#0059
Sophosabout 2 months ago6 min▣LLM reporthigh Threat actors are evolving 'ClickFix' social engineering campaigns to target macOS users with the MacSync infostealer. Recent iterations bypass traditional security controls by tricking users into executing obfuscated terminal commands that deploy fileless, API-gated AppleScript payloads designed to harvest credentials, browser data, and cryptocurrency wallet seed phrases.
#0058
CISAabout 2 months ago3 min▣LLM reporthigh CISA has added CVE-2025-68613, an Improper Control of Dynamically-Managed Code Resources vulnerability in n8n, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Organizations are strongly urged to prioritize remediation to reduce exposure to cyberattacks.
#0057
Socketabout 2 months ago5 min▣LLM reporthigh A coordinated supply chain attack on the Rust ecosystem involved five malicious crates masquerading as time utilities. These crates silently exfiltrated .env files containing sensitive developer credentials to a threat actor-controlled lookalike domain using background curl processes.
#0056
Varonisabout 2 months ago4 min▣LLM reporthigh The threat actor ShinyHunters is leveraging a modified version of the AuraInspector tool to exploit misconfigured Salesforce Experience sites. By targeting overly permissive guest user profiles, attackers can interact with backend Aura endpoints to enumerate and exfiltrate sensitive corporate data without requiring authentication.
#0055
Trend Microabout 2 months ago7 min▣LLM reporthigh Trend Micro MDR uncovered an ongoing campaign by the KongTuke threat group utilizing compromised WordPress sites and fake CAPTCHA lures to trick users into executing malicious PowerShell commands. The attack leverages living-off-the-land binaries like finger.exe to deploy a Python-based backdoor known as modeloRAT, which focuses on enterprise environments for potential lateral movement and establishes persistence via scheduled tasks and registry keys.
#0054
ESETabout 2 months ago5 min▣LLM reportcritical The Sednit threat group (APT28) has deployed a modernized espionage toolkit targeting Ukrainian military personnel. The toolkit consists of custom implants SlimAgent and BeardShell, alongside a heavily modified version of the Covenant framework, utilizing legitimate cloud storage providers for resilient Command and Control (C&C).
#0053
ANY.RUNabout 2 months ago6 min▣LLM reporthigh Threat actors are increasingly utilizing OAuth Device Code phishing to compromise Microsoft 365 accounts. By tricking victims into entering a verification code on the legitimate Microsoft device login page, attackers can obtain OAuth access and refresh tokens without ever harvesting the user's credentials. This technique bypasses traditional phishing defenses by operating over encrypted channels and legitimate Microsoft infrastructure.
#0052
Check Pointabout 2 months ago6 min▣LLM reporthigh Iranian Ministry of Intelligence and Security (MOIS) affiliated threat actors, including Void Manticore and MuddyWater, are increasingly integrating cybercriminal tools, infrastructure, and affiliate models into their operations. This strategic shift, which includes the use of commercial infostealers like Rhadamanthys and RaaS platforms like Qilin, enhances their operational capabilities while complicating attribution efforts.
#0051
Socketabout 2 months ago5 min▣LLM reporthigh A malicious Google Chrome extension impersonating the imToken cryptocurrency wallet is actively stealing user seed phrases and private keys. The extension functions as a lightweight redirector, fetching a destination URL from a hardcoded endpoint and sending victims to a homoglyph-obfuscated phishing site designed to harvest wallet recovery secrets.
#0050
Akamaiabout 2 months ago3 min▣LLM reportlow Akamai has announced the integration of AI-powered WAF detections into its App & API Protector platform. This enhancement leverages machine learning models trained on global traffic to autonomously identify and mitigate sophisticated web attacks, such as evasive SQL injections and parameter pollution, while maintaining human oversight and minimizing false positives.
#0049
Palo Alto Networksabout 2 months ago4 min▣LLM reporthigh Unit 42 researchers developed AdvJudge-Zero, an automated fuzzer that identifies stealthy prompt injection sequences to bypass AI judges. By using low-perplexity formatting tokens, attackers can manipulate LLM-based security gatekeepers into approving harmful content or corrupting training data without triggering traditional detection mechanisms.
#0048
Trend Microabout 2 months ago4 min▣LLM reporthigh TrendAI researchers demonstrated novel attack vectors against AI systems, including exploiting AI-driven KYC pipelines using 'executable documents' to leak customer data. Additionally, they introduced FENRIR, an automated vulnerability hunting system that has discovered numerous zero-days in AI and Model Context Protocol (MCP) ecosystems.
#0047
SentinelOneabout 2 months ago3 min▣LLM reportlow SentinelLabs explores the use of Large Language Models (LLMs) to automate the extraction of indicators of compromise (IOCs) and contextual data from Cyber Threat Intelligence (CTI) narratives. The research demonstrates that LLMs can accurately parse unstructured reports into structured knowledge graphs, significantly reducing processing time while highlighting the importance of custom data models, prompt optimization, and evidence-grading frameworks.
#0046
CISAabout 2 months ago3 min▣LLM reporthigh CISA has added three actively exploited vulnerabilities affecting Omnissa Workspace ONE, SolarWinds Web Help Desk, and Ivanti Endpoint Manager to its Known Exploited Vulnerabilities (KEV) Catalog. Organizations are strongly urged to apply patches immediately to mitigate the risk of compromise.
#0045
Mandiantabout 2 months ago8 min▣LLM reporthigh This comprehensive guide outlines proactive hardening strategies to defend against destructive cyberattacks, such as ransomware and wipers. It provides actionable recommendations for securing external-facing assets, segmenting IT/OT and virtualization infrastructure, restricting lateral movement, and protecting privileged credentials across on-premises and cloud environments.
#0044
Elastic Security Labsabout 2 months ago3 min▣LLM reporthigh Researchers successfully patch-diffed a Windows Desktop Window Manager (DWM) vulnerability using LLMs, drastically reducing exploit development time. The vulnerability is a Use-After-Free in dwmcore.dll that can be exploited via the DirectComposition API, combined with a novel heap spray and CFG bypass, to achieve Local Privilege Escalation to SYSTEM.
#0043
Zscaler ThreatLabzabout 2 months ago6 min▣LLM reporthigh Threat actors are capitalizing on Middle East geopolitical tensions using over 8,000 newly registered domains to launch opportunistic cyber attacks. Campaigns include Mustang Panda deploying the LOTUSLITE backdoor via DLL sideloading, fake news sites distributing StealC malware, and various phishing/scam operations exhibiting Persian-language artifacts.
#0042
Palo Alto Networksabout 2 months ago7 min▣LLM reporthigh Since 2020, a Chinese threat actor tracked as CL-UNK-1068 has targeted critical infrastructure in Asia for cyberespionage. The group utilizes a diverse, cross-platform toolkit including web shells, custom Go-based scanners, modified Fast Reverse Proxy (FRP) for tunneling, and legacy Python executables for DLL side-loading to maintain stealth, escalate privileges, and exfiltrate sensitive data.
#0041
Microsoftabout 2 months ago5 min▣LLM reporthigh Threat actors, particularly North Korean state-sponsored groups, are increasingly operationalizing AI to accelerate cyberattacks. They leverage generative AI for reconnaissance, social engineering, identity fabrication, and malware development, acting as a force multiplier that reduces technical friction while human operators maintain control over objectives.
#0040
Socketabout 2 months ago4 min▣LLM reportinfo Latio's 2026 Application Security Market Report highlights supply chain malware and the securing of AI-generated code as the top security concerns for practitioners. The report emphasizes the inadequacy of traditional CVE scanning, citing the multi-wave Shai Hulud campaign—which compromised over 500 npm packages, exposed GitHub secrets, and targeted AI toolchains—as evidence that proactive dependency analysis is essential.