1. A high severity SSRF vulnerability in LMDeploy tracked as CVE 2026 33626 is being actively exploited in the wild within 13 hours of its disclosure (thehackernews.com).
2. The Bitwarden CLI npm package was compromised as part of an ongoing supply chain attack involving malicious code in the bw1.js file (thehackernews.com).
3. The threat group UNC6692 is conducting a campaign by impersonating IT helpdesk staff via Microsoft Teams to deploy the custom SNOW malware suite (cloud.google.com).
4. The Tropic Trooper APT group is deploying the AdaptixC2 agent using trojanized SumatraPDF readers and abusing Microsoft Visual Studio Code tunnels (thehackernews.com).
5. CISA and NCSC have issued warnings regarding the FIRESTARTER backdoor targeting Cisco firewalls (reddit.com).
6. Global security agencies are warning about Chinese state linked actors industrializing botnets using covert networks of compromised devices (darkreading.com).
7. A newly deciphered sabotage malware framework from 2005 has been identified as a high precision tool that predates Stuxnet (sentinelone.com).
8. The Kyber ransomware gang is reportedly experimenting with post quantum encryption techniques on Windows systems (reddit.com).
9. Microsoft released an emergency update to address a critical threat affecting ASP.NET on macOS and Linux (reddit.com).
10. Apple patched a vulnerability that allowed the FBI to recover deleted Signal messages from the iPhone notification database (reddit.com).
11. Researchers identified a malicious fake Claude API provider operating under the domain awstore.cloud (reddit.com).
12. Security researchers are highlighting the rise of autonomous multi agent AI systems capable of executing attacks against cloud environments (unit42.paloaltonetworks.com).
Be First to Comment