#0139
Akamaiabout 2 months ago5 min▣LLM reporthigh CVE-2026-31979 is a high-severity local privilege escalation vulnerability in the Himmelblau Linux-to-Azure integration suite. By exploiting a time-of-check to time-of-use (TOCTOU) symlink race condition in the shared /tmp directory, an unprivileged local attacker can hijack root-level file operations to take ownership of critical system files, potentially enabling lateral movement into cloud infrastructure.
#0138
Akamaiabout 2 months ago4 min▣LLM reportcritical The US Department of Justice, alongside international authorities and industry partners including Akamai, successfully disrupted the Aisuru and Kimwolf IoT botnets. These hyper-volumetric botnets compromised up to 4 million IoT devices to launch record-breaking DDoS attacks exceeding 30 Tbps, which were used to cripple internet infrastructure and extort victims.
#0137
CrowdStrikeabout 2 months ago5 min▣LLM reporthigh Following a major law enforcement takedown of its infrastructure on March 4, 2026, the Tycoon2FA Phishing-as-a-Service (PhaaS) platform has quickly reconstituted its operations. The platform continues to enable cybercriminals to bypass multifactor authentication (MFA) using Adversary-in-the-Middle (AiTM) techniques, leading to cloud account takeovers and Business Email Compromise (BEC).
#0136
Elastic Security Labsabout 2 months ago6 min▣LLM reportcritical The TeamPCP threat actor targets cloud-native and containerized environments to deploy cryptominers and ransomware. The attack chain involves initial access via web server exploitation, in-memory payload execution, Kubernetes API abuse for lateral movement, and node-level escape using privileged DaemonSets.
#0135
Socketabout 2 months ago4 min▣LLM reportinfo The European Union Agency for Cybersecurity (ENISA) has released a technical advisory on the secure use of package managers ahead of the Cyber Resilience Act's (CRA) strict reporting deadlines in 2026. The advisory highlights critical software supply chain risks, such as typosquatting, compromised maintainers, and dependency confusion, mandating a shift toward continuous dependency monitoring, SBOM generation, and reachability analysis to avoid severe regulatory penalties.
#0134
Canadian Centre for Cyber Securityabout 2 months ago2 min▣LLM reportcritical The Canadian Centre for Cyber Security issued an advisory regarding a critical vulnerability (CVE-2026-21992) affecting Oracle Identity Manager and Oracle Web Services Manager. Organizations utilizing these products are advised to review Oracle's security alerts and apply necessary patches or mitigations.
#0133
CrowdStrikeabout 2 months ago4 min▣LLM reporthigh The CrowdStrike 2026 Global Threat Report highlights a shift toward highly evasive, malware-free attacks leveraging valid credentials, AI tools, and supply chain compromises. Adversaries are operating with unprecedented speed, with average breakout times dropping to 29 minutes, while increasingly targeting AI infrastructure, cloud environments, and network edge devices.
#0132
CISAabout 2 months ago3 min▣LLM reporthigh CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog with five new actively exploited vulnerabilities affecting Apple products, Craft CMS, and Laravel Livewire. Organizations are strongly urged to prioritize timely remediation of these flaws to reduce exposure to cyberattacks.
#0131
Microsoftabout 2 months ago7 min▣LLM reporthigh Microsoft Threat Intelligence observed a significant increase in tax-themed phishing and malware campaigns targeting individuals and accounting professionals. These campaigns utilize sophisticated social engineering, Phishing-as-a-Service (PhaaS) platforms for credential theft, and abused legitimate Remote Monitoring and Management (RMM) tools to establish persistent remote access.
#0130
Huntressabout 2 months ago5 min▣LLM reportcritical Threat actors breached a network via compromised SonicWall SSLVPN credentials and deployed a sophisticated EDR killer to blind endpoint security prior to a planned ransomware deployment. The malware utilizes a Bring Your Own Vulnerable Driver (BYOVD) technique, dropping a revoked EnCase forensic driver encoded with a novel wordlist substitution cipher to terminate 59 different security processes directly from kernel mode.
#0129
CERT-EUabout 2 months ago4 min▣LLM reportcritical Cisco has disclosed multiple critical and high-severity vulnerabilities affecting Catalyst SD-WAN Controller and Manager, including CVE-2026-20127, a CVSS 10 authentication bypass exploited in the wild since 2023. Successful exploitation allows unauthenticated remote attackers to gain administrative privileges, manipulate network configurations, and establish persistent access, sometimes by downgrading software to exploit older vulnerabilities.
#0128
CERT-EUabout 2 months ago4 min▣LLM reportcritical Ivanti has released a security advisory addressing two critical code injection vulnerabilities (CVE-2026-1281 and CVE-2026-1340) in Endpoint Manager Mobile (EPMM) that allow unauthenticated remote code execution. At least one of these flaws is currently being exploited in the wild, prompting urgent recommendations to secure forensic evidence and apply available hotfixes.
#0127
CERT-EUabout 2 months ago4 min▣LLM reportcritical Cisco has disclosed a critical, unpatched vulnerability (CVE-2025-20393) affecting its Secure Email Gateway and Secure Email and Web Manager appliances. The flaw allows attackers to execute arbitrary commands with root privileges if the Spam Quarantine feature is enabled and exposed to the internet. Organizations are urged to immediately restrict internet access to this feature and contact Cisco TAC to check for indicators of compromise.
#0126
CrowdStrikeabout 2 months ago3 min▣LLM reportlow CrowdStrike has announced the integration of Falcon AI Detection and Response (AIDR) with NVIDIA NeMo Guardrails to secure enterprise AI agents against runtime attacks. The solution provides programmable guardrails to prevent prompt injection, data exposure, and unauthorized actions by applying over 75 built-in classification rules to LLM interactions.
#0125PProjectzeroabout 2 months ago2 min▣LLM reportlow The article details the limitations of mutational coverage-guided grammar fuzzing, specifically its tendency to produce similar samples and struggle with complex function chaining. To mitigate this, the author introduces a methodology using the Jackalope fuzzer that periodically restarts workers to combine generative and mutational fuzzing, significantly improving the discovery rate of unique crashes in targets like libxslt.
#0124
Elastic Security Labsabout 2 months ago3 min▣LLM reportinfo Elastic has introduced Defend for Containers (D4C) in version 9.3.0, providing runtime visibility and detection capabilities for Linux container workloads in Kubernetes environments. The integration captures process and file activity enriched with orchestration metadata, enabling detection engineers to build robust, behavior-based security policies.
#0123
Cisco Talosabout 2 months ago5 min▣LLM reporthigh Threat actors increasingly abuse legitimate native utilities, third-party tools, and cloud service clients for data exfiltration, bypassing traditional static detections. The Exfiltration Framework models the behavioral and forensic characteristics of these tools to enable detection based on execution context, network patterns, and artifact persistence rather than tool presence.
#0122
Infobloxabout 2 months ago7 min▣LLM reporthigh Threat actors are extensively abusing the legitimate Keitaro Tracker platform to conduct domain cloaking, facilitating large-scale, AI-driven investment and tech support scams. By combining traffic distribution systems with AI-generated deepfakes and localized lures, attackers effectively evade automated security scanners while maximizing victim engagement and conversion rates.
#0121
Socketabout 2 months ago5 min▣LLM reporthigh The GlassWorm malware campaign has evolved to deploy 'sleeper' extensions on Open VSX that are subsequently weaponized to download malicious VSIX payloads hosted on GitHub. The malware employs sophisticated evasion techniques, including Russian geofencing, source-to-compiled code mismatches, and utilizing the Solana blockchain as a dead-drop resolver for command and control, ultimately leading to arbitrary Node.js code execution across multiple developer IDEs.
#0120
Huntressabout 2 months ago3 min▣LLM reportinfo Huntress has introduced a new Incident Report Timeline feature for its Managed ITDR platform to combat rapid, identity-driven data exfiltration in cloud environments. This feature provides a chronological narrative of attacker actions and response efforts, enabling faster decision-making and better communication for security teams and MSPs.