#0079
Akamaiabout 2 months ago3 min▣LLM reportlow The integration of AI in vulnerability research has led to a surge in false-positive bug reports, overwhelming vendors and bug bounty programs. Human oversight remains essential to validate AI findings and maintain the integrity of the CVE ecosystem.
#0078
Socketabout 2 months ago5 min▣LLM reporthigh Security researchers identified six malicious Composer packages on Packagist masquerading as OphimCMS themes. These packages contain trojanized JavaScript that executes client-side attacks, including URL exfiltration, ad injection, and redirects to gambling sites operated by the OFAC-sanctioned FUNNULL network.
#0077
Recorded Futureabout 2 months ago4 min▣LLM reportcritical The ongoing geopolitical conflict involving Iran has triggered significant cyber and influence operations, with multiple nation-state and hacktivist groups leveraging the crisis for espionage, destructive attacks, and narrative manipulation. Organizations are advised to prepare for a surge in Iranian cyber activity as domestic internet blackouts lift, alongside heightened risks of physical threats and supply chain disruptions.
#0076
Palo Alto Networksabout 2 months ago7 min▣LLM reportcritical A suspected China-nexus threat actor tracked as CL-STA-1087 has been conducting a persistent espionage campaign against Southeast Asian military targets since 2020. The attackers utilize custom malware, including the AppleChris and MemFun backdoors, leveraging Dead Drop Resolvers (DDR) like Pastebin and Dropbox for C2 resolution alongside advanced evasion techniques like process hollowing and DLL hijacking.
#0075
Akamaiabout 2 months ago3 min▣LLM reportlow This promotional article highlights Akamai's upcoming presence at RSAC 2026, focusing on the escalating arms race between AI-driven cyber threats and enterprise security. It emphasizes that adversaries are using AI to automate API attacks and exploit cloud misconfigurations, necessitating a shift away from legacy security toward robust Zero Trust frameworks and strategic partner ecosystems.
#0074
Sophosabout 2 months ago6 min▣LLM reportcritical Microsoft's March Patch Tuesday addressed 84 vulnerabilities across 15 product families, including 8 Critical and 76 Important flaws. While no zero-days were reported as actively exploited, two vulnerabilities have been publicly disclosed, and six are deemed highly likely to be exploited within 30 days. Organizations are advised to prioritize patching for critical Remote Code Execution and Elevation of Privilege vulnerabilities affecting Windows, Office, and Azure environments.
#0073
Elastic Security Labsabout 2 months ago3 min▣LLM reportlow Elastic has introduced capabilities to manage security detection rules and exceptions as code using the Elastic Stack Terraform provider. This enables DevOps and platform teams to integrate detection lifecycle management into broader infrastructure-as-code pipelines, complementing existing detection engineering workflows.
#0072
Sophosabout 2 months ago4 min▣LLM reporthigh Iranian-linked threat actors consistently utilize a core set of cost-effective initial access techniques, including social engineering, rapid exploitation of known vulnerabilities, and credential abuse. These groups frequently leverage legitimate RMM tools and trusted cloud services to establish persistence and evade detection, highlighting the need for robust identity management, prompt patching, and perimeter security.
#0071
CISAabout 2 months ago3 min▣LLM reporthigh CISA has added two actively exploited vulnerabilities affecting Google Skia (CVE-2026-3909) and Google Chromium V8 (CVE-2026-3910) to its Known Exploited Vulnerabilities (KEV) Catalog, urging immediate remediation across all organizations.
#0070
WithSecureabout 2 months ago4 min▣LLM reporthigh The cybercrime-as-a-service ecosystem is evolving rapidly, characterized by a shift towards trading live session tokens, the integration of generative AI for dynamic payload generation, and a preference for data exfiltration over encryption. Defenders must adapt by prioritizing identity monitoring, rapid session revocation, and recognizing the blurring lines between commodity cybercrime and state-aligned operations.
#0069
Microsoftabout 2 months ago6 min▣LLM reporthigh Storm-2561 is conducting a credential theft campaign leveraging SEO poisoning to distribute fake enterprise VPN clients. The attack utilizes digitally signed payloads and DLL side-loading to deploy the Hyrax infostealer, which harvests VPN credentials and configuration data before redirecting victims to legitimate software to evade detection.
#0068
Socketabout 2 months ago2 min▣LLM reportlow Node.js is transitioning from a biannual to an annual major release cycle starting with version 27, retiring the legacy odd/even LTS model. This strategic shift aims to reduce maintainer fatigue, streamline security backports, and align with industry-standard predictable release schedules.
#0067
ANY.RUNabout 2 months ago6 min▣LLM reporthigh MicroStealer is a newly identified, fast-spreading infostealer that targets sensitive corporate and personal data, including browser credentials, session cookies, and cryptocurrency wallets. It employs a sophisticated NSIS to Electron to Java execution chain, combined with obfuscation and anti-analysis checks, to maintain a low detection rate across security vendors.
#0066
NCSCabout 2 months ago2 min▣LLM reportlow The UK's National Cyber Security Centre (NCSC) has announced the speaker lineup and core themes for the CYBERUK 2026 conference in Glasgow. The event will bring together international security leaders to discuss accelerating global cyber defenses against evolving threats over the next decade.
#0065
Check Pointabout 2 months ago7 min▣LLM reportcritical Handala Hack, an Iranian MOIS-affiliated threat actor also known as Void Manticore, conducts destructive wiping and hack-and-leak operations against US, Israeli, and Albanian targets. The group leverages compromised VPN credentials for initial access, uses NetBird for internal tunneling, and deploys multiple parallel wiping techniques—including custom MBR wipers, PowerShell scripts, and VeraCrypt—distributed via Active Directory Group Policy.
#0064
Socketabout 2 months ago3 min▣LLM reportlow GCVE, operated by CIRCL, has launched a decentralized vulnerability publishing ecosystem utilizing Vulnerability-Lookup 4.1.0 to address the limitations of the centralized CVE system. The federated model allows organizations to act as autonomous publishers (GNAs) while synchronizing vulnerability intelligence, sightings, and KEV data globally.
#0063
Zscaler ThreatLabzabout 2 months ago7 min▣LLM reporthigh A China-nexus threat actor, assessed with medium confidence as Mustang Panda, targeted the Persian Gulf region using a multi-stage attack chain themed around the Middle East conflict. The campaign leverages LNK and CHM files to execute a heavily obfuscated shellcode loader via DLL sideloading, ultimately deploying a PlugX backdoor capable of HTTPS and DNS-over-HTTPS (DoH) C2 communications.
#0062
Cofenseabout 2 months ago5 min▣LLM reporthigh Threat actors are increasingly weaponizing the legitimate Telegram Bot API to establish Command and Control (C2) channels and exfiltrate stolen data. This technique is widely adopted across credential phishing campaigns and malware families like Agent Tesla and Pure Logs Stealer, allowing attackers to bypass traditional network defenses by blending malicious traffic with legitimate Telegram communications.
#0061
Trail of Bitsabout 2 months ago4 min▣LLM reporthigh Trail of Bits identified six common vulnerability patterns in ERC-4337 smart accounts during their audits. These vulnerabilities, ranging from incorrect access controls and incomplete signature validation to state modification issues and replay attacks, can allow attackers to drain funds or hijack account ownership.
#0060
Socketabout 2 months ago4 min▣LLM reporthigh The rapid proliferation of GitHub Security Advisories (GHSAs) for the OpenClaw AI agent has highlighted a significant gap in vulnerability tracking, as many GHSAs lack corresponding CVE identifiers. This discrepancy creates critical blind spots for enterprise security tools that rely exclusively on CVEs, prompting debate over the future of decentralized vulnerability disclosure and the need for multi-source advisory tracking.