#0099
Cisco Talosabout 2 months ago4 min▣LLM reportinfo Cisco Talos introduced DispatchLogger, an open-source dynamic analysis tool designed to intercept and log late-bound COM automation calls. By utilizing transparent proxying and recursive object wrapping, the tool provides analysts with deep semantic visibility into script-based malware behavior, such as WMI abuse and fileless execution, effectively bypassing common script obfuscation techniques.
#0098
Trend Microabout 2 months ago5 min▣LLM reporthigh Threat actors exploited an exposed Spring Boot Actuator endpoint and plaintext credentials found in a spreadsheet to authenticate via the legacy ROPC flow. This allowed them to bypass MFA, obtain a Microsoft Graph access token, and exfiltrate sensitive data from SharePoint Online without deploying malware.
#0097
Canadian Centre for Cyber Securityabout 2 months ago3 min▣LLM reportcritical The Canadian Centre for Cyber Security published a daily digest of 11 security advisories on March 18, 2026. The advisories highlight vulnerabilities across various enterprise, networking, and consumer products, including a critical remote pre-auth buffer overflow in GNU InetUtils telnetd, and urge administrators to apply necessary updates and mitigations.
#0096
CISAabout 2 months ago4 min▣LLM reporthigh CISA has issued an alert regarding malicious cyber activity targeting endpoint management systems, specifically highlighting a recent attack on Stryker Corporation's Microsoft environment. The alert strongly urges organizations to harden Microsoft Intune and similar platforms by enforcing least privilege, phishing-resistant MFA, and Multi Admin Approval to prevent unauthorized high-impact administrative actions.
#0095
CISAabout 2 months ago3 min▣LLM reporthigh CISA has added CVE-2026-20963, a Microsoft SharePoint Deserialization of Untrusted Data Vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Organizations are strongly urged to prioritize timely remediation of this flaw as part of their vulnerability management practices to reduce exposure to cyberattacks.
#0094
Akamaiabout 2 months ago4 min▣LLM reportmedium The Akamai 2026 SOTI report highlights the industrialization of cyberattacks, driven by automation and the convergence of API threats, web exploits, and DDoS campaigns. Key trends include a massive 104% surge in Layer 7 DDoS attacks powered by super botnets, increased risks from untested AI-generated code, and a 73% rise in web application attacks.
#0093
Trend Microabout 2 months ago4 min▣LLM reportinfo The article outlines the emerging security risks associated with autonomous Agentic AI and presents a collaborative architectural solution between TrendAI and NVIDIA. By integrating TrendAI's governance and behavioral analysis with NVIDIA's OpenShell runtime, enterprises can safely deploy self-evolving AI agents with runtime policy enforcement and protection against AI-native threats like prompt injection.
#0092
Palo Alto Networksabout 2 months ago4 min▣LLM reportmedium Unit 42 researchers demonstrated that both open and closed-source LLMs remain vulnerable to prompt jailbreaking at scale using a genetic algorithm-based fuzzing technique. By systematically generating meaning-preserving variants of disallowed requests, researchers successfully bypassed content filters and model guardrails, highlighting the fragility of current AI safety mechanisms under automated adversarial variation.
#0091
SentinelOneabout 2 months ago4 min▣LLM reporthigh This report summarizes a LABScon 25 presentation detailing the sophisticated attack vectors used in cryptocurrency heists, which have resulted in $9 billion in losses. Threat actors are increasingly targeting developers and software supply chains—such as modifying production JavaScript code and compromising GitHub accounts via personal infrastructure—to execute massive wallet drains.
#0090
Canadian Centre for Cyber Securityabout 2 months ago3 min▣LLM reporthigh The Canadian Centre for Cyber Security released a daily digest highlighting critical vulnerabilities in Spring AI, including SQL and JSONPath injections, as well as unspecified vulnerabilities in GitHub Enterprise Server. Organizations utilizing these products are advised to apply the latest security patches to mitigate potential exploitation risks.
#0089
Palo Alto Networksabout 2 months ago7 min▣LLM reporthigh Boggy Serpens (MuddyWater) is conducting ongoing cyberespionage campaigns targeting critical infrastructure and diplomatic entities globally. The group leverages hijacked accounts for trusted relationship compromises, delivering advanced, AI-assisted malware toolkits including Rust-based backdoors and custom C2 protocols to maintain long-term persistence and evade detection.
#0088
Trend Microabout 2 months ago8 min▣LLM reportcritical The Warlock ransomware group (Water Manaul) has enhanced its attack chain by exploiting Microsoft SharePoint servers for initial access and deploying a sophisticated post-exploitation toolkit. The group leverages BYOVD techniques via the NSecKrnl.sys driver to disable security tools, establishes redundant C&C channels using legitimate tools like Velociraptor and Cloudflare Tunnels, and automates ransomware deployment domain-wide using Group Policy Objects (GPO).
#0087
Akamaiabout 2 months ago3 min▣LLM reportinfo Modern AI factories utilize massive, interconnected GPU clusters that generate high volumes of east-west traffic, rendering traditional perimeter and host-based security ineffective. To secure these environments without degrading performance, organizations must adopt infrastructure-level, identity-based microsegmentation using technologies like DPUs to enforce Zero Trust and contain lateral movement.
#0086
Mandiantabout 2 months ago8 min▣LLM reportcritical In 2025, ransomware operators increasingly relied on vulnerability exploitation for initial access and heavily targeted virtualization infrastructure like ESXi. While overall ransomware profitability appears to be declining, threat actors have adapted by increasing data theft extortion, targeting smaller organizations, and utilizing cross-platform ransomware families like REDBIKE, AGENDA, and INC.
#0085
Cofenseabout 2 months ago5 min▣LLM reporthigh A novel phishing campaign is abusing the legitimate LiveChat SaaS platform to impersonate brands like PayPal and Amazon. By engaging victims in real-time chat interfaces using automated bots or human operators, attackers successfully harvest sensitive information, including account credentials, multi-factor authentication (MFA) codes, personally identifiable information (PII), and credit card details.
#0084
Elastic Security Labsabout 2 months ago3 min▣LLM reportlow Elastic has introduced open-source Agent Skills that enable AI coding agents to natively interact with Elastic Security. These skills allow security teams to rapidly provision cloud environments, generate realistic sample attack data, and manage alerts and detection rules directly from their IDEs.
#0083
CISAabout 2 months ago3 min▣LLM reporthigh CISA has added CVE-2025-47813, an information disclosure vulnerability in Wing FTP Server, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. All organizations are strongly urged to prioritize timely remediation of this vulnerability to reduce exposure to cyberattacks.
#0082
Socketabout 2 months ago8 min▣LLM reporthigh The GlassWorm threat actor has evolved its supply chain attack methodology by abusing VS Code extension manifest fields to transitively deliver malicious payloads. This technique allows initially benign extensions to pull in malicious dependencies during later updates, executing staged JavaScript loaders that target developer workstations for credential and secret theft.
#0081
Recorded Futureabout 2 months ago4 min▣LLM reporthigh The 2025 Identity Threat Landscape Report highlights a massive surge in credential theft driven by infostealer malware, with LummaC2 leading the ecosystem. A critical finding is the widespread theft of active session cookies, which allows attackers to bypass multi-factor authentication (MFA) and directly access high-value corporate systems, VPNs, and cloud platforms.
#0080
Akamaiabout 2 months ago4 min▣LLM reporthigh Following the outbreak of a geopolitical conflict in the Middle East in early 2026, Akamai observed a 245% surge in malicious cyber activity targeting global enterprises. The threat landscape is characterized by massive increases in automated reconnaissance, credential harvesting, and data-wiping attacks by state-sponsored and hacktivist groups like Handala, primarily targeting the financial, ecommerce, and healthcare sectors.