FIRESTARTER: Cisco ASA Backdoor
The Advisory That Changes EverythingOn April 23, 2026, CISA and the United Kingdom National Cyber Security Centre jointly assessed that…
The CVE Watchtower: Weekly Threat Intelligence Briefing (April 20 – April 26, 2026)
Welcome to your Monday morning digest. As we close out the final full week of April, the global threat landscape is painting a complex…
Utilities Tech Supplier Itron Discloses Cyber-Attack, Operations Unaffected
Itron, a global technology provider for the utilities industry, has disclosed it suffered a cybersecurity breach. In an 8-K form filed to the…
Most Cybersecurity Professionals Feel Undervalued and Underpaid
Over three quarters of cybersecurity professionals were not granted a pay rise last year, contributing to feelings of being undervalued among…
Attackers Can Backdoor CODESYS Applications by Chaining Vulnerabilities
Multiple vulnerabilities in the CODESYS Control runtime, one of the world’s most widely adopted software-based programmable logic…
BlackFile Group Targets Retail and Hospitality with Vishing Attacks
Security researchers have revealed details of a new extortion group that has been actively targeting retail and hospitality businesses since…
Critical 9.8 CVSS RCE Hijacks Pipecat Voice Agents
A critical has been disclosed in Pipecat, the popular open-source Python framework used to build voice and conversational agents. The flaw,…
CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog with four new…
CISA Warns of Multiple SimpleHelp Vulnerabilities Exploited in Attack
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding two actively exploited vulnerabilities in…
Governments on high alert after CISA snuffs out Firestarter backdoor on fed network
A US federal agency was successfully targeted by a previously unknown backdoor malware called Firestarter, according to CISA cybersnoops and…
Microsoft beefs up Remote Desktop security with … hard-to-read messages
Microsoft's update to harden Remote Desktop against phishing attacks has arrived. When users open a Remote Desktop (.rdp) file, they should…
Npm Supply Chain Malware Attack Targets Developers With Worm-Like Propagation
Malicious npm packages have been identified distributing malware that steals credentials and attempts to spread across developer ecosystems.…
Cyber-Attacks Surge 63% Annually in Education Sector
Schools and universities across the globe experienced a sharp increase in attacks last year thanks to the combined threat from…
Researchers Uncover 10 In-the-Wild Prompt Injection Payloads Targeting AI Agents
Security researchers have discovered 10 new indirect prompt injection (IPI) payloads targeting AI agents with malicious instructions designed…
Surge in Silent Subject Phishing Attacks Targets VIP Users
A surge in phishing emails lacking subject lines has been identified as part of a widespread campaign targeting high-value users. According to…
Former Ransomware Negotiator Pleads Guilty to Working For BlackCat Cyber Gang
A former ransomware negotiator has pleaded guilty to secretly working with the BlackCat ransomware group and consipring to launch attacks…
The case for dependency cooldowns in a post-axios world
Application security has reached a crossroads between velocity and security. In the past, teams focused on the risks of outdated dependencies,…
Unpatchable Vulnerabilities of Kubernetes: CVE-2020-8562
In the previous post, we continued our series on the unpatchable vulnerabilities of Kubernetes, examining how CVE-2020-8561 combined multiple…
The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority
The cybersecurity landscape is accelerating at an unprecedented rate. What is emerging is not simply a rise in the number of vulnerabilities…
AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion
Threat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new campaign,…
Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks
The U.S. Department of Justice (DoJ) said a Russian national has been sentenced to two years in prison for managing a botnet that was used to…
LiteLLM and Telnyx compromised on PyPI: Tracing the TeamPCP supply chain campaign
Key points and observations On March 24, 2026, two PyPI releases of LiteLLM, 1.82.7 and 1.82.8, were published with malicious code as a result…
LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader
The ransomware operation known as LeakNet has adopted the ClickFix social engineering tactic delivered through compromised websites as an…
INTERPOL Dismantles 45,000 Malicious IPs, Arrests 94 in Global Cybercrime
INTERPOL on Friday announced the takedown of 45,000 malicious IP addresses and servers used in connection with phishing, malware, and…
Behind the console: Active phishing campaign targeting AWS console credentials
Key points and observations Datadog Security Research identified an active adversary-in-the-middle (AiTM) phishing campaign targeting AWS…
Hook, line, and vault: A technical deep dive into the 1Phish kit
Key points and observations The 1Phish kit evolved between September 2025 and February 2026 from a basic credential harvester into an…
Kubernetes project issues warning on Ingress NGINX retirement
The title of the recent Kubernetes blog post "Ingress NGINX: Statement from the Kubernetes Steering and Security Response Committees" might…
Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware
This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons,…
Tech impersonators: ClickFix and MacOS infostealers
Key points and observations Datadog identified an active campaign employing fake GitHub repositories impersonating software companies and…
OpenSSL January 2026 Security Update: CMS and PKCS#12 Buffer Overflows
Today, on January 27th, 2026, the OpenSSL project published details on vulnerabilities affecting the OpenSSL Software Library. Impacted…
Introducing IDE-SHEPHERD: Your shield against threat actors lurking in your IDE
In recent years, Integrated Development Environments (IDEs) have become a pivotal component in modern software development, providing…
Decoding the GitHub recommendations for npm maintainers
The open source package distribution ecosystem in general has seen an increase in both velocity and severity of targeted attacks (both…
Introducing Pathfinding.cloud
Today we’re releasing pathfinding.cloud, an extensive knowledge base that documents the IAM permissions and permission sets that allow…
ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit — and 20 More Stories
This week's cyber stories show how fast the online world can turn risky. Hackers are sneaking malware into movie downloads, browser add-ons,…
Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading
The threat actor known as Storm-0249 is likely shifting from its role as an initial access broker to adopt a combination of more advanced…
CVE-2025-55182 (React2Shell): Remote code execution in React Server Components and Next.js
Key points and observations On December 3, a remote code code execution (RCE) vulnerability was identified in React Server Components and…
Gainsight Expands Impacted Customer List Following Salesforce Security Alert
Gainsight has disclosed that the recent suspicious activity targeting its applications has affected more customers than previously thought.…
Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist
South Korea's financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment…
Ransomware's Fragmentation Reaches a Breaking Point While LockBit Returns
Key Takeaways: 85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem to date.…
U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud
The U.S. Treasury Department on Tuesday imposed sanctions against eight individuals and two entities within North Korea's global financial…
Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack
The ransomware group known as Qilin (aka Agenda, Gold Feather, and Water Galura) has claimed more than 40 victims every month since the start…
Weekly Recap: F5 Breached, Linux Rootkits, Pixnapping Attack, EtherHiding & More
It's easy to think your defenses are solid — until you realize attackers have been inside them the whole time. The latest incidents show…