HOT NEWS 2026 MAY January(174) February(168) March(221) April(222) May(111) June(0) July(0) August(0) September(0) October(0) November(0) December(0) | HOT NEWS 2026 HOT NEWS 2025 HOT NEWS 2024
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
| 13.5.26 | CVE-2026-42826 | (CVSS score: 10.0) - An exposure of sensitive information to an unauthorized actor in Azure DevOps that allows an unauthorized attacker to disclose information over a network. (Requires no customer action) | VULNEREBILITY | VULNEREBILITY |
| 13.5.26 | CVE-2026-33109 | (CVSS score: 9.9) - An improper access control in Azure Managed Instance for Apache Cassandra that allows an authorized attacker to execute code over a network. (Requires no customer action) | VULNEREBILITY | VULNEREBILITY |
| 13.5.26 | CVE-2026-42898 | (CVSS score: 9.9) - A code injection vulnerability in Microsoft Dynamics 365 (on-premises) that allows an authorized attacker to execute code over a network. | VULNEREBILITY | VULNEREBILITY |
| 13.5.26 | CVE-2026-42823 | (CVSS score: 9.9) - An improper access control in Azure Logic Apps that allows an authorized attacker to elevate privileges over a network. | VULNEREBILITY | VULNEREBILITY |
| 13.5.26 | CVE-2026-41089 | (CVSS score: 9.8) - A stack-based buffer overflow in Windows Netlogon that allows an unauthorized attacker to execute code over a network without needing to sign in or have prior access by sending a specially crafted network request to a Windows server that is acting as a domain controller. | VULNEREBILITY | VULNEREBILITY |
| 13.5.26 | CVE-2026-33823 | (CVSS score: 9.6) - An improper authorization in Microsoft Teams that allows an authorized attacker to disclose information over a network. (Requires no customer action) | VULNEREBILITY | VULNEREBILITY |
| 13.5.26 | CVE-2026-35428 | (CVSS score: 9.6) - A command injection vulnerability in Azure Cloud Shell that allows an unauthorized attacker to perform spoofing over a network. (Requires no customer action) | VULNEREBILITY | VULNEREBILITY |
| 13.5.26 | CVE-2026-40379 | (CVSS score: 9.3) - An exposure of sensitive information to an unauthorized actor in Azure Entra ID that allows an unauthorized attacker to perform spoofing over a network. (Requires no customer action) | VULNEREBILITY | VULNEREBILITY |
| 13.5.26 | CVE-2026-40402 | (CVSS score: 9.3) - A user-after-free in Windows Hyper-V that allows an unauthorized attacker to gain SYSTEM privileges and access the Hyper-V host environment. | VULNEREBILITY | VULNEREBILITY |
| 13.5.26 | CVE-2026-41103 | (CVSS score: 9.1) - An incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence that allows an unauthorized attacker to gain unauthorized access to Jira or Confluence as a valid user and perform actions with the same permissions as the compromised account. | VULNEREBILITY | VULNEREBILITY |
| 13.5.26 | CVE-2026-33117 | (CVSS score: 9.1) - An improper authentication in Azure SDK that allows an unauthorized attacker to bypass a security feature over a network. | VULNEREBILITY | VULNEREBILITY |
| 13.5.26 | CVE-2026-42833 | (CVSS score: 9.1) - An execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) that allows an authorized attacker to execute code over a network and gain the ability to interact with other tenant’s applications and content. | VULNEREBILITY | VULNEREBILITY |
| 13.5.26 | CVE-2026-33844 | (CVSS score: 9.0) - An improper input validation in Azure Managed Instance for Apache Cassandra that allows an authorized attacker to execute code over a network. (Requires no customer action) | VULNEREBILITY | VULNEREBILITY |
| 13.5.26 | CVE-2026-40361 | (CVSS score: 8.4) - A use-after-free vulnerability in Microsoft Office Word that allows an unauthorized attacker to execute code locally without requiring user interaction. | VULNEREBILITY | VULNEREBILITY |
| 13.5.26 | CVE-2026-40364 | (CVSS score: 8.4) - A type confusion vulnerability in Microsoft Office Word that allows an unauthorized attacker to execute code locally without requiring user interaction. | VULNEREBILITY | VULNEREBILITY |
| 13.5.26 | FamousSparrow | FamousSparrow APT Targets Azerbaijani Oil and Gas Industry | APT | APT |
| 13.5.26 | GemStuffer Campaign | GemStuffer Campaign Abuses RubyGems as Exfiltration Channel Targeting UK Local Government | CAMPAIGN | CAMPAIGN |
| 13.5.26 | Operation NoVoice | Operation NoVoice: Android Malware Found in 50+ Apps Can Hijack Devices | OPERATION | OPERATION |
| 12.5.26 | Google ad for Claude leads to macOS malware infection | Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website. | MALWARE TRAFFIC | MALWARE TRAFFIC |
| 12.5.26 | macOS Shub Stealer infection | Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website. | MALWARE TRAFFIC | MALWARE TRAFFIC |
| 12.5.26 | dnsmasq contains several vulnerabilities, including attacker DNS redirect, privilege escalation, and heap manipulation | dnsmasq is affected by multiple memory safety and input validation vulnerabilities, including heap buffer overflows, heap corruption, and code execution flaws. Collectively, these vulnerabilities enable attackers to poison cached DNS records, bypass security controls, crash the dnsmasq process, or under certain conditions, achieve local privilege escalation. dnsmasq has released version 2.92rel2 to fix the vulnerabilities. | ALERT | ALERT |
| 12.5.26 | Casdoor contains Arbitrary File Write vulnerability | Casdoor contains an arbitrary file write vulnerability in the implementation of its "Local File System" storage provider. Due to insufficient sanitization of user-supplied paths, an authenticated user with file upload permissions can escape the intended storage directory and write files elsewhere on the target filesystem. | ALERT | ALERT |
| 12.5.26 | Mini Shai-Hulud | Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, including Mistral and Tanstack | MALWARE | PYTHON |
| 12.5.26 | TrickMo | New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps | MALWARE | ANDROID |
| 12.5.26 | Actively Exploits CVE-2026-41940 | CVE-2026-41940 is a high-severity unauthenticated authentication bypass vulnerability affecting cPanel & WHM. This product is widely used in Linux server operations and virtual hosting management. | EXPLOIT | EXPLOIT |
| 11.5.26 | ClickFix distributing Vidar Stealer via WordPress targeting Australian infrastructure | The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) has observed ClickFix associated activity leveraging WordPress hosted infrastructure to distribute the Vidar Stealer malware. | REPORT | REPORT |
| 11.5.26 | CVE-2026-26956 | WASM Sandbox Escape | VULNEREBILITY | VULNEREBILITY |
| 11.5.26 | CVE-2026-20188 | A vulnerability in the connection-handling mechanism of Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to an inadequate implementation of rate-limiting on incoming network connections. | VULNEREBILITY | VULNEREBILITY |
| 11.5.26 | Acronis Cyberthreats Report, H2 2025: From exploits to malicious IA |
The Acronis Cyberthreats Report covers the global threat
landscape as encountered by the Acronis Threat Research Unit (TRU) and Acronis sensors in the second half of 2025. General threat data (including malware, ransomware, web and email threats, vulnerabilities, etc.) presented in the report is gathered from January–December of 2025 and reflects threats targeting endpoints we observed in this time frame. |
REPORT | REPORT |
| 11.5.26 | State of the SOFTWARE SUPPLY CHAIN 2026 | The Limits of Legacy Vulnerability Management | REPORT | REPORT |
| 11.5.26 | Legitimate | “Legitimate” phishing: how attackers weaponize Amazon SES to bypass email security | PHISHING | PHISHING |
| 11.5.26 | CVE-2023-43896 | A buffer overflow in Macrium Reflect 8.1.7544 and below allows attackers to escalate privileges or execute arbitrary code. | VULNEREBILITY | VULNEREBILITY |
| 11.5.26 | FEMITBOT | Abuse of Telegram Mini Apps for Large-Scale Fraud Campaigns | REPORT | REPORT |
| 11.5.26 | CVE-2026-7482 | Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and server/quantization.go (WriteTo()), the server reads past the allocated heap buffer. | VULNEREBILITY | VULNEREBILITY |
| 9.5.26 | Linux kernel contains local privilege escalation vulnerability (Copy Fail) | A privilege escalation vulnerability has been discovered in Linux kernel versions version 4.17 (released 2017) and later. Many popular distributions and Linux-based containers are affected. This vulnerability was publicly disclosed on April 29, 2026, has been assigned CVE ID CVE-2026-31431, and is commonly referred to as "Copy Fail." | ALERT | ALERT |
| 9.5.26 | DirtyFrag vulnerability - CVE-2026-43284 / CVE-2026-43500 | Just a week after the disclosure of the CopyFail (CVE-2026-31431) vulnerability, a second Linux kernel critical flaw has been discovered with public technical details and proof-of-concept code released publicly. Dubbed Dirty Frag, the vulnerability chains two distinct kernel bugs: CVE-2026-43284 (ESP subsystem) and CVE-2026-43500 (RxRPC subsystem). | ALERTS | VULNEREBILITY |
| 9.5.26 | macOS infostealer delivery campaign leverages ClickFix techniques | Microsoft researchers have identified an evolving macOS infostealer campaign that leverages "ClickFix" tactics to compromise users. Rather than relying on traditional methods like malicious disk images (.dmg files), attackers now embed deceptive instructions within public blogs and user-generated content sites. These sites trick victims into executing specific Terminal commands under the guise of installing system optimization utilities. | ALERTS | VIRUS |
| 9.5.26 | Unpacking UAT-8302: A New Arsenal of China-Nexus Malware | Cisco Talos has uncovered UAT-8302, a sophisticated China-nexus threat group aggressively targeting government entities, primarily observed in Europe and South America. This actor utilizes an extensive toolkit of custom malware, notably the .NET-based NetDraft backdoor, which leverages MS Graph for stealthy command-and-control. Their arsenal further includes CloudSorcerer v3, a refined backdoor that manipulates legitimate platforms like GitHub to retrieve operational instructions | APT | |
| 9.5.26 | Supply Chain Alert: DAEMON Tools Installers Compromised | Security researchers at Kaspersky have uncovered a sophisticated supply chain attack targeting DAEMON Tools, where legitimate installers were trojanized with a multi-stage backdoor. Since April 2026, compromised binaries signed with valid certificates have deployed an initial information collector to thousands of global victims. | ALERTS | VIRUS |
| 9.5.26 | ShadowPad Resurfaces in State Espionage Campaign Targeting Asian Governments | Trend Micro researchers recently identified SHADOW-EARTH-053, a China-aligned espionage group targeting Asian government sectors. The campaign centers on the modular ShadowPad malware, often deployed through DLL sideloading using legitimate signed executables. Attackers establish initial persistence via GODZILLA web shells before utilizing registry-based loaders to execute shellcode covertly. | ALERTS | CAMPAIGN |
| 9.5.26 | Tax Lures Deliver ValleyRAT and ABCDoor | Researchers at Kaspersky recently published an article on a Silver Fox campaign in which the actor used tax-themed phishing lures against organizations in India and Russia, impersonating official tax authorities to push victims toward malicious archives. Per their analysis, the campaign used a custom RustSL loader, ValleyRAT, and a Python-based backdoor dubbed ABCDoor. | VIRUS | |
| 9.5.26 | CVE-2026-29201 | (CVSS score: 4.3) - An insufficient input validation of the feature file name in the "feature::LOADFEATUREFILE" adminbin call that could result in an arbitrary file read. | VULNEREBILITY | VULNEREBILITY |
| 9.5.26 | CVE-2026-29202 | (CVSS score: 8.8) - An insufficient input validation of the "plugin" parameter in the "create_user API" call that could result in arbitrary Perl code execution on behalf of the already authenticated account's system user. | VULNEREBILITY | VULNEREBILITY |
| 9.5.26 | CVE-2026-29203 | (CVSS score: 8.8) - An unsafe symlink handling vulnerability that allows a user to modify access permissions of an arbitrary file using chmod, resulting in denial-of-service or possible privilege escalation. | VULNEREBILITY | VULNEREBILITY |
| 9.5.26 | TCLBANKER | TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook | MALWAREs | BANKING |
| 9.5.26 | CallPhantom tricks | Fake call logs, real payments: How CallPhantom tricks Android users | HACKING | HACKING |
| 9.5.26 | Operation GriefLure | Table of Contents: Introduction: Key Targets: Infection Chain: Initial Findings about Campaign: Analysis of Decoys: Technical Analysis: Campaign-1: Stage-1: Ho so.rar Campaign: 2 Stage-1: download.zip Stage-2: The LNK & Batch file (Common in 1 & 2 both) Stage-3: Analysis | OPERATION | OPERATION |
| 9.5.26 | Operation Silent Rotor | Operation Silent Rotor: Targeted Campaign Compromises Unmanned Aviation Sector Ahead of Moscow Summit Table of Content Introduction Key Targets Industries Affected Geographical focus Infection Chain Initial Findings Looking into the Decoy Documents Technical Analysis Stage 1 – Analysis of... | OPERATION | OPERATION |
| 9.5.26 | Operation HumanitarianBait | Cyble analyzes Operation HumanitarianBait, a stealthy espionage campaign using aid-themed lures to deploy a fileless Python infostealer. | OPERATION | OPERATION |
| 8.5.26 | Dirty Frag | Dirty Frag (CVE-2026-43284, CVE-2026-43500) vulnerability fix is ready for testing | VULNEREBILITY | VULNEREBILITY |
| 8.5.26 | Plague | ‘Plague’ malware exploits Pluggable Authentication Module to breach Linux systems | MALWARE | EXPLOIT |
| 8.5.26 | PamDOORa | PamDOORa: Analyzing a New Linux PAM-Based Backdoor for Sale on the Dark Web | MALWARE | BACKDOOR |
| 8.5.26 | Quasar Linux | Quasar Linux (QLNX) – A Silent Foothold in the Supply Chain: Inside a Full-Featured Linux RAT With Rootkit, PAM Backdoor, Credential Harvesting Capabilities | MALWARE | RAT |
| 8.5.26 | CVE-2026-6973 | An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution. | VULNEREBILITY | VULNEREBILITY |
| 8.5.26 | PCPJack | PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials at Scale | MALWARE | WORM |
| 7.5.26 | CVE-2026-24118 | (CVSS score: 9.8) - A vulnerability that allows sandbox escape via "__lookupGetter__" and permits an attacker to run arbitrary code on the underlying host. (Affects versions <= 3.10.4, patches in 3.11.0) | VULNEREBILITY | VULNEREBILITY |
| 7.5.26 | CVE-2026-24120 | (CVSS score: 9.8) - A patch bypass for CVE-2023-37466 (CVSS score: 9.8) that could allow attackers to escape the sandbox through the species property of promise objects and execute arbitrary commands on the underlying host. (Affects versions <= 3.10.3, patched in 3.10.5) | VULNEREBILITY | VULNEREBILITY |
| 7.5.26 | CVE-2026-24781 | (CVSS score: 9.8) - A vulnerability that allows sandbox escape via the "inspect" function and permits an attacker to run arbitrary code on the underlying host. (Affects versions <= 3.10.3, patches in 3.11.0) | VULNEREBILITY | VULNEREBILITY |
| 7.5.26 | CVE-2026-26332 | (CVSS score: 9.8) - A vulnerability that allows sandbox escape via "SuppressedError" and permits an attacker to run arbitrary code on the underlying host. (Affects versions <= 3.10.4, patches in 3.11.0) | VULNEREBILITY | VULNEREBILITY |
| 7.5.26 | CVE-2026-26956 | (CVSS score: 9.8) - A protection mechanism failure vulnerability that allows sandbox escape with arbitrary code execution by triggering a TypeError produced by Symbol-to-string coercion. (Affects version 3.10.4, confirmed on Node.js 25.6.1, patched in 3.10.5) | VULNEREBILITY | VULNEREBILITY |
| 7.5.26 | CVE-2026-43997 | (CVSS score: 10.0) - A code injection vulnerability that allows an attacker to obtain the host Object and escape the sandbox, leading to arbitrary code execution. (Affects versions <= 3.10.5, patched in 3.11.0) | VULNEREBILITY | VULNEREBILITY |
| 7.5.26 | CVE-2026-43999 | (CVSS score: 9.9) - A vulnerability that allows a bypass of NodeVM's built-in allowlist and enables an attacker to load excluded builtins like child_process and achieve remote code execution. (Affects version 3.10.5, patched in 3.11.0) | VULNEREBILITY | VULNEREBILITY |
| 7.5.26 | CVE-2026-44005 | (CVSS score: 10.0) - A vulnerability that allows attacker-controlled JavaScript to escape the sandbox and enable prototype pollution. (Affects versions 3.9.6-3.10.5, patched in 3.11.0) | VULNEREBILITY | VULNEREBILITY |
| 7.5.26 | CVE-2026-44006 | (CVSS score: 10.0) - A code injection vulnerability via "BaseHandler.getPrototypeOf" that enables sandbox escape and remote code execution. (Affects versions <= 3.10.5, patched in 3.11.0) | VULNEREBILITY | VULNEREBILITY |
| 7.5.26 | CVE-2026-44007 | (CVSS score: 9.1) - An improper access control vulnerability that allows sandbox escape and execution of arbitrary operating system commands on the underlying host. (Affects versions <= 3.11.0, patched in 3.11.1) | VULNEREBILITY | VULNEREBILITY |
| 7.5.26 | CVE-2026-44008 | (CVSS score: 9.8) - A vulnerability that allows sandbox escape via "neutralizeArraySpeciesBatch()" and permits an attacker to execute arbitrary commands on the underlying host. (Affects versions <= 3.11.1, patched in 3.11.2) | VULNEREBILITY | VULNEREBILITY |
| 7.5.26 | CVE-2026-44009 | (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an attacker to execute arbitrary commands on the underlying host. (Affects versions <= 3.11.1, patched in 3.11.2) | VULNEREBILITY | VULNEREBILITY |
| 7.5.26 | ZiChatBot | While these wheel packages do implement the features described on their PyPI web pages, their true purpose is to covertly deliver malicious files. | MALWARE | Python |
| 7.5.26 | OceanLotus | OceanLotus suspected of using PyPI to deliver ZiChatBot malware | APT | APT |
| 7.5.26 | xlabs_v1 | xlabs_v1 DDoS-for-Hire IoT Botnet Exposed: One Operator Error. An Entire Operation Revealed | BOTNET | BOTNET |
| 6.5.26 |
Middle East Conflict & Cyber Escalation Overview |
Advisory: Middle East Conflict & Cyber Escalation | ANALÝZA | ANALÝZA |
| 6.5.26 | Iranian-Nexus Operation | Iranian-Nexus Operation Against Oman's Government: 12 Ministries Hit and 26,000 Citizen Records Exposed | OPERATION | OPERATION |
| 6.5.26 | MuddyWater | Muddying the Tracks: The State-Sponsored Shadow Behind Chaos Ransomware | APT | APT |
| 6.5.26 | CloudZ RAT | CloudZ RAT potentially steals OTP messages using Pheno plugin | MALWARE | RAT |
| 6.5.26 | CVE-2026-0300 | CVE-2026-0300 PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal | VULNEREBILITY | VULNEREBILITY |
| 6.5.26 | CVE-2026-23918 | Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. | VULNEREBILITY | VULNEREBILITY |
| 6.5.26 | DAEMON Tools software infected | DAEMON Tools software infected – supply chain attack ongoing since April 8, 2026 | INCIDENT | INCIDENT |
| 6.5.26 | UAT-8302 | UAT-8302 and its box full of malware | GROUP | GROUP |
| 5.5.26 | Zscaler ThreatLabz 2026 VPN Risk Report | For decades, VPN was the default answer to remote access security – reliable, familiar, and deeply embedded in enterprise architecture. That era is ending. AI has accelerated attack timelines from weeks to minutes, automated credential theft at industrial scale, and given adversaries a speed advantage that human-led defense cannot match. | REPORT | REPORT |
| 5.5.26 | CVE-2026-29014 | MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. | VULNEREBILITY | VULNEREBILITY |
| 5.5.26 | ScarCruft compromises | A rigged game: ScarCruft compromises gaming platform in a supply-chain attack | INCIDENT | APT |
| 5.5.26 | CVE-2026-22679 | Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. | VULNEREBILITY | VULNEREBILITY |
| 5.5.26 | Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise | Phishing campaigns continue to improve sophistication and refinement in blending social engineering, delivery and hosting infrastructure, and authentication abuse to remain effective against evolving security controls. | CAMPAIGN | CAMPAIGN |
| 5.5.26 | VENOMOUS#HELPER | You’re invited: Four phishing lures in campaigns dropping RMM tools | CAMPAIGN | CAMPAIGN |
| 5.5.26 | CVE-2026-5174 | Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0. | VULNEREBILITY | VULNEREBILITY |
| 5.5.26 | CVE-2026-4670 | Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0. | VULNEREBILITY | VULNEREBILITY |
| 4.5.26 | Silver Fox | Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India | APT | APT |
| 4.5.26 | South-East Asian Military Entities Targeted via cPanel (CVE-2026-41940) | On April 29th 2026, watchTowr Labs published research on CVE-2026-41940, a critical authentication bypass in cPanel & WHM. Within days, reporting from Censys and Ctrl-Alt-Intel made clear that exploitation had rapidly moved from disclosure to in-the-wild abuse. | APT | APT |
| 3.5.26 | Copy Fail | Most Linux LPEs need a race window or a kernel-specific offset. Copy Fail is a straight-line logic flaw — it needs neither. The same 732-byte Python script roots every Linux distribution shipped since 2017. | VULNEREBILITY | VULNEREBILITY |
| 3.5.26 | Bluekit | Meet Bluekit: The AI-Powered All-in-One Phishing Kit | PHISHING | KIT |
| 3.5.26 | CVE-2026-41940 | CVE-2026-41940: cPanel & WHM Authentication Bypass | VULNEREBILITY | VULNEREBILITY |
| 3.5.26 | CVE-2026-31431 | Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 3.5.26 | CVE-2026-21510 | Windows Shell Security Feature Bypass Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 2.5.26 | TeamPCP Targets SAP Developers with Obfuscated npm Backdoor | A sophisticated supply chain attack recently compromised several SAP CAP npm packages, as reported by researchers at Socket. The breach utilizes a malicious preinstall script that bootstraps a Bun runtime to execute a heavily obfuscated payload. | ALERTS | VIRUS |
| 2.5.26 | Fake GitHub Repositories Push StealC | Researchers recently reported a malicious GitHub campaign that is using fake repositories across 17 accounts to impersonate popular Python projects and lure developers into running trojanized code. The repositories carried a Python dropper that fetched an encrypted Windows loader that is designed to load StealC.s | ALERTS | VIRUS |
| 2.5.26 | CopyFail (CVE-2026-31431) | CopyFail, tracked as CVE-2026-31431, is a Linux kernel local privilege escalation vulnerability affecting the authencesn / algif_aead crypto path, with public technical details and proof-of-concept code now available. The flaw can allow an unprivileged local attacker to create a controlled page-cache overwrite and potentially gain root by modifying the cached copy of a readable setuid binary, making it especially relevant after an initial foothold has already been gained. | VULNEREBILITY | |
| 2.5.26 | VECT 2.0 Ransomware - The Accidental Wiper | Check Point Research shared details of VECT 2.0, a multi-platform ransomware targeting Windows, Linux, and ESXi environments. Although marketed as a sophisticated ransomware-as-a-service offering, the malware contains a critical flaw in its encryption routine that impacts files larger than 128 KB. | ALERTS | RANSOM |
| 2.5.26 | Fake Minecraft Hacks Deliver LofyStealer Infostealer | LofyStealer is a modular infostealer currently preying on Minecraft players by masquerading as a game hack. This Brazilian-linked threat utilizes a large Node.js-based loader to bypass traditional sandbox detection before injecting a payload directly into browser memory. | ALERTS | VIRUS |
| 2.5.26 | Inside Vidar’s Latest Variant: Stealth, Social Engineering, and Memory Execution | An analysis from the Lat61 Threat Intelligence Team by Point Wild details a recent variant of the Vidar infostealer as a highly stealthy, multi-stage threat that relies on social engineering and “living-off-the-land” techniques rather than traditional exploits. Initial infections often originate from fake GitHub repositories masquerading as legitimate tools, CAPTCHA prompts, or compromised websites, which trigger scripts chaining WScript and PowerShell. | VIRUS | |
| 2.5.26 | The Rise of the Sleeper: GlassWorm’s Deceptive IDE Tactics | The GlassWorm campaign has intensified, with new research from Socket identifying 73 deceptive "sleeper" extensions on the Open VSX marketplace. These clones impersonate popular developer tools to build trust before activating malicious payloads via updates. | ALERTS | VIRUS |
| 2.5.26 | Snake Keylogger campaign: Saudi Procurement Lure and Multi-Stage Chain | Symantec's Threat Intelligence team has observed a Snake Keylogger malspam campaign leveraging a multi-stage delivery chain that starts with a forged "procurement introduction" email carrying a RAR attachment, and ends with credential theft exfiltrated over the Telegram Bot API. | ALERTS | CAMPAIGN |
| 2.5.26 | Tropic Trooper leverages trojanized binaries to distribute AdaptixC2 | Cybersecurity researchers at Zscaler ThreatLabz uncovered a sophisticated cyberespionage operation orchestrated by the Tropic Trooper threat group (aka Earth Centaur). The attackers specifically targeted Chinese-speaking users, predominantly located within Taiwan, Japan, and South Korea, using deceptive ZIP files disguised as official military documents. | VIRUS | |
| 2.5.26 | AccountDumpling | Hunting Down the Google-Sent Phishing Wave Compromising 30,000+ Facebook Accounts | PHISHING | PHISHING |
| 2.5.26 | Snow Flurries | Snow Flurries: How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suite | CAMPAIGN | CAMPAIGN |
| 1.5.26 | Cordial Spider | CORDIAL SPIDER is a financially motivated eCrime adversary that has performed data theft and extortion since at least October 2025. CORDIAL SPIDER gains initial access to victim systems via voice phishing (vishing) calls in which they direct targeted users to single sign-on (SSO)–themed phishing pages. | GROUP | GROUP |
| 1.5.26 | Snarky Spider | SNARKY SPIDER is a financially motivated eCrime adversary that has performed data theft and extortion and cryptocurrency theft since at least October 2025. T | GROUP | GROUP |
| 1.5.26 | Shadow-Earth-053 | Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia | GROUP | GROUP |
|
|
|
|
|
|