-
U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals
Anthropic said on Friday it will "abruptly disable" its most advanced artificial intelligence (AI) models, Claude Fable 5 and Mythos 5, for all users after the U.S. government o...
-
Weekly Metasploit Update: New Kerberos/Certificate tracing options, and multiple new modules
New Tracing OptionsAs hard as we try to ensure that Metasploit is bug free, issues inevitably come up. Whether you’re running a module on an op or writing a new one, what we can...
-
Tracing Digital Intent: New MacOS Tahoe 26 Artifact Discovered
Unit 42 has discovered a new macOS Tahoe 26 forensic artifact that tracks user menu selections across the operating system. Learn more here. The post Tracing Digital Intent: New...
-
Maine disables data breach notification portal after fake disclosures
Maine has taken its public data breach reporting portal offline after fraudulent breach disclosures were published on the state's website, prompting a review of procedures to pr...
-
Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit
Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built ...
-
400+ Arch Linux AUR Packages Hijacked to Install Rust Credential Stealer
Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built ...
-
Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing
Google on Friday said it's pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence (AI) agent to send phishing text m...
-
phpBB forum fixes auth bypass bug lurking for a decade
A 10-year-old authentication bypass vulnerability discovered in the phpBB forum software allows an attacker to log in as any user, including administrators. [...]
-
China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade
Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade hidden inside the Linux login system itself. Sygnia, which...
-
Ukrainian national pleads guilty to role in Conti ransomware operation
A Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tied to the Conti ransomware operation. [...]
-
Over 400 Arch Linux packages compromised to push rootkit, infostealer
More than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens. [...]
-
‘You Will Not Speak on Flock Tonight’: County Commissioner Refuses to Let Residents Opposing Flock Speak at Meeting
"I’ve spoken. I’m not debating this."
-
Your Next Insider Threat May Be an AI Coworker
Heimdal sysadmin Alex Panait spent weeks testing Claude Cowork inside the company. His verdict was blunt. It felt like onboarding a junior employee with no manager, no scoped ac...
-
Behind the Blog: World Cup Madness and Film Reviews
This week, we discuss Trump fucking up the World Cup, some thoughts on ICE coverage, and movies.
-
Stolen iPhones could soon be worth a lot less to thieves
Apple and the Met Police are working together to make stolen iPhones harder to reset, resell, and profit from.
-
Early Warning Signs of Supply-Chain Attacks Live in the Dark Web
GitHub access sales, leaked repositories, and stolen API keys can all become supply-chain attack footholds. Flare explores how underground forums expose early signals tied to so...
-
Active Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273)
OverviewOn June 10, 2026, Oracle published a security alert for CVE-2026-35273, a critical vulnerability in the Updates Environment Management component of PeopleSoft Enterprise...
-
The OSI Model and Its Two Missing Layers
Cybersecurity failures now happen beyond the OSI stack. Faulty governance, the human factor, and AI tools create new attack surfaces. After seven years working across cybersecur...
-
Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code
Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence (AI) coding agents into running arbitrary code on develope...
-
Microsoft fixes Windows update failures linked to WUSA installer
Microsoft has fixed a known issue that caused Windows updates released since May 2025 to fail when installed via the Windows Update Standalone Installer (WUSA) from a network sh...
-
Rethinking MDR as Attackers and Defenders Embrace AI
For most of the past decade, managed detection and response was the answer to a real problem. Security teams couldn't staff around the clock, couldn't hire enough analysts, and ...
-
Pharma giant Novo Nordisk discloses breach of clinical trials data
Danish pharmaceutical giant Novo Nordisk, the world's largest producer of insulin, disclosed a data breach affecting patient information from some clinical trials. [...]
-
LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution
Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote co...
-
Fake verification pages are stealing Steam accounts from players
A convincing fake FACEIT verification page is stealing Steam accounts by using a fake login window that looks completely legitimate.
-
INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator
An INTERPOL-led operation last month resulted in the disruption of Sniper Dz, a decade-long phishing-as-a-service (PhaaS) platform, Group-IB said Thursday. The effort, codenamed...
-
CISA orders feds to patch actively exploited Ivanti flaw by Sunday
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch an actively exploited Ivanti Sentry flaw within three days, as mandated by ...
-
Over 73,000 French govt employees affected in Tchap messenger breach
The French government revealed that a recent breach of its Tchap encrypted messaging platform affects the accounts of over 73,000 employees in the French public sector. [...]
-
Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs
Authorities in Europe have disrupted AudiA6, a cryptocurrency laundering service used by ransomware gangs and cybercriminal networks. Europol, in a statement issued Thursday, sa...
-
Japanese energy firm loses drive with data of 10.9 million clients
Kyushu Electric Power Co., Inc. has disclosed a physical security incident that affects private data of more than 10 million customers. [...]
-
Maine breach portal abused to publish fake data breach disclosures
In an unusual misinformation campaign, fraudulent data breach disclosures were submitted to Maine's official breach portal and publicly posted before their legitimacy could be v...
-
ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities
The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaig...
-
Oracle mitigates PeopleSoft zero-day exploited in data theft attacks
Oracle is warning about a critical PeopleSoft Suite zero-day vulnerability tracked as CVE-2026-35273 that allows unauthenticated remote code execution, with the flaw actively ex...
-
Software Update Automatically Turns off Amazon Delivery Drivers’ AC During Dangerous Summer Heat
A new software update is turning off the AC in Amazon delivery vans after 10 minutes or 30 seconds under certain conditions.
-
A tale of two eras
In this week’s newsletter, Amy reminisces on the tech toys of their childhood, inspired by a hilarious lesson about why your digital privacy shouldn't be left on an open channel.
-
New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets
Two security teams have shown, in separate research published this week, that OpenClaw, the popular self-hosted AI agent, can be driven to run attacker-controlled code or hand o...
-
New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files
Security researcher Chaotic Eclipse (aka Nightmare-Eclipse and MSNightmare) has released a new Windows BitLocker bypass dubbed GreatXML, a day after they published an exploit fo...
-
The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm
A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion...
-
Google can be liable for false AI Overviews, court rules
"AI can make mistakes" isn't a good enough legal defense for defamatory or incorrect AI Overviews, a German court has ruled.
-
Authorities dismantle 'AudiA6' ransomware crypto-laundering service
Law enforcement has dismantled the “AudiA6” cryptocurrency service allegedly used by ransomware actors and other cybercriminals to launder more than $380 million. [...]
-
Amazon Data Centers In Mississippi Have Already Raised Electricity Rates for Local Customers, Report Suggests
Three Amazon data centers aren't even open yet, but local residents are already paying at least $10.60 extra per month for them, according to a new study.
-
Flock Leaked Cops’ License Plate Searches via DuckDuckGo, Bing
Flock, the automatic license plate reader (ALPR) company, exposed some of the license plate cops were looking for and the reason for doing so.
-
Why AI-driven threats are exposing the limits of MSP security stacks
AI-driven attacks are exposing the limits of fragmented MSP security stacks and slow response workflows. Kaseya breaks down why integrated security, automation, and recovery are...
-
Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories
Most good security work is invisible by design. Today is the exception. The 2026 Cybersecurity Stars Awards winners are announced across 95 subcategories in four main award cate...
-
ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories
It's been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there's a supply chain attack kit in a publ...
-
Chatbots Keep Telling Stories About Lighthouse Keeper 'Elias Thorne'. We Might Know Why
LLMs including ChatGPT, Gemini and Claude are obsessed with telling stories about lighthouse keepers and clockmakers, and one character named 'Elias Thorne' has made his way fro...
-
Criminal AI-as-a-Service in 2026: How the Underground Market Is Operationalizing Cybercrime
IntroductionThe underground market for criminally oriented generative AI has moved beyond the early hype surrounding 'malicious chatbots.' The gradual integration of AI as a pro...
-
Black Box Versus Glass Box DDoS Protection
Distributed denial-of-service (DDoS) attacks continue to grow in scale, frequency, and sophistication, forcing organizations to rethink not just how they defend against attacks,...
-
Coupang hit with record $409 million data breach fine in Korea
The Personal Information Protection Commission (PIPC), South Korea's data protection regulator, has fined e-commerce giant Coupang a record 624.6 billion won (roughly $409 mil...
-
CISA tells govt agencies to patch critical exploited flaws in 3 days
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced a new Binding Operational Directive, 26-04, that prioritizes security updates for Federal Civilian Exe...
-
VRChat says reported data breach never happened
We explain what data was exposed, the potential risks, and the steps you should take now.
-
AI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS.
For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution...
-
Children’s phones must block nude images by September, UK says
Apple and Google have three months to block nude images on children's phones. They're not allowed to collect any data while they do it.
-
Trust No Skill: Integrity Verification for AI Agent Supply Chains
Protect enterprise AI agents from supply chain risks by auditing third-party skills for hidden vulnerabilities and multi-stage attack chains. The post Trust No Skill: Integrity ...
-
OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack
The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as S...
-
Microsoft fixes BitLocker recovery bug on Windows Server 2025
Microsoft has resolved a known issue causing some Windows Server 2025 devices to boot into BitLocker recovery after installing the April 2026 security update. [...]
-
From Infosecurity Europe to CONFidence and C1b3rWall: What Security Teams Are Prioritizing in 2026
Three cities, three cybersecurity conferences, and plenty of conversations with security professionals across Europe. Over the past few weeks, the ANY.RUN team joined Infosecur...
-
Nottingham University data breach affects over 450,000 students
The University of Nottingham confirmed on Wednesday that a hacking group gained access to its student records system in a breach affecting both current students and alums. [...]
-
GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The...
-
Max severity Ivanti Sentry vulnerability now exploited in attacks
Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile gatew...
-
University of Nottingham - 454,635 breached accounts
In June 2026, the University of Nottingham was the target of a cyber attack, later linked to a ShinyHunters "pay or leak" extortion campaign. Tens of gigabytes of data were subs...
-
Path traversal flaw in AI dev platform Langflow exploited in attacks
Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform Langflow, to write arbitrary files on exposed servers. [...]
-
The ‘Miasma’ worm source code briefly leaked on GitHub
The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. [...]
-
GitHub announces npm security changes to tackle supply-chain attacks
GitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking supply-chain attacks abusing behaviors triggered by the...
-
Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks
Oracle PeopleSoft servers are being targeted in ongoing data theft attacks by the ShinyHunters extortion gang, which claims to have stolen data from over 100 organizations. [...]
-
Free Spotify Premium hacks on social media are spreading infostealers
Cybercriminals are turning TikTok and Instagram Reels into malware delivery platforms, using free software tutorials to spread infostealers.
-
Automated Threat Hunting: Turning Threat Intelligence into Executable Hunt Plans
Blake McDermott is Senior Threat Hunter at Rapid7.Every week, threat hunt teams are faced with a steady flow of blogs, advisories, and DFIR reports containing valuable intellige...
-
China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance
Cybersecurity researchers have warned of a "resurgence and expansion" of JDY, a covert network associated with China-nexus state-sponsored threat actors. "The JDY botnet compris...
-
Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disc...
-
Langflow Vulnerability CVE-2026-5027 Exploited for Unauthenticated RCE
A high-severity security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, a...
-
China-linked JDY botnet expands targeting of U.S. military networks
The JDY botnet, a malware network previously associated with Chinese threat actors like Volt Typhoon, has significantly expanded its targeting scope and reconnaissance efforts. [...]
-
CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, following repor...
-
The 5 Best Practices for Secure Identity Verification
Attackers are increasingly bypassing weak authentication through phishing, MFA fatigue, and service desk social engineering. Specops Software breaks down five best practices for...
-
Deceptive Installers: How Fake Apps Target macOS
Deceptive installers disguised as legit macOS software deliver infostealers that grab passwords, cookies, and crypto wallets. Learn how to detect them.
-
Microsoft patches Exchange Server zero-day exploited in attacks
Microsoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary JavaScript code in cross-site scripting (XSS) attacks ta...
-
Scientists Just Accidentally Discovered a Strange, Hidden Rule of Human Nature
Researchers report a "serendipitous" discovery while watching videos of crowds: an inexplicable bias toward counterclockwise turning that may be rooted in biology.
-
Podcast: Google Employees Meme About How Bad Their AI Is
Memes at Google; Microsoft wants to make its new AI assistant addictive; and manipulating Reddit.
-
Cops Keep Getting Arrested for Using Flock to Stalk People
There have been more than a dozen cases around the country where police use Flock to obsessively and illegally stalk people.
-
Intelligence-Driven Threat Hunting: How SOCs Find What Alerts Miss
Talk to any threat hunter long enough, and beneath the polished case studies and conference talks, the same frustrations surface. Hunting is supposed to be proactive. In practic...
-
Microsoft’s biggest-ever Patch Tuesday fixes 206 bugs, including 3 zero-days
June 2026 is the largest Patch Tuesday in history, fixing 206 vulnerabilities and three publicly disclosed zero-days.
-
88% of people struggle to tell what’s real online
As AI-generated scams, deepfakes, and impersonation spread, a new Malwarebytes report finds people increasingly unsure what to trust online.
-
Microsoft: Some Windows PCs fail to install latest monthly updates
Microsoft warned customers on Tuesday that they may have issues installing the latest monthly updates on some Windows devices that were upgraded to Windows 11 24H2 or 25H2. [...]
-
Behind Khmer Shadow: Targeted espionage against Cambodian government entities
Acronis Threat Research Unit (TRU) has identified two espionage-focused campaigns targeting Cambodian government entities in the defense and public works sectors. TRU has assess...
-
Your Automated Pentest Looks Clean. See What It Missed in This Expert Webinar
Your pentest report looks clean. That might be the problem. Run automated pentesting long enough, and the new findings start to dry up. By the third or fourth run, fewer issues ...
-
CVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti Sentry
OverviewOn June 9, 2026, Ivanti published a security advisory for two critical vulnerabilities affecting Ivanti Sentry (formerly known as MobileIron Sentry), which per the vendo...
-
Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days
On Tuesday, Microsoft patched two zero-day vulnerabilities that let attackers gain SYSTEM privileges on fully patched Windows systems, and a third one that grants access to BitL...
-
Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs
Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the ti...
-
Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards
On June 9, Anthropic released Claude Fable 5, the most capable model it has ever made, generally available. It also did something unusual: it shipped one model as two products, ...
-
ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances
ServiceNow has warned about a security incident in which unknown threat actors exploited a flaw to obtain deeper unauthorized access to susceptible instances. "On June 5, 2026, ...
-
Ivanti: Max severity Sentry flaw allows code execution as root
Ivanti has patched two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that enables remote attackers to execute code wit...
-
Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows
The anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero...
-
Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS
Cybersecurity researchers have flagged half a dozen vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers (Protobuf), that, if successfu...
-
Anthropic rolls out Claude Fable 5, but it's available for a limited time
Anthropic has begun rolling out a new model called "Fable," which is based on the same underlying model as Mythos, its most powerful AI model class. [...]
-
GenAI Is Both Hunter and Hunted at Pwn2Own Berlin 2026
This year’s Pwn2Own competition in Berlin revealed just how much of the AI stack remains exposed -- and the gap between what these tools promise and what they can withstand poin...
-
Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges
A security researcher has released a new Microsoft Defender zero-day exploit named "RoguePlanet" just hours after Microsoft fixed two previously disclosed flaws during June 2026...
-
Blinding the Watchmen: Abusing Cloud Logging Services for Defense Evasion and Visibility
Unit 42 research examines attack scenarios targeting cloud logging services. Learn how to defend against log manipulation and defense evasion. The post Blinding the Watchmen: Ab...
-
ServiceNow discloses security incident exposing customer data
ServiceNow is warning about a security incident after attackers exploited an unauthenticated access flaw through a vulnerable API endpoint, allowing them to query data from cust...
-
Microsoft Patch Tuesday for June 2026 — Snort rules and prominent vulnerabilities
Microsoft Patch Tuesday details for June 2026.
-
OpenClaw AI agent found falling for phishing attacks, spills user data
Phishing simulation on an OpenClaw email agent with various configuration profiles showed that it was susceptible to tactics commonly used to compromise human users. [...]
-
Patch Tuesday - June 2026
Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday. Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of publ...
-
SAP fixes critical flaws in NetWeaver and Commerce Cloud
SAP has released fixes for 15 vulnerabilities as part of its June 2026 Security Patch package, including four critical-severity flaws affecting SAP NetWeaver and SAP Commerce Cl...
-
Microsoft releases Windows 10 KB5094127 extended security update
Microsoft has released the Windows 10 KB5094127 extended security update, which fixes the June 2026 Patch Tuesday vulnerabilities and adds new functionality to monitor the rollo...
-
Microsoft June 2026 Patch Tuesday fixes 6 zero-days, 200 flaws
Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws, including five publicly disclosed zero-day vulnerabilities and one actively exploited in attac...
-
Microsoft June 2026 Patch Tuesday fixes 5 zero-days, 200 flaws
Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws, including four publicly disclosed zero-day vulnerabilities and one actively exploited in attac...
-
Microsoft June 2026 Patch Tuesday fixes 3 zero-day, 200 flaws
Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws and five publicly disclosed zero-day vulnerabilities. [...]
-
Windows 11 KB5094126 & KB5093998 cumulative updates released
Microsoft has released Windows 11 KB5094126 and KB5093998 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. [...]
-
Meta to Use Off-Site Business Data for Feed and AI Personalization
Meta on Tuesday announced that it will use information shared by other businesses to personalize users' feed and responses from its artificial intelligence (AI) chatbot, expandi...
-
Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code
Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vu...
-
Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues
Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being com...
-
XBOW tests Anthropic's Mythos Preview for offensive security
Anthropic's Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code. XBOW explores how the model performed across exploit ...
-
GitHub disables Microsoft repos pushing password-stealing malware
Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, disrupting continuous integration pipelines. [...]
-
FCC Wants to Kill Burner Phones By Forcing Telecoms to Get All Customers’ IDs
The FCC wants to legally force telecoms to collect new and renewing customers’ government issued identity number and physical address, impacting everyone from the privacy-consci...
-
Judge Learns Lawyers on Both Sides of Case Used AI, Cancels Trial, Kicks Everyone Off the Case
When two AIs argue against each other, the legal system loses.
-
New Veeam vulnerability exposes backup servers to RCE attacks
Veeam has released security updates to patch a critical Backup & Replication security flaw that can be exploited to gain remote code execution (RCE) on domain-joined backup serv...
-
Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257
We include indicators of activity and mitigations for PAN-OS vulnerability CVE-2026-0257. The post Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257 appeared first on Unit 42.
-
Meta’s face-recognition code raises new concerns about smart glasses
As smart glasses become more capable, concerns about face recognition, covert recording, and biometric surveillance are growing.
-
'Sloppenheimer:' Amazon Employees Mock the Company’s AI on Slack
Amazon employees have a Slack channel for memes where the mock and commiserate about the company’s faulty AI coding product.
-
Rapid7 Gains Access To Anthropic’s Project Glasswing To Explore Frontier AI For Cybersecurity
Wade Woolwine is Senior Director, Product Security at Rapid7.Rapid7 is excited to join Anthropic’s Project Glasswing, which includes access to Claude Mythos Preview, giving our ...
-
Scammers love Meta, according to Lloyds Bank
Facebook, Instagram, and WhatsApp account for more than two thirds of fraud reports made by Lloyds customers.
-
Intellyx Names NETSCOUT to Prestigious 2026 Digital Innovator Award List
Earning industrywide recognition two years in a row is very rewarding. Achieving that same honor six consecutive times makes a statement. Being selected by Intellyx for its 2026...
-
WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine
Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerabilit...
-
Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models
University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way ...
-
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked a...
-
The Hidden Security Risk in Modern Networks: The Work Between Tools
Organizations have more visibility than ever. Growing tech stacks provide greater coverage, and network security teams are increasingly adopting AI and automation to help with r...
-
Update Chrome: Google patches actively exploited vulnerability and 73 others
Google's latest Chrome update fixes 74 security vulnerabilities, including one under active attack.
-
Protecting 50,000 Users: How ANY.RUN Drives Incident Prevention at UMass Boston
Securing a university means defending a highly open environment, where thousands of users, devices, and external connections create constant exposure to risk. We had a unique op...
-
New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing
A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST, needs no nativ...
-
Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer
The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (P...
-
Gartner Security Summit 2026: Huntress 5 Key Takeaways
Resilience, identity, and practical AI led the conversation at Gartner Security & Risk Management Summit 2026. Here are five key takeaways security leaders should act on.
-
When “Hi, This Is IT” Comes Through Microsoft Teams
Attackers are increasingly targeting collaboration platforms like Microsoft Teams. Learn the risks and key steps to strengthen your organization's security. The post When “Hi, T...
-
This Company Will Add Phone, AirPod, and Smartwatch Trackers to License Plate Readers
SignalTrace “links devices that regularly travel together, correlating them to license plate.” It is a surveillance product that will sweep up and add all sorts of Bluetooth and...
-
Critical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751)
OverviewOn June 8, 2026, Check Point published a security advisory for CVE-2026-50751, a critical authentication bypass vulnerability affecting Check Point Remote Access VPN, Mo...
-
Microsoft Hacked to Deliver Malware to Claude and Gemini Users
Microsoft took the highly unusual step of shutting down more than 70 of its own GitHub repositories after hackers pushed malware that would steal credentials from AI coding agent users.
-
Americans lost nearly $900 million to AI-powered scams, FBI says
Deepfakes, voice cloning, and other AI-powered scams cost Americans nearly $900 million in 2025, says the 2025 FBI Internet Crime Report.
-
It’s So Not Over for Hollywood (with Devindra Hardawar)
Emanuel talks to Devindra Hardawar about AI in Hollywood and the state of the movie industry.
-
A Farmer Donated Land to Turn into a Park. The City Is Building a Massive Data Center Instead
In 1999, a farmer gave away 87 acres of land to a small Texas city to use as a park. The city sold to a data center developer for $10 million.
-
Heimdal® Marks Six Years of Consecutive ISAE 3000 SOC 2 Type II Certification
COPENHAGEN, Denmark, June 8, 2026 – Heimdal has achieved ISAE 3000 SOC 2 Type II certification for the sixth consecutive year, reflecting the company’s continued focus on operat...
-
Pirated PC games are delivering password-stealing malware
Cybercriminals are hiding malware in cracked and repacked games, infecting more than 400,000 devices worldwide.
-
A week in security (June 1 – June 7)
A list of topics we covered in the week of June 1 to June 7 of 2026
-
Governing Claude Enterprise in Environments Where Inline Controls Can't Go
TrendAI™ integrates Anthropic's Claude Compliance API into TrendAI Vision One™ through two collectors that bring AI-aware visibility and detection to Claude Enterprise usage: on...
-
Old WinRAR Flaw Fuels Attacks on Ukraine: How Unmanaged Software Keeps the Door Open
Two separate Russia-aligned campaigns are still exploiting the WinRAR flaw CVE-2025-8088 against Ukrainian organizations nearly a year after it was patched, showing how unmanage...
-
Baker Distributing - 102,935 breached accounts
In May 2026, the HVAC/R wholesale distributor Baker Distributing Company was added to the ShinyHunters data extortion group's "pay or leak" site. In early June, the group public...
-
Scientists Discover Hidden Symmetry on Earth That Nobody Can Explain
The north-south albedo symmetry may be fading as both hemispheres get darker.
-
Weekly Metasploit Update: Apache ActiveMQ RCE, Gogs Rebase RCE, and Windows Kernel Pointer Enum
When Open Source is a bit too OpenSeveral fun modules landed this week, including an Apache RCE, Windows Kernel pointer collection, and Gogs RCE via naming. Leading off is Gogs'...
-
ICE’s Plan to Let Cops Around the Country Scan Faces to Verify Immigration Status
ICE plans to give potentially more than a thousand agencies access to a facial recognition app that verifies a person's immigration status.
-
Behind the Blog: Dangerous Memes
This week, we discuss controversial memes, good times at Meta, and more.
-
The U.S. Military Quietly Turned GPS Into a Global ‘Numbers Station,’ Evidence Suggests
A random sequence in an innocuous GPS message field is likely encrypted traffic from the U.S. military's system for remotely updating cryptographic keys around the world.
-
K-pop Fans Are Calling Out Creepy Deepfakes of Idols
With some fans making sexualized AI-generated images and videos of idols, the rest of the fandom is standing up against the behavior.
-
Why Huntress Doesn’t Need FedRAMP
Defense contractors can achieve CMMC compliance without the expense or delays of FedRAMP-authorized cloud services. Discover how Huntress uses Sensitive Data Mode for logical se...
-
Leader in Malware Analysis: ANY.RUN Named Top Vendor in G2 Summer 2026 Awards
We are proud to announce that ANY.RUN has earned the title of Momentum Leader and ranked #1 in the Relationship Index in the latest G2 Summer Reports. Reflecting real security t...
-
AI: Threat, tool, or both?
Public concern about AI is rising. We look at what's driving it, and why cybersecurity occupies a unique place in this debate.
-
BCD Travel - 396,313 breached accounts
In May 2026, the corporate travel management company BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from BCD wa...
-
Reporting from Vegas: Networking, AI, and good boys
Joe’s on-the-ground report from Cisco Live U.S. is here, complete with therapy dog pictures and tips on handling conference overstimulation.
-
Cyber Strategy at the AI Frontier: President Trump Releases Executive Order to Promote Advanced Artificial Intelligence Innovation and Security
On June 2, 2026, President Trump issued the Executive Order, Promoting Advanced Artificial Intelligence Innovation and Security. The Executive Order carries forward several prio...
-
How the “Swiss Cheese” model can help you choose the right MDR provider
Not all managed detection and response (MDR) solutions are equal. Finding the differences between vendors can be quite hard, and then understanding how those differences impact ...
-
Winning the cyber marathon with Tony Giandomenico
Tony Giandomenico, Senior Director of Product Management, joins Amy to discuss the Talos Threat Hunting launch what he's excited about for the future of cybersecurity, and, of c...
-
How to Operationalize Threat Hunting with NETSCOUT, SIEM, XDR, EDR, and SOAR
Threat hunting does not fail because security teams lack tools. It fails because the tools are often used as separate workspaces instead of connected parts of the same investiga...
-
Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting
Learn how Cisco Talos Threat Hunting uses hypothesis-driven methods and multi-domain telemetry correlation to find stealthy threats operating below automated detection thresholds.
-
Travel scams are everywhere. Here’s how to avoid them
Learn how to spot travel scams, avoid risky bookings, and keep your personal information out of the wrong hands.
-
Q1 2026 Cyber Risk Report: Insights from 2.1 Million Malware and Phishing Investigations
Based on 2,101,483 malware and phishing investigations from Q1 2026, ANY.RUN‘s Cyber Risk report provides a real-world view of modern attack trends. It covers trending malware f...
-
Meta’s AI support bot happily handed Instagram accounts to hackers
Hackers convinced an AI support bot to hand over Instagram accounts by changing recovery email addresses.
-
DentaQuest - 2,553,599 breached accounts
In May 2026, the dental benefits administrator DentaQuest was the target of a ShinyHunters "pay or leak" extortion campaign that resulted in the group publicly publishing hundre...
-
We found this fake-invoice campaign while scammers were still building it
Invoices pretending to be from Amazon, PayPal, and others reveal how criminals use fear and phone calls to steal money and devices.
-
A Day in the Life of an MDR Analyst: Inside the Modern SOC
What actually happens inside a SOC when an incident unfolds? Most teams see the alerts and the outcomes, but the decision-making in between is often less visible.At the Rapid7 2...
-
Backup operations at scale: Turning "green" indicators into recovery readiness
During disruptions — ransomware, outages or accidental deletions — what matters is whether recoverable points exist, how recent they are, and whether restores can be performed q...
-
Inside .NET Loader Analysis: From Malspam to In-Memory Loader
A malspam campaign abusing Google's DoubleClick delivers the loader through a five-stage chain that evades detection and blinds Windows telemetry before persisting
-
Solving Network Blind Spots Created by Massive Data Silos
“Dump everything first, structure it later” is a risky data migration strategy. In a large enterprise, moving petabytes across a network is nerve-racking and expensive, so many ...
-
Keep getting calls from questionable numbers? Meet Scam Number Check
Scam Number Check lets you quickly check whether a number has been linked to scams before you call back, share information, or send money.
-
Release Notes: Decision-Ready SOC Reporting, Elastic Security Integration, and 1400+ Threat Coverage Updates
Security leaders are under growing pressure to reduce the time between threat detection and response without adding more complexity to already overloaded SOC workflows. ANY.RUN’...
-
Infostealers are becoming the go-to phishing payload
Cybercriminals prefer infostealers to traditional phishing techniques because they reduce friction, scale well, and are widely available.
-
These convincing copyright notices are designed to steal Google logins
Scammers use fake takedown requests, countdown timers, and spoofed sign-in screens to steal Google logins from Chrome developers.
-
The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2)
Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more. The post The npm Threat Landscape: Attac...
-
Unpatched NTLM Leakage in Windows search: URI Handler, Same Bug, No CVE, No Fix
The same NTLM leakage primitive that got patched in the Snipping Tool exists in Windows Explorer's search: handler. No CVE. No fix. If your patching relies on CVE coverage, you ...
-
Unpatched NTLM Coercion in Windows search: URI Handler, Same Bug, No CVE, No Fix
The same NTLM coercion primitive that got patched in the Snipping Tool exists in Windows Explorer's search: handler. No CVE. No fix. If your patching relies on CVE coverage, you...
-
The Self-Healing Network: Why Your AI Strategy Needs a Neutral Lens
In the race to 5G-Advanced and 6G, the “self-healing network” has moved from a whiteboard concept to a boardroom mandate. For next-generation networks, the promise is clear: an ...
-
From Fake Purchase Orders to Remote Access: Analyzing the JS.MonoGlyphRAT Threat to US Enterprises
A previously unidentified cyberattack is quietly spreading through US businesses — and most security tools are not catching it. Researchers at ANY.RUN have identified a new back...
-
Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor
Operation FlutterBridge is a malvertising campaign targeting macOS users. It distributed the new backdoor FlutterShell, built using the Flutter framework. The post Operation Flu...
-
Risk Analysis in the Crosshairs: Four Recent Ransomware Resolutions Preview the HIPAA Security Rule Amendments
On April 23, 2026, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) announced resolution agreements and corrective action plans with four re...
-
Why most DR deployments may not survive a real disaster
This report examines the disaster recovery (DR) readiness across the Acronis Cyber Protect Cloud platform, managing thousands of DR deployments across dozens of data centers wor...
-
CVE-2026-0826: How an Old Bug Can Feed AI-Powered Impersonation
One of the more persistent myths in security is that old bug classes become old problems. They don’t. They just show up in different places, under different conditions, and usua...
-
CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED)
OverviewRapid7 Labs conducted a zero-day research project against an HP Poly VVX 450 Voice over Internet Protocol (VoIP) phone. This research resulted in the discovery of a crit...
-
Rapid7 and Exclusive Networks Expand Partnership Across the Nordics
Building stronger cybersecurity outcomes togetherThe cybersecurity landscape across the Nordics is evolving rapidly. Organizations are facing increasing pressure to modernize se...
-
Edmunds - 177,860 breached accounts
In January 2026, the automotive research and car-shopping platform Edmunds was listed by the ShinyHunters hacking group as having been breached. Data purportedly obtained in the...
-
Pwn2Own Berlin 2026: On the Ground With TrendAI™ ZDI's Biggest AI Showdown Yet
47 zero-days fell at Pwn2Own Berlin 2026 for US$1,298,250 in payouts. TrendAI™ was on the ground all three days — here's what we saw.
-
Atlas Menu - 63,926 breached accounts
In May 2026, the GTA V and CS2 cheat service Atlas Menu suffered a data breach. An attacker claimed to have gained access to all Atlas systems and published the service's databa...
-
Metasploit Wrap Up 05/29/2026
More Linux LPEsHark the age of the Linux LPE has arrived. This week’s release follows up on recent work bringing new Linux LPEs to Metasploit users. Copy Fail seemed to have kic...
-
Rapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)
OverviewOn May 13, 2026, Palo Alto Networks published a security advisory for CVE-2026-0257, a medium severity authentication bypass affecting PAN-OS and Prisma Access when a sp...
-
Does It Feel Like a Stormy Season in Your Cloud?
How successful do IT teams feel they are at managing networking and security in the public cloud? Just over a third (36 percent) of IT professionals surveyed think their organiz...
-
Charter - 4,851,517 breached accounts
In May 2026, the telecommunications company Charter Communications (the parent company behind the consumer broadband and cable brand Spectrum) was named by the ShinyHunters grou...
-
Less panic patching, more precision
In this newsletter, Thor breaks down why you should stop relying solely on CVSS and start using EPSS and GCVE to focus your patching efforts on the threats that actually matter.
-
New York Department of Financial Services Issues Coordinated Guidance on Frontier AI Cybersecurity Risks
On May 21, 2026, the New York State Department of Financial Services (“DFS”) issued two coordinated Industry Letters: a letter on Heightened Cybersecurity Risks Associated with ...
-
Experts on Experts: Why Compliance is becoming Continuous
This week on Experts on Experts, I’m joined by Sergio Alonso – Rapid7’s Director of Trust, Risk, and Compliance – to talk about how compliance is changing and why many security ...
-
CVE-2026-52806: Authenticated RCE via Argument Injection in Gogs (FIXED as of June 7, 2026)
OverviewRapid7 Labs discovered a critical argument injection (CWE-88) vulnerability in Gogs, a popular open-source self-hosted Git service, tracked as CVE-2026-52806. Rapid7 Lab...
-
2026 World Cup: Discussing The World’s Biggest Game’s Attack Surface
The 2026 World Cup presents major cyber risks from ransomware groups, state-aligned actors, and other groups targeting critical infrastructure. Learn more here. The post 2026 Wo...
-
DICOM, Pydicom, GDCM, and Orthanc: A technical tour of what really happens in the heap
This white paper presents a concrete case study demonstrating the creation of a heap overflow vulnerability through the exploitation of the DICOM file format.
-
Kemper - 269,299 breached accounts
In April 2026, the American insurance holding company Kemper Corporation was named by the ShinyHunters ransomware group in a "pay or leak" extortion campaign. The attackers alle...
-
Your Profile Is a Dossier. Here's Who's Reading It.
Your social media profiles are an attacker's dossier. Learn how attackers use public data to build attack playbooks and what you can do to give them less to work with.
-
Out of the Crypt: The Evolving Cyber Extortion Economy
Unit 42 explores trends in data theft and extortion, outlining key strategies for organizations as frontier AI models advance. The post Out of the Crypt: The Evolving Cyber Exto...
-
Chambers 2026 Global Practice Guide for Artificial Intelligence
The Chambers 2026 Global Practice Guide for Artificial Intelligence provides the latest legal information on the rapidly evolving AI landscape, covering the commercial use of AI...
-
MediaArea heap-based buffer overflow vulnerabilities
Talos researchers find 4 heap-based buffer overflow vulnerabilities in MediaArea's MediaInfoLib.
-
Before Your MSP Chases CMMC, Take an Honest Look at Your Operations
CMMC is an operating model, not a checklist. Before chasing defense work, audit your MSP's internal operations, including access controls and data handling, to ensure you’re rea...
-
Four AI Trends Transforming Network Operations
The old way used to be all about observability, dashboards, aggregated KPIs, human correlation, and manual intervention. That world is changing with AI. — Donogh O’Reilly, Vice ...
-
Inside ANY.RUN’s 10-Year Evolution: An Interview with CEO Aleksey Lapshin
What happens when a malware analyst decides to build a product he always wished he had? The case of ANY.RUN tells us that ten years later it may turn into an industry-standard s...
-
Introducing EvidenceForge: Synthetic security logs that don’t look (as) fake
EvidenceForge generates high-quality, realistic, and consistent datasets across multiple log formats, enabling teams to effectively train personnel and validate detection models...
-
Mytheresa - 84,108 breached accounts
In April 2026, the luxury fashion e-commerce platform Mytheresa was listed as a victim of the ShinyHunters "pay or leak" extortion group. After the ransom deadline passed, the g...
-
Ameriprise - 502,597 breached accounts
In March 2026, the financial services firm Ameriprise Financial was named by the ShinyHunters group in a "pay or leak" extortion campaign. The group claimed possession of more t...
-
How Security Leaders Cut Through Complexity to Drive Better Outcomes
Security leaders are operating in an environment that is only getting more complex. Expanding attack surfaces, rapid AI adoption, growing toolsets, and increasing pressure to re...
-
Major Cyber Attacks in May 2026: Fake Invitations, Agent Tesla, BlobPhish, and More
May 2026 showed how fast routine business activity can turn into real security exposure. ANY.RUN observed phishing campaigns, fileless malware delivery, credential theft, OTP in...
-
From Cookies to Keys: The Threat of Session Hijacking
See how session hijacking reshaped cyber threats. Learn how stolen tokens enable rapid breaches, bypass security, and impact enterprise protection.
-
Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet
TrendAI™ Research analyzed an intrusion where threat actors used the EtherHiding technique to route ClearFake payload delivery through smart contracts on the BNB Smart Chain tes...
-
7-Eleven - 185,256 breached accounts
In April 2026, 7-Eleven was the victim of a "pay or leak" extortion campaign by ShinyHunters, with the data later published that month. The incident exposed 185k unique email ad...
-
Emulating the Gentlemen Ransomware
AttackIQ has released two new assessments that emulate the behaviors of The Gentlemen ransomware, a cross-platform threat that emerged around July 2025. The group employs a doub...
-
Is my use case a high-risk AI system? Applying the Commission’s guidelines and next steps
The EU Commission’s long-awaited guidelines on high-risk AI systems were published on 19 May 2026. This is the promised explainer on what is – and is not – a high-risk AI system...
-
Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns
Unit 42 details Screening Serpens' use of AppDomainManager hijacking and new RAT variants to target tech and defense sectors in recent campaigns. The post Tracking Iranian APT S...
-
Paved With Intent: ROADtools and Nation-State Tactics in the Cloud
Open-source framework ROADtools is being misused by threat actors for cloud intrusions. Learn how to identify its malicious use. The post Paved With Intent: ROADtools and Nation...
-
Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware
Void Dokkaebi, a North Korea-aligned intrusion set, has updated its information-stealing malware, InvisibleFerret, shifting its delivery format to evade script-based detections.
-
When AI becomes the cyber attacker: Mythos and what comes next
Anthropic’s April 7, 2026 announcement that it built a model too powerful for public consumption, Claude Mythos Preview (Mythos), marks a notable moment for the legal, complianc...
-
The art of being ungovernable
In this edition of the Threat Source newsletter, William explores the value of being "ungovernable" in a professional setting, sharing how challenging the status quo and seeking...
-
How Huntress Uses Managed SIEM to Detect Threats Faster
See how Huntress uses Managed SIEM to detect threats faster, hunt smarter, and deliver comprehensive protection across endpoints, identities, and infrastructure.
-
Automation and scripting in SMBs: Trends, challenges and what actually works
Most IT teams recognize the value of automation, yet in practice, many remain reactive, spending most of their time on tickets and outages rather than building automation. Organ...
-
The Gentleman Ransomware | Defense Evasion TTPs Uncovered | Huntress
Two recent incidents involving The Gentlemen ransomware show the use of defense evasion tactics, including logs being cleared and attempts to add antivirus exclusions.
-
Dragonica Lunaris - 126,293 breached accounts
In December 2025, the European Dragonica private server Dragonica Lunaris suffered a data breach. The incident exposed 126k email addresses, usernames, dates of birth and bcrypt...
-
Windows93 / Myspace93 - 46,105 breached accounts
In January 2021, the parody site Windows93 suffered a data breach of the Myspace93 sub-site after a beta application was exploited to download server files. The compromised data...
-
Colorado’s new AI governance law
We recently published an alert that highlights Colorado’s new artificial intelligence (AI) governance law. After X.AI sued to enjoin enforcement of Colorado’s first AI governanc...
-
Build Your Cybersecurity Profile: Introducing the AttackIQ Champions Program
The AttackIQ Champions Program recognizes practitioners who promote threat-informed defense and the principles behind operationalizing MITRE ATT&CK. Publish content, get early a...
-
The 1 A.M. Cloud Migration Meltdown
A lead architect for a global bank sits in a dark office at 1:00 a.m. Two hours ago, her team finished a final migration cutover, moving the bank’s core lending application from...
-
Inside the RaaS Ecosystem: Operators, Affiliates & Attack Tradecraft | Huntress
The ransomware name on the ransom note doesn't tell the full story. See how RaaS affiliates drive initial access, persistence, and exfiltration and what defenders should watch for.
-
How Can MSSPs Scale Threat Detection Without Burning Out Their Analysts?
Scaling threat detection as an MSSP doesn’t mean hiring more analysts — it means enabling the analysts you already have to handle more clients, more alerts, and more complex thr...
-
Tracking TamperedChef Clusters via Certificate and Code Reuse
Unit 42 analyzes TamperedChef malware clusters that use trojanized productivity apps and malvertising to deliver stealthy payloads to targets. The post Tracking TamperedChef Clu...
-
TP-Link, Photoshop, OpenVPN, Norton VPN vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed eight vulnerabilities in TP-Link, and one each in Adobe Photoshop, OpenVPN, and Gen Digital's Norton VPN.
-
Top 5 Phishing-Driven Social Engineering Attacks on Companies in 2026
Your employees are not falling for “bad grammar” phishing anymore. They are being pulled into fake Microsoft logins, banking pages, AI tool instructions, real OAuth flows, and e...
-
From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat
Cisco Talos has uncovered a BadIIS variant — identifiable by its embedded "demo.pdb" strings — that functions as commodity malware, likely sold or shared among multiple Chinese-...
-
Exposed RDP: The Misconfiguration Attackers Keep Exploiting
Exposed RDP is still one of the most reliable ways attackers get in and most teams don't know it's open. See real cases where it was caught before it became a catastrophe.
-
CTT - 468,124 breached accounts
In April 2026, data allegedly obtained from CTT, Portugal's national postal service, was posted to a public hacking forum. The data included 468k unique email addresses along wi...
-
Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud
In this blog entry, researchers from the TrendAI™ MDR team discuss how they mapped the full end-to-end operation of SHADOW-WATER-063’s Banana RAT banking malware by analyzing se...
-
Addi - 34,532,941 breached accounts
In March 2026, the Colombian fintech company Addi identified unauthorised activity on its platform and advised customers that "it is possible that your personal information may ...
-
Communication Service Provider Supports Banking Application Success Across International Borders
Today’s communication service providers (CSPs) sit at the center of some of the world’s most demanding digital services—none more mission critical than international mobile bank...
-
Threat Actor Defense Evasion: How Attackers Disable AV & EDR
Threat actors are actively targeting your security tools. Learn how threat actors disable antivirus and EDR through vulnerable drivers, tampering attacks, and malicious firewall...
-
Agentic Governance: Why It Matters Now
AI agents now act inside the trust boundary with real credentials, and agentic governance is what keeps them from quietly breaking things at machine speed.
-
19 Cloud Security Challenges and How to Mitigate Risk | Huntress
Learn about some of the most common cloud security challenges facing modern businesses today, plus why it matters for you and your employees.
-
(X) Most Common Passwords to Compromise Security in 2026
Discover the most common passwords that put you and your business at risk, and get easy tips to improve your password security.
-
Defending Against DDoS Attacks at Scale
For global financial institutions, digital availability is not optional—it is foundational to trust, revenue, and regulatory compliance. When customer-facing services are expect...
-
Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files
Unit 42 analyzes the evolution of Gremlin stealer. This variant uses advanced obfuscation, crypto clipping and session hijacking to compromise data. The post Gremlin Stealer's E...
-
What Is Single Sign-On? The Practical Guide | Huntress
Learn what single sign-on (SSO) login is, how it’s used in role management and cybersecurity, and how to set it up at your organization.
-
Strong Stack. Strong Team. Real Security Resilience.
Learn how to build a resilient security stack and program that cuts alert noise, strengthens identity defense, and helps teams respond faster.
-
The time of much patching is coming
In this week’s newsletter, Martin reflects on what the next iteration of AI tools means for vulnerability discovery and our ability to manage large-scale patch releases.
-
13 Cybersecurity Frameworks for 2026 and How to Choose What's Best for You
Discover some of the most common cybersecurity frameworks by what they’re best for, plus tips for choosing the right one for your organization.
-
Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities
Cisco Talos is tracking the active exploitation of CVE-2026-20182, an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco ...
-
AI-Driven Workflow Automation Is the New North Star for Communication Service Providers
As we transition through the complexities of 5G standalone architectures, network slicing, and edge computing, the sheer volume of operational data has surpassed the limits of h...
-
Panic at the Distro
Learn how critical Linux kernel flaws in CopyFail, Dirty Frag, and Fragnesia let unprivileged users escalate to root access. See what security teams can do to remediate.
