilizes a JSON configuration file, disables system defenses like SELinux and AppArmor, and employs ChaCha20 for full or partial file encryption while lacking built-in network C2 or exfiltration capabilities.
#0153
Huntressabout 2 months ago4 min▣LLM reportmedium Threat actors are increasingly targeting Google Workspace as a foundational identity layer to pivot into interconnected SaaS applications. Modern attacks bypass traditional endpoint defenses by utilizing stolen credentials, OAuth abuse, and malicious inbox rules to conduct Business Email Compromise (BEC) and maintain persistent access.
#0152
Palo Alto Networksabout 2 months ago4 min▣LLM reportinfo This architectural analysis details the hidden mechanisms behind Google's synced passkeys, revealing a hybrid model that leverages a cloud-based authenticator (enclave.ua5v[.]com) for sensitive cryptographic operations while anchoring trust to local hardware keys. Understanding this infrastructure is critical for defenders to anticipate emerging attack vectors in passwordless authentication environments.
#0151
Canadian Centre for Cyber Securityabout 2 months ago2 min▣LLM reportmedium The Canadian Centre for Cyber Security issued a daily digest highlighting recent security updates for Google Chrome and Mozilla Firefox. Administrators are advised to update Chrome to version 146.0.7680.164/165 and Firefox to version 149 (or the respective ESR versions) to address unspecified vulnerabilities.
#0150
Huntressabout 2 months ago3 min▣LLM reportmedium Cybercrime has evolved into a highly organized, corporate-style economy, complete with specialized departments and multi-million dollar revenues generated through tech support and subscription scams. Threat actors are increasingly leveraging generative AI for deepfakes and automated vishing, prompting defenders to adopt AI-driven countermeasures and behavioral tests to disrupt these social engineering operations.
#0149
CERT-EUabout 2 months ago4 min▣LLM reportcritical Citrix has released security updates addressing two vulnerabilities in NetScaler ADC and Gateway, including a critical out-of-bounds read (CVE-2026-3055) and a high-severity race condition (CVE-2026-4368). These flaws can lead to sensitive information disclosure and user session mix-up, requiring immediate patching and session termination to prevent potential exploitation.
#0148
Sophosabout 2 months ago3 min▣LLM reportcritical Oracle has disclosed a critical, unauthenticated remote code execution vulnerability (CVE-2026-21992, CVSS 9.8) affecting Oracle Identity Manager and Oracle Web Services Manager. The flaw allows attackers to gain network access via HTTP due to a lack of network-level authentication, though no active exploitation has been observed yet.
#0147
Sophosabout 2 months ago7 min▣LLM reporthigh North Korean threat group NICKEL ALLEY is targeting technology professionals and Web3 developers through fake job interviews and malicious code repositories. The group employs social engineering, the ClickFix tactic, and malicious VS Code tasks to deliver remote access trojans like PyLangGhost RAT and BeaverTail, primarily aiming for cryptocurrency theft and potential supply chain compromise.
#0146
Mandiantabout 2 months ago5 min▣LLM reporthigh Mandiant's M-Trends 2026 report highlights a severe divergence in adversary tactics. Cybercriminals are optimizing for speed, with initial access hand-offs collapsing to 22 seconds, and focusing on recovery denial by targeting hypervisors and backup infrastructure. Conversely, espionage groups are prioritizing extreme persistence by exploiting zero-days and deploying in-memory malware on unmonitored edge devices, while voice phishing has emerged as a primary vector for bypassing MFA and compromising SaaS environments.
#0145
Cisco Talosabout 2 months ago2 min▣LLM reportlow Cisco Talos announced a podcast episode discussing their 2025 Year in Review report, which covers major cybersecurity trends such as rapid vulnerability weaponization, identity abuse, ransomware, and APT activity.
#0144
Canadian Centre for Cyber Securityabout 2 months ago4 min▣LLM reportcritical The Canadian Centre for Cyber Security released a daily digest of 9 security advisories covering critical vulnerabilities across major enterprise, Linux, and ICS platforms. Notably, a critical vulnerability in Craft CMS (CVE-2025-32432) is being actively exploited in the wild, and Citrix has patched critical flaws in NetScaler ADC and Gateway.
#0143
Socketabout 2 months ago5 min▣LLM reportcritical CanisterWorm is a worm-enabled supply chain attack that compromises legitimate npm publisher accounts to distribute a Python backdoor. The malware establishes user-level Linux persistence via systemd and utilizes an Internet Computer Protocol (ICP) canister as a dead-drop C2 to continuously fetch and execute secondary payloads, while simultaneously harvesting npm tokens to propagate itself to other packages.
#0142
Zscaler ThreatLabzabout 2 months ago4 min▣LLM reportcritical Cisco Secure Firewall Management Center (FMC) is actively being targeted by unauthenticated attackers exploiting CVE-2026-20131, a critical insecure deserialization vulnerability. Exploitation grants root access, enabling attackers to completely compromise the firewall management platform, alter security policies, and pivot into the internal network.
#0141
Socketabout 2 months ago6 min▣LLM reportcritical A sophisticated supply chain attack compromised the official Trivy GitHub Action (aquasecurity/trivy-action) by force-pushing 75 version tags to malicious commits. The injected infostealer harvests sensitive CI/CD secrets from runner memory and filesystems, exfiltrating them to a typosquat domain or a fallback GitHub repository.
#0140
Akamaiabout 2 months ago4 min▣LLM reporthigh Anthropic's new 'Agent Skills' feature, which uses progressive disclosure to manage AI agent context windows, introduces a novel attack surface. The article outlines the top 10 critical threats to this ecosystem, including prompt injection, supply chain manipulation, and unauthorized code execution, highlighted by the recent OpenClaw malware incident.